From 1c01aad80ffb19bf4314f70e9f03945b0262c912 Mon Sep 17 00:00:00 2001
From: Noah Petherbridge <root@kirsle.net>
Date: Tue, 9 Jul 2024 22:21:28 -0700
Subject: [PATCH] Normal users can not search non-certified profiles

* Remove the ability for regular (non-admin) users to search the Member
  Directory for non-certified profiles.
* Profiles who don't certify can be a risk to contact, as the likelihood
  of fake pictures and scams/spam is much higher.
---
 pkg/controller/account/search.go  | 5 +++++
 web/templates/account/search.html | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/controller/account/search.go b/pkg/controller/account/search.go
index 0e4d51f..854e505 100644
--- a/pkg/controller/account/search.go
+++ b/pkg/controller/account/search.go
@@ -90,6 +90,11 @@ func Search() http.HandlerFunc {
 			certifiedOnly = false
 		}
 
+		// Non-admin view: always hide non-certified profiles, they can be unsafe (fake profiles, scams if they won't certify)
+		if !currentUser.IsAdmin {
+			certifiedOnly = true
+		}
+
 		pager := &models.Pagination{
 			PerPage: config.PageSizeMemberSearch,
 			Sort:    sort,
diff --git a/web/templates/account/search.html b/web/templates/account/search.html
index 8b1ef5b..af70881 100644
--- a/web/templates/account/search.html
+++ b/web/templates/account/search.html
@@ -91,8 +91,10 @@
                                 <div class="select is-fullwidth">
                                     <select id="certified" name="certified" id="certified">
                                         <optgroup label="Certification Status">
-                                            <option value="true">Only certified users</option>
-                                            <option value="false"{{if eq $Root.Certified "false"}} selected{{end}}>Non-certified only</option>
+                                            <option value="true">All certified members</option>
+                                            {{if .CurrentUser.IsAdmin}}
+                                            <option value="false"{{if eq $Root.Certified "false"}} selected{{end}}>☮ Non-certified only</option>
+                                            {{end}}
                                         </optgroup>
                                         <optgroup label="Profile Status">
                                             <option value="shy"{{if eq $Root.Certified "shy"}} selected{{end}}>Shy Accounts</option>
@@ -105,9 +107,9 @@
                                         <optgroup label="Admin Options">
                                             <option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option>
                                             <option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option>
+                                            <option value="all"{{if eq $Root.Certified "all"}} selected{{end}}>Show all users</option>
                                         </optgroup>
                                         {{end}}
-                                        <option value="all"{{if eq $Root.Certified "all"}} selected{{end}}>Show all users</option>
                                     </select>
                                 </div>
                             </div>