about summary refs log tree commit diff
path: root/app/services
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2020-02-17 02:26:52 -0600
committermultiple creatures <dev@multiple-creature.party>2020-02-17 02:26:52 -0600
commit2427cced78580da729a0ac6a1dc52b2d206aa11c (patch)
treee0b703674d3a1fb523b447eb512ff0b2ac6ddd65 /app/services
parent8bf7e00362b4e5bf29e3841bd871590871b5257d (diff)
add a `manual_only` (manual trust only) moderation option + handle more `reject_unknown`/graylist mode caveats
Diffstat (limited to 'app/services')
-rw-r--r--app/services/activitypub/process_account_service.rb21
-rw-r--r--app/services/block_domain_service.rb14
-rw-r--r--app/services/favourite_service.rb3
-rw-r--r--app/services/follow_service.rb2
-rw-r--r--app/services/post_status_service.rb1
-rw-r--r--app/services/reblog_service.rb8
6 files changed, 43 insertions, 6 deletions
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 4067e474f..08005f042 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -62,7 +62,8 @@ class ActivityPub::ProcessAccountService < BaseService
     @account.silenced_at      = domain_block.created_at if auto_silence?
     @account.force_unlisted   = true if auto_force_unlisted?
     @account.force_sensitive  = true if auto_force_sensitive?
-    @account.known            = @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known)
+    @account.manual_only      = true if auto_manual_only?
+    @account.known            = auto_mark_known?
   end
 
   def update_account
@@ -121,7 +122,7 @@ class ActivityPub::ProcessAccountService < BaseService
   end
 
   def set_reject_unknown_policy
-    policy = DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
+    DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
     user_friendly_action_log(nil, :mark_unknown, @domain)
   end
 
@@ -183,6 +184,7 @@ class ActivityPub::ProcessAccountService < BaseService
 
   def property_values
     return unless @json['attachment'].is_a?(Array)
+
     as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') }
   end
 
@@ -223,7 +225,7 @@ class ActivityPub::ProcessAccountService < BaseService
   end
 
   def skip_download?
-    @account.suspended? || domain_block&.reject_media?
+    @account.suspended? || !@account.known? || domain_block&.reject_media?
   end
 
   def auto_suspend?
@@ -242,8 +244,19 @@ class ActivityPub::ProcessAccountService < BaseService
     domain_block&.force_sensitive?
   end
 
+  def auto_manual_only?
+    domain_block&.manual_only?
+  end
+
+  def auto_mark_known?
+    return false if @account.manual_only
+
+    @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known)
+  end
+
   def domain_block
     return @domain_block if defined?(@domain_block)
+
     @domain_block = DomainBlock.find_by(domain: @domain)
   end
 
@@ -275,11 +288,13 @@ class ActivityPub::ProcessAccountService < BaseService
 
     as_array(@json['attachment']).each do |attachment|
       next unless equals_or_includes?(attachment['type'], 'IdentityProof')
+
       current_proofs << process_identity_proof(attachment)
     end
 
     previous_proofs.each do |previous_proof|
       next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id }
+
       previous_proof.delete
     end
   end
diff --git a/app/services/block_domain_service.rb b/app/services/block_domain_service.rb
index 1fae42c50..36634fdd5 100644
--- a/app/services/block_domain_service.rb
+++ b/app/services/block_domain_service.rb
@@ -24,6 +24,7 @@ class BlockDomainService < BaseService
     clear_media! if domain_block.reject_media? || domain_block.suspend?
     force_accounts_sensitive! if domain_block.force_sensitive?
     mark_unknown_accounts! if domain_block.reject_unknown?
+    mark_accounts_manual_only! if domain_block.manual_only?
 
     if domain_block.force_unlisted?
       force_accounts_unlisted!
@@ -52,8 +53,19 @@ class BlockDomainService < BaseService
     end
   end
 
+  def mark_accounts_manual_only!
+    blocked_domain_accounts.in_batches.update_all(manual_only: true)
+  end
+
   def mark_unknown_accounts!
-    unknown_accounts.in_batches.update_all(known: false)
+    ApplicationRecord.transaction do
+      unknown_accounts.in_batches.update_all(known: false)
+      unknown_accounts.find_each do |account|
+        account.avatar = nil
+        account.header = nil
+        account.save!
+      end
+    end
   end
 
   def force_accounts_unlisted!
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index 29838ed5f..ddf52ab0c 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -16,6 +16,9 @@ class FavouriteService < BaseService
     return favourite unless favourite.nil?
 
     account.mark_known! if account.can_be_marked_known? && Setting.mark_known_from_favourites
+
+    raise Mastodon::NotPermittedError("Account @#{account.acct} is restricted by an admin policy.") unless account.known?
+
     favourite = Favourite.create!(account: account, status: status)
 
     curate_status(status)
diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index 68dcbda23..395b4c483 100644
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -17,6 +17,8 @@ class FollowService < BaseService
 
     target_account.mark_known! if target_account.can_be_marked_known? && Setting.mark_known_from_follows
 
+    raise Mastodon::NotPermittedError("Account @#{target_account.acct} is restricted by an admin policy.") unless target_account.known?
+
     SyncRemoteAccountWorker.perform_async(target_account.id) unless target_account.local? || target_account.passive_relationships.exists?
 
     if source_account.following?(target_account)
diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 2d4ee4562..3e0dde72c 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -104,6 +104,7 @@ class PostStatusService < BaseService
 
   def mark_recipient_known
     @in_reply_to.account.mark_known! if @in_reply_to.account.can_be_marked_known? && Setting.mark_known_from_mentions
+    raise Mastodon::NotPermittedError("Account @#{@in_reply_to.account.acct} is restricted by an admin policy.") unless @in_reply_to.account.known?
   end
 
   def set_footer_from_i_am
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 1488a6361..bfc3766d3 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -11,6 +11,7 @@ class ReblogService < BaseService
   # @return [Status]
   def call(account, reblogged_status, options = {})
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
+    reblogged_account = reblogged_status&.account
 
     authorize_with account, reblogged_status, :reblog?
 
@@ -18,8 +19,11 @@ class ReblogService < BaseService
     new_reblog = reblog.nil?
 
     if new_reblog
-      reblogged_status.account.mark_known! if reblogged_status.account.can_be_marked_known? && Setting.mark_known_from_boosts
-      reblogged_status.touch if reblogged_status.account.id == account.id
+      reblogged_account.mark_known! if reblogged_account.can_be_marked_known? && Setting.mark_known_from_boosts
+
+      raise Mastodon::NotPermittedError("Account @#{reblogged_account.acct} is restricted by an admin policy.") unless reblogged_account.known?
+
+      reblogged_status.touch if reblogged_account.id == account.id
 
       visibility = options[:visibility] || account.user&.setting_default_privacy
       visibility = reblogged_status.visibility if reblogged_status.hidden?