add a `manual_only` (manual trust only) moderation option + handle more `reject_unknown`/graylist mode caveats

3 files changed, 27 insertions, 14 deletions

diff --git a/app/helpers/log_helper.rb b/app/helpers/log_helper.rb
index 54c741875..ae7e65868 100644
--- a/app/helpers/log_helper.rb
+++ b/app/helpers/log_helper.rb
@@ -7,9 +7,9 @@ module LogHelper
     when :create
       if target.is_a? DomainBlock
         if source.is_a? DomainBlock
-          LogWorker.perform_async("\xf0\x9f\x9a\xab Applied the existing #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''} policy set on '#{source.domain}' to '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}")
+          LogWorker.perform_async("\xf0\x9f\x9a\xab Applied the existing #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''}#{target.manual_only? ? " and manual trust only" : ''} policy set on '#{source.domain}' to '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}")
         else
-          LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> applied a #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''} policy on '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
+          LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> applied a #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''}#{target.manual_only? ? " and manual trust only" : ''} policy on '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
         end
       elsif target.is_a? EmailDomainBlock
         LogWorker.perform_async("\u26d4 <#{source}> added a registration block on email domain '#{target.domain}'.\n\nReview (moderators only): https://#{web_domain}/admin/email_domain_blocks")
@@ -20,7 +20,7 @@ module LogHelper
       end
     when :destroy
       if target.is_a? DomainBlock
-        LogWorker.perform_async("\xf0\x9f\x86\x97 <#{source}> reset the policy on #{target.domain}\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}")
+        LogWorker.perform_async("\xf0\x9f\x86\x97 <#{source}> reset the policy on #{target.domain}\u200b.")
       elsif target.is_a? EmailDomainBlock
         LogWorker.perform_async("\xf0\x9f\x86\x97 <#{source}> removed the registration block on email domain '#{target.domain}'.")
       elsif target.is_a? CustomEmoji
@@ -31,7 +31,7 @@ module LogHelper
 
     when :update
       if target.is_a? DomainBlock
-        LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> changed the policy on '#{target.domain}' to #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''}.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
+        LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> changed the policy on '#{target.domain}' to #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''}#{target.manual_only? ? " and manual trust only" : ''}.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
       elsif target.is_a? Status
         LogWorker.perform_async("\xf0\x9f\x91\x81\xef\xb8\x8f <#{source}> changed visibility flags of post #{TagManager.instance.url_for(target)}\u200b.")
       elsif target.is_a? CustomEmoji
@@ -57,6 +57,8 @@ module LogHelper
       else
         LogWorker.perform_async("\u2753 <#{source}> marked <#{target.acct}> as an unknown account.\n\n#{reason ? "Comment: #{reason}" : ''}")
       end
+    when :manual_only
+      LogWorker.perform_async("\u2753 <#{source}> marked <#{target.acct}> as manual trust only.\n\n#{reason ? "Comment: #{reason}" : ''}")
     when :force_sensitive
       LogWorker.perform_async("\xf0\x9f\x94\x9e <#{source}> forced the media of <#{target.acct}> to be marked sensitive.\n\n#{reason ? "Comment: #{reason}" : ''}")
     when :force_unlisted
@@ -68,6 +70,8 @@ module LogHelper
 
     when :mark_known
       LogWorker.perform_async("\u2705 <#{source}> marked <#{target.acct}> as a known account.\n\n#{reason ? "Comment: #{reason}" : ''}")
+    when :auto_trust
+      LogWorker.perform_async("\u2705 <#{source}> marked <#{target.acct}> as auto-trustable.\n\n#{reason ? "Comment: #{reason}" : ''}")
     when :allow_nonsensitive
       LogWorker.perform_async("\xf0\x9f\x86\x97 <#{source}> allowed <#{target.acct}> to post media without a sensitive flag.\n\n#{reason ? "Comment: #{reason}" : ''}")
     when :allow_public
diff --git a/app/helpers/moderation_helper.rb b/app/helpers/moderation_helper.rb
index 9d12dc858..7db3ba210 100644
--- a/app/helpers/moderation_helper.rb
+++ b/app/helpers/moderation_helper.rb
@@ -1,22 +1,24 @@
 module ModerationHelper
   include LogHelper
 
