fix(log): hide admin identity in user-visible management logs
Admin username/ID was embedded directly into the log Content for quota changes and forced 2FA disable, leaking the operator's identity to the target user via their own usage log page. Move operator info into Other.admin_info so formatUserLogs strips it for non-admin viewers, and render it in the expand panel only for admins as "操作管理员". Closes #4301
This commit is contained in:
+25
@@ -746,6 +746,31 @@ export const useLogsData = () => {
|
||||
});
|
||||
}
|
||||
}
|
||||
if (isAdminUser && logs[i].type === 3 && other?.admin_info) {
|
||||
const adminInfo = other.admin_info;
|
||||
const hasUsername =
|
||||
adminInfo.admin_username !== undefined &&
|
||||
adminInfo.admin_username !== null &&
|
||||
adminInfo.admin_username !== '';
|
||||
const hasId =
|
||||
adminInfo.admin_id !== undefined &&
|
||||
adminInfo.admin_id !== null &&
|
||||
adminInfo.admin_id !== '';
|
||||
if (hasUsername || hasId) {
|
||||
let operatorValue = '';
|
||||
if (hasUsername && hasId) {
|
||||
operatorValue = `${adminInfo.admin_username} (ID: ${adminInfo.admin_id})`;
|
||||
} else if (hasUsername) {
|
||||
operatorValue = String(adminInfo.admin_username);
|
||||
} else {
|
||||
operatorValue = `ID: ${adminInfo.admin_id}`;
|
||||
}
|
||||
expandDataLocal.push({
|
||||
key: t('操作管理员'),
|
||||
value: operatorValue,
|
||||
});
|
||||
}
|
||||
}
|
||||
expandDatesLocal[logs[i].key] = expandDataLocal;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user