diff options
author | multiple creatures <dev@multiple-creature.party> | 2020-02-17 02:26:52 -0600 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2020-02-17 02:26:52 -0600 |
commit | 2427cced78580da729a0ac6a1dc52b2d206aa11c (patch) | |
tree | e0b703674d3a1fb523b447eb512ff0b2ac6ddd65 /app/services | |
parent | 8bf7e00362b4e5bf29e3841bd871590871b5257d (diff) |
add a `manual_only` (manual trust only) moderation option + handle more `reject_unknown`/graylist mode caveats
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/activitypub/process_account_service.rb | 21 | ||||
-rw-r--r-- | app/services/block_domain_service.rb | 14 | ||||
-rw-r--r-- | app/services/favourite_service.rb | 3 | ||||
-rw-r--r-- | app/services/follow_service.rb | 2 | ||||
-rw-r--r-- | app/services/post_status_service.rb | 1 | ||||
-rw-r--r-- | app/services/reblog_service.rb | 8 |
6 files changed, 43 insertions, 6 deletions
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 4067e474f..08005f042 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -62,7 +62,8 @@ class ActivityPub::ProcessAccountService < BaseService @account.silenced_at = domain_block.created_at if auto_silence? @account.force_unlisted = true if auto_force_unlisted? @account.force_sensitive = true if auto_force_sensitive? - @account.known = @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known) + @account.manual_only = true if auto_manual_only? + @account.known = auto_mark_known? end def update_account @@ -121,7 +122,7 @@ class ActivityPub::ProcessAccountService < BaseService end def set_reject_unknown_policy - policy = DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true) + DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true) user_friendly_action_log(nil, :mark_unknown, @domain) end @@ -183,6 +184,7 @@ class ActivityPub::ProcessAccountService < BaseService def property_values return unless @json['attachment'].is_a?(Array) + as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') } end @@ -223,7 +225,7 @@ class ActivityPub::ProcessAccountService < BaseService end def skip_download? - @account.suspended? || domain_block&.reject_media? + @account.suspended? || !@account.known? || domain_block&.reject_media? end def auto_suspend? @@ -242,8 +244,19 @@ class ActivityPub::ProcessAccountService < BaseService domain_block&.force_sensitive? end + def auto_manual_only? + domain_block&.manual_only? + end + + def auto_mark_known? + return false if @account.manual_only + + @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known) + end + def domain_block return @domain_block if defined?(@domain_block) + @domain_block = DomainBlock.find_by(domain: @domain) end @@ -275,11 +288,13 @@ class ActivityPub::ProcessAccountService < BaseService as_array(@json['attachment']).each do |attachment| next unless equals_or_includes?(attachment['type'], 'IdentityProof') + current_proofs << process_identity_proof(attachment) end previous_proofs.each do |previous_proof| next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id } + previous_proof.delete end end diff --git a/app/services/block_domain_service.rb b/app/services/block_domain_service.rb index 1fae42c50..36634fdd5 100644 --- a/app/services/block_domain_service.rb +++ b/app/services/block_domain_service.rb @@ -24,6 +24,7 @@ class BlockDomainService < BaseService clear_media! if domain_block.reject_media? || domain_block.suspend? force_accounts_sensitive! if domain_block.force_sensitive? mark_unknown_accounts! if domain_block.reject_unknown? + mark_accounts_manual_only! if domain_block.manual_only? if domain_block.force_unlisted? force_accounts_unlisted! @@ -52,8 +53,19 @@ class BlockDomainService < BaseService end end + def mark_accounts_manual_only! + blocked_domain_accounts.in_batches.update_all(manual_only: true) + end + def mark_unknown_accounts! - unknown_accounts.in_batches.update_all(known: false) + ApplicationRecord.transaction do + unknown_accounts.in_batches.update_all(known: false) + unknown_accounts.find_each do |account| + account.avatar = nil + account.header = nil + account.save! + end + end end def force_accounts_unlisted! diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb index 29838ed5f..ddf52ab0c 100644 --- a/app/services/favourite_service.rb +++ b/app/services/favourite_service.rb @@ -16,6 +16,9 @@ class FavouriteService < BaseService return favourite unless favourite.nil? account.mark_known! if account.can_be_marked_known? && Setting.mark_known_from_favourites + + raise Mastodon::NotPermittedError("Account @#{account.acct} is restricted by an admin policy.") unless account.known? + favourite = Favourite.create!(account: account, status: status) curate_status(status) diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index 68dcbda23..395b4c483 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -17,6 +17,8 @@ class FollowService < BaseService target_account.mark_known! if target_account.can_be_marked_known? && Setting.mark_known_from_follows + raise Mastodon::NotPermittedError("Account @#{target_account.acct} is restricted by an admin policy.") unless target_account.known? + SyncRemoteAccountWorker.perform_async(target_account.id) unless target_account.local? || target_account.passive_relationships.exists? if source_account.following?(target_account) diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb index 2d4ee4562..3e0dde72c 100644 --- a/app/services/post_status_service.rb +++ b/app/services/post_status_service.rb @@ -104,6 +104,7 @@ class PostStatusService < BaseService def mark_recipient_known @in_reply_to.account.mark_known! if @in_reply_to.account.can_be_marked_known? && Setting.mark_known_from_mentions + raise Mastodon::NotPermittedError("Account @#{@in_reply_to.account.acct} is restricted by an admin policy.") unless @in_reply_to.account.known? end def set_footer_from_i_am diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb index 1488a6361..bfc3766d3 100644 --- a/app/services/reblog_service.rb +++ b/app/services/reblog_service.rb @@ -11,6 +11,7 @@ class ReblogService < BaseService # @return [Status] def call(account, reblogged_status, options = {}) reblogged_status = reblogged_status.reblog if reblogged_status.reblog? + reblogged_account = reblogged_status&.account authorize_with account, reblogged_status, :reblog? @@ -18,8 +19,11 @@ class ReblogService < BaseService new_reblog = reblog.nil? if new_reblog - reblogged_status.account.mark_known! if reblogged_status.account.can_be_marked_known? && Setting.mark_known_from_boosts - reblogged_status.touch if reblogged_status.account.id == account.id + reblogged_account.mark_known! if reblogged_account.can_be_marked_known? && Setting.mark_known_from_boosts + + raise Mastodon::NotPermittedError("Account @#{reblogged_account.acct} is restricted by an admin policy.") unless reblogged_account.known? + + reblogged_status.touch if reblogged_account.id == account.id visibility = options[:visibility] || account.user&.setting_default_privacy visibility = reblogged_status.visibility if reblogged_status.hidden? |