-  POLICIES = %w(silence unsilence suspend unsuspend force_unlisted mark_known mark_unknown reject_unknown allow_public force_sensitive allow_nonsensitive reset)
+  POLICIES = %w(silence unsilence suspend unsuspend force_unlisted mark_known mark_unknown reject_unknown manual_only auto_trust allow_public force_sensitive allow_nonsensitive reset)
   EXCLUDED_DOMAINS = %w(tailma.ws monsterpit.net monsterpit.cloud monsterpit.gallery monsterpit.blog)
 
   def janitor_account
     account_id = ENV.fetch('JANITOR_USER', '').to_i
-    return if account_id == 0
+    return if account_id.zero?
+
     Account.find_by(id: account_id)
   end
 
   def account_policy(username, domain, policy, reason = nil)
     return if policy.blank?
+
     policy = policy.to_s
     return false unless policy.in?(POLICIES)
 
     username, domain = username.split('@')[1..2] if username.start_with?('@')
-    domain.downcase! unless domain.nil?
+    domain&.downcase!
 
     acct = Account.find_by(username: username, domain: domain)
     return false if acct.nil?
@@ -34,6 +36,10 @@ module ModerationHelper
       acct.mark_unknown!
     when 'mark_known'
       acct.mark_known!
+    when 'manual_only'
+      acct.manual_only!
+    when 'auto_trust'
+      acct.auto_trust!
     when 'silence'
       acct.silence!
     when 'unsilence'
@@ -61,7 +67,7 @@ module ModerationHelper
 
     acct.save
 
-    return true unless reason && !reason.strip.blank?
+    return true unless reason && reason.strip.present?
 
     AccountModerationNote.create(
       account_id: @account.id,
@@ -79,11 +85,13 @@ module ModerationHelper
       return false
     end
     return false if [404, 410].include?(code)
+
     true
   end
 
-  def domain_policy(domain, policy, reason = nil, force_sensitive: false, reject_unknown: false, reject_media: false, reject_reports: false)
+  def domain_policy(domain, policy, reason = nil, force_sensitive: false, reject_unknown: false, reject_media: false, manual_only: false, reject_reports: false)
     return if policy.blank?
+
     policy = policy.to_s
     return false unless policy.in?(POLICIES)
     return false unless domain.match?(/\A[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*\Z/)
@@ -92,20 +100,21 @@ module ModerationHelper
 
     return false if domain.in?(EXCLUDED_DOMAINS)
 
-    policy = 'noop' if policy == 'force_sensitive' || policy == 'reject_unknown'
+    policy = 'noop' if %w(force_sensitive reject_unknown).include?(policy)
+
     force_sensitive = true if policy == 'force_sensitive'
     reject_unknown = true if policy == 'reject_unknown'
+    manual_only = true if policy == 'manual_only'
 
     if policy.in? %w(silence suspend force_unlisted)
-      return false unless domain_exists?(domain)
-
       domain_block = DomainBlock.find_or_create_by(domain: domain)
       domain_block.severity = policy
       domain_block.force_sensitive = force_sensitive
       domain_block.reject_unknown = reject_unknown
+      domain_block.manual_only = manual_only
       domain_block.reject_media = reject_media
       domain_block.reject_reports = reject_reports
-      domain_block.reason = reason.strip if reason && !reason.strip.blank?
+      domain_block.reason = reason.strip if reason && reason.strip.present?
       domain_block.save
 
       Admin::ActionLog.create(account: @account, action: :create, target: domain_block)
diff --git a/app/helpers/statuses_helper.rb b/app/helpers/statuses_helper.rb
index 00951086f..d122a2860 100644
--- a/app/helpers/statuses_helper.rb
+++ b/app/helpers/statuses_helper.rb
@@ -45,7 +45,7 @@ module StatusesHelper
   def account_badge(account, all: false)
     content_tag(:div, class: 'roles') do
       froze = account.local? ? (account&.user.nil? ? true : account.user.disabled?) : account.froze?
-      limited = account.silenced? || account.force_unlisted? || account.force_sensitive?
+      limited = account.silenced? || account.force_unlisted? || account.force_sensitive? || !account.known?
 
       roles = []
       roles << content_tag(:div, t('accounts.roles.limited'), class: 'account-role limited') if limited