From 51bab85b07b1433e832152f6498f203ec4b4434d Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Sun, 12 Jan 2020 23:56:43 -0600 Subject: add privacy option to limit lifespan of public access to post & object urls beyond local followers, default to 90 days --- app/controllers/settings/preferences_controller.rb | 1 + app/controllers/statuses_controller.rb | 2 -- app/lib/user_settings_decorator.rb | 5 +++++ app/models/account.rb | 1 + app/models/user.rb | 5 +++++ app/policies/status_policy.rb | 21 ++++++++++++++++----- app/views/settings/preferences/show.html.haml | 1 + config/locales/simple_form.en.yml | 1 + streaming/index.js | 6 +++--- 9 files changed, 33 insertions(+), 10 deletions(-) diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index 2e364bbc8..8573624f2 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -83,6 +83,7 @@ class Settings::PreferencesController < Settings::BaseController :setting_hide_public_profile, :setting_hide_public_outbox, :setting_max_public_history, + :setting_max_public_access, :setting_roar_lifespan, :setting_delayed_roars, :setting_delayed_for, diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 7219f6761..2edd19064 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -186,8 +186,6 @@ class StatusesController < ApplicationController if @status.sharekey.present? && @sharekey == @status.sharekey.key skip_authorization - elsif @account.block_anon && !user_signed_in? - raise ActiveRecord::RecordNotFound else authorize @status, :show? end diff --git a/app/lib/user_settings_decorator.rb b/app/lib/user_settings_decorator.rb index 6445e8a91..5f800adc6 100644 --- a/app/lib/user_settings_decorator.rb +++ b/app/lib/user_settings_decorator.rb @@ -40,6 +40,7 @@ class UserSettingsDecorator user.settings['hide_public_outbox'] = hide_public_outbox_preference if change?('setting_hide_public_outbox') user.settings['larger_emoji'] = larger_emoji_preference if change?('setting_larger_emoji') user.settings['max_public_history'] = max_public_history_preference if change?('setting_max_public_history') + user.settings['max_public_access'] = max_public_access_preference if change?('setting_max_public_access') user.settings['roar_lifespan'] = roar_lifespan_preference if change?('setting_roar_lifespan') user.settings['delayed_roars'] = delayed_roars_preference if change?('setting_delayed_roars') user.settings['delayed_for'] = delayed_for_preference if change?('setting_delayed_for') @@ -151,6 +152,10 @@ class UserSettingsDecorator settings['setting_max_public_history'] end + def max_public_access_preference + settings['setting_max_public_access'] + end + def roar_lifespan_preference settings['setting_roar_lifespan'] end diff --git a/app/models/account.rb b/app/models/account.rb index e43db63bd..59685a13b 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -133,6 +133,7 @@ class Account < ApplicationRecord :defaults_to_local_only?, :always_local_only?, :max_public_history, + :max_public_access, :roar_lifespan, :delayed_roars?, diff --git a/app/models/user.rb b/app/models/user.rb index 635025965..6c18898e9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -146,6 +146,7 @@ class User < ApplicationRecord :hide_public_profile, :hide_public_outbox, :max_public_history, + :max_public_access, :roar_lifespan, :delayed_roars, :delayed_for, @@ -331,6 +332,10 @@ class User < ApplicationRecord @_max_public_history ||= [1, (settings.max_public_history || 6).to_i].max end + def max_public_access + @_max_public_access ||= [1, (settings.max_public_access || 90).to_i].max + end + def roar_lifespan @_roar_lifespan ||= [0, (settings.roar_lifespan || 0).to_i].max end diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 0961ec3e2..f23d089d4 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -13,13 +13,12 @@ class StatusPolicy < ApplicationPolicy def show? return false if local_only? && (current_account.nil? || !current_account.local?) + return true if owned? || mention_exists? - if direct? - owned? || mention_exists? - elsif private? - owned? || following_author? || mention_exists? + if private? + following_author? && still_accessible? else - current_account.nil? || !author_blocking? + author_allows_anon? && still_accessible? && !author_blocking? && (author_not_invisible? || following_author?) end end @@ -90,4 +89,16 @@ class StatusPolicy < ApplicationPolicy def local_only? record.local_only? end + + def still_accessible? + record.created_at > record.account.user.max_public_access.to_i.days.ago + end + + def author_allows_anon? + (!current_account.nil? && user_signed_in?) || !record.account.block_anon + end + + def author_not_invisible? + !record.account.hidden? + end end diff --git a/app/views/settings/preferences/show.html.haml b/app/views/settings/preferences/show.html.haml index babc57470..cf9529ac3 100644 --- a/app/views/settings/preferences/show.html.haml +++ b/app/views/settings/preferences/show.html.haml @@ -18,6 +18,7 @@ .fields-group = f.input :setting_max_public_history, collection: [1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.max_public_history + = f.input :setting_max_public_access, collection: [1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.max_public_access = f.input :setting_roar_lifespan, collection: [0, 1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.roar_lifespan .fields-group diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index eadf0e516..aee7ca276 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -176,6 +176,7 @@ en: setting_hide_public_profile: Hide your public profile from anonymous viewers setting_hide_public_outbox: Hide your public ActivityPub outbox (affects discoverability) setting_max_public_history: Limit history of roars on public profile to + setting_max_public_access: Limit public access to roar URLs without a sharekey to setting_noindex: Opt-out of search engine indexing setting_reduce_motion: Reduce motion in animations setting_show_application: Disclose application used to send roars diff --git a/streaming/index.js b/streaming/index.js index 015546658..cedf3bd2e 100644 --- a/streaming/index.js +++ b/streaming/index.js @@ -403,15 +403,15 @@ const startWorker = (workerId) => { return; } - if (req.hideBoosts && (unpackedPayload.in_reply_to !== undefined || unpackedPayload.in_reply_to !== null)) { + if (req.hideBoosts && unpackedPayload.in_reply_to) { return; } - if (req.mediaOnly && (!unpackedPayload.media_attachments || unpackedPayload.media_attachments.length === 0)) { + if (req.mediaOnly && !unpackedPayload.media_attachments) { return; } - if (req.filterUndescribed && unpackedPayload.media_attachments && unpackedPayload.media_attachments.every(m => !m.description || m.description.length === 0)) { + if (req.filterUndescribed && Array.isArray(unpackedPayload.media_attachments) && unpackedPayload.media_attachments.every(m => !m.description)) { return; } -- cgit