From af9b9777af9601bb2de857e6e4fea0b07d699108 Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Sun, 27 Oct 2019 14:02:05 -0500
Subject: add profile option to (locally) block anonymous views of public posts

---
 app/controllers/settings/profiles_controller.rb    |  2 +-
 app/controllers/statuses_controller.rb             |  2 ++
 app/models/account.rb                              | 23 ++++++++++++++++++++++
 app/views/settings/profiles/show.html.haml         |  1 +
 config/locales/simple_form.en.yml                  |  2 ++
 .../20191027182731_add_block_anon_to_accounts.rb   |  7 +++++++
 6 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 db/migrate/20191027182731_add_block_anon_to_accounts.rb

diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index aa593a016..afd525cc0 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -25,7 +25,7 @@ class Settings::ProfilesController < Settings::BaseController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :gently, :kobold, :adult_content, :bot, :discoverable, fields_attributes: [:name, :value])
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :block_anon, :gently, :kobold, :adult_content, :bot, :discoverable, fields_attributes: [:name, :value])
   end
 
   def set_account
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index bb6f0fd8c..d082d514d 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -201,6 +201,8 @@ class StatusesController < ApplicationController
 
     if @status.sharekey.present? && @sharekey == @status.sharekey
       skip_authorization
+    elsif @account.block_anon && !user_signed_in?
+      raise ActiveRecord::RecordNotFound
     else
       authorize @status, :show?
     end
diff --git a/app/models/account.rb b/app/models/account.rb
index 97b0e93e4..e09690893 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -52,6 +52,9 @@
 #  kobold                  :boolean          default(FALSE), not null
 #  froze                   :boolean
 #  known                   :boolean          default(FALSE), not null
+#  force_private           :boolean          default(FALSE), not null
+#  unboostable             :boolean          default(FALSE), not null
+#  block_anon              :boolean          default(FALSE), not null
 #
 
 class Account < ApplicationRecord
@@ -229,6 +232,14 @@ class Account < ApplicationRecord
     end
   end
 
+  def force_private!
+    transaction do
+      update!(force_private: true)
+      scope = Status.where(account_id: id)
+      scope.where.not(visibility: [:direct, :limited, :private]).in_batches.update_all(visibility: :private)
+    end
+  end
+
   def force_sensitive!
     transaction do
       update!(force_sensitive: true)
@@ -236,10 +247,22 @@ class Account < ApplicationRecord
     end
   end
 
+  def unboostable!
+    update!(unboostable: true)
+  end
+
+  def boostable!
+    update!(unboostable: false)
+  end
+
   def allow_public!
     update!(force_unlisted: false)
   end
 
+  def allow_nonprivate!
+    update!(force_private: false)
+  end
+
   def allow_nonsensitive!
     update!(force_sensitive: false)
   end
diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml
index 9a68e82e9..4fabfb9f4 100644
--- a/app/views/settings/profiles/show.html.haml
+++ b/app/views/settings/profiles/show.html.haml
@@ -25,6 +25,7 @@
     = f.input :hidden, as: :boolean, wrapper: :with_label
     = f.input :unlisted, as: :boolean, wrapper: :with_label, hint: t('simple_form.hints.defaults.unlisted')
     = f.input :replies, as: :boolean, wrapper: :with_label
+    = f.input :block_anon, as: :boolean, wrapper: :with_label, hint: t('simple_form.hints.defaults.block_anon')
 
   .fields-group
     = f.input :adult_content, as: :boolean, wrapper: :with_label
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index 7035f85e1..6e738c52e 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -10,6 +10,7 @@ en:
         type_html: Choose what to do with <strong>%{acct}</strong>
         warning_preset_id: Optional. You can still add custom text to end of the preset
       defaults:
+        block_anon: Links to your public roars are disabled unless they are made accessible by sharekey. Be aware that roars sent to other Fediverse servers can be publically indexed!
         unlisted: Excludes you from public repeated/admired by lists of *local* monsters
         autofollow: People who sign up through the invite will automatically join your pack
         avatar: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
@@ -167,6 +168,7 @@ en:
         setting_favourite_modal: Show confirmation dialog before admiring (in Glitch flavour)
         setting_hide_followers_count: Hide your packmates count
         setting_hide_network: Make your packmate lists private
+        block_anon: Block anonymous post views
         setting_hide_public_profile: Hide your public profile from anonymous viewers
         setting_hide_public_outbox: Hide your public ActivityPub outbox (affects discoverability)
         setting_max_public_history: Limit history of roars on public profile to
diff --git a/db/migrate/20191027182731_add_block_anon_to_accounts.rb b/db/migrate/20191027182731_add_block_anon_to_accounts.rb
new file mode 100644
index 000000000..ff3353997
--- /dev/null
+++ b/db/migrate/20191027182731_add_block_anon_to_accounts.rb
@@ -0,0 +1,7 @@
+class AddBlockAnonToAccounts < ActiveRecord::Migration[5.2]
+  def change
+    safety_assured {
+      add_column :accounts, :block_anon, :boolean, null: false, default: false
+    }
+  end
+end
-- 
cgit