From 0396acf39ea902688374fac65fa7ef5dc4c05512 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 25 Aug 2022 20:39:40 +0200 Subject: Add audit log entries for user roles (#19040) * Refactor audit log schema * Add audit log entries for user roles --- app/models/admin/action_log.rb | 36 +++++++++++++++++++---------------- app/models/admin/action_log_filter.rb | 4 ++++ 2 files changed, 24 insertions(+), 16 deletions(-) (limited to 'app/models/admin') diff --git a/app/models/admin/action_log.rb b/app/models/admin/action_log.rb index 401bfd9ac..4fa8008f5 100644 --- a/app/models/admin/action_log.rb +++ b/app/models/admin/action_log.rb @@ -9,38 +9,42 @@ # action :string default(""), not null # target_type :string # target_id :bigint(8) -# recorded_changes :text default(""), not null # created_at :datetime not null # updated_at :datetime not null +# human_identifier :string +# route_param :string +# permalink :string # class Admin::ActionLog < ApplicationRecord - serialize :recorded_changes + self.ignored_columns = %w( + recorded_changes + ) belongs_to :account belongs_to :target, polymorphic: true, optional: true default_scope -> { order('id desc') } + before_validation :set_human_identifier + before_validation :set_route_param + before_validation :set_permalink + def action super.to_sym end - before_validation :set_changes - private - def set_changes - case action - when :destroy, :create - self.recorded_changes = target.attributes - when :update, :promote, :demote - self.recorded_changes = target.previous_changes - when :change_email - self.recorded_changes = ActiveSupport::HashWithIndifferentAccess.new( - email: [target.email, nil], - unconfirmed_email: [nil, target.unconfirmed_email] - ) - end + def set_human_identifier + self.human_identifier = target.to_log_human_identifier if target.respond_to?(:to_log_human_identifier) + end + + def set_route_param + self.route_param = target.to_log_route_param if target.respond_to?(:to_log_route_param) + end + + def set_permalink + self.permalink = target.to_log_permalink if target.respond_to?(:to_log_permalink) end end diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index 0f2f712a2..6382cd782 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -12,6 +12,7 @@ class Admin::ActionLogFilter reject_appeal: { target_type: 'Appeal', action: 'reject' }.freeze, assigned_to_self_report: { target_type: 'Report', action: 'assigned_to_self' }.freeze, change_email_user: { target_type: 'User', action: 'change_email' }.freeze, + change_role_user: { target_type: 'User', action: 'change_role' }.freeze, confirm_user: { target_type: 'User', action: 'confirm' }.freeze, approve_user: { target_type: 'User', action: 'approve' }.freeze, reject_user: { target_type: 'User', action: 'reject' }.freeze, @@ -22,6 +23,7 @@ class Admin::ActionLogFilter create_domain_block: { target_type: 'DomainBlock', action: 'create' }.freeze, create_email_domain_block: { target_type: 'EmailDomainBlock', action: 'create' }.freeze, create_unavailable_domain: { target_type: 'UnavailableDomain', action: 'create' }.freeze, + create_user_role: { target_type: 'UserRole', action: 'create' }.freeze, demote_user: { target_type: 'User', action: 'demote' }.freeze, destroy_announcement: { target_type: 'Announcement', action: 'destroy' }.freeze, destroy_custom_emoji: { target_type: 'CustomEmoji', action: 'destroy' }.freeze, @@ -31,6 +33,7 @@ class Admin::ActionLogFilter destroy_instance: { target_type: 'Instance', action: 'destroy' }.freeze, destroy_unavailable_domain: { target_type: 'UnavailableDomain', action: 'destroy' }.freeze, destroy_status: { target_type: 'Status', action: 'destroy' }.freeze, + destroy_user_role: { target_type: 'UserRole', action: 'destroy' }.freeze, disable_2fa_user: { target_type: 'User', action: 'disable' }.freeze, disable_custom_emoji: { target_type: 'CustomEmoji', action: 'disable' }.freeze, disable_user: { target_type: 'User', action: 'disable' }.freeze, @@ -52,6 +55,7 @@ class Admin::ActionLogFilter update_announcement: { target_type: 'Announcement', action: 'update' }.freeze, update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze, update_status: { target_type: 'Status', action: 'update' }.freeze, + update_user_role: { target_type: 'UserRole', action: 'update' }.freeze, unblock_email_account: { target_type: 'Account', action: 'unblock_email' }.freeze, }.freeze -- cgit From c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 28 Aug 2022 03:31:54 +0200 Subject: Add admin API for managing canonical e-mail blocks (#19067) --- .../v1/admin/canonical_email_blocks_controller.rb | 99 ++++++++++++++++++++++ app/helpers/admin/action_logs_helper.rb | 8 +- app/models/admin/action_log_filter.rb | 5 ++ app/models/canonical_email_block.rb | 17 ++-- app/policies/canonical_email_block_policy.rb | 23 +++++ .../rest/admin/canonical_email_block_serializer.rb | 9 ++ config/locales/en.yml | 6 ++ config/routes.rb | 6 ++ ...95229_change_canonical_email_blocks_nullable.rb | 5 ++ db/schema.rb | 4 +- lib/mastodon/canonical_email_blocks_cli.rb | 31 ++----- 11 files changed, 177 insertions(+), 36 deletions(-) create mode 100644 app/controllers/api/v1/admin/canonical_email_blocks_controller.rb create mode 100644 app/policies/canonical_email_block_policy.rb create mode 100644 app/serializers/rest/admin/canonical_email_block_serializer.rb create mode 100644 db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb (limited to 'app/models/admin') diff --git a/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb new file mode 100644 index 000000000..bf8a6a131 --- /dev/null +++ b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: true + +class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController + include Authorization + include AccountableConcern + + LIMIT = 100 + + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:canonical_email_blocks' }, only: [:index, :show, :test] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:canonical_email_blocks' }, except: [:index, :show, :test] + + before_action :set_canonical_email_blocks, only: :index + before_action :set_canonical_email_blocks_from_test, only: [:test] + before_action :set_canonical_email_block, only: [:show, :destroy] + + after_action :verify_authorized + after_action :insert_pagination_headers, only: :index + + PAGINATION_PARAMS = %i(limit).freeze + + def index + authorize :canonical_email_block, :index? + render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def show + authorize @canonical_email_block, :show? + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def test + authorize :canonical_email_block, :test? + render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def create + authorize :canonical_email_block, :create? + + @canonical_email_block = CanonicalEmailBlock.create!(resource_params) + log_action :create, @canonical_email_block + + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def destroy + authorize @canonical_email_block, :destroy? + + @canonical_email_block.destroy! + log_action :destroy, @canonical_email_block + + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + private + + def resource_params + params.permit(:canonical_email_hash, :email) + end + + def set_canonical_email_blocks + @canonical_email_blocks = CanonicalEmailBlock.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id)) + end + + def set_canonical_email_blocks_from_test + @canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email]) + end + + def set_canonical_email_block + @canonical_email_block = CanonicalEmailBlock.find(params[:id]) + end + + def insert_pagination_headers + set_pagination_headers(next_path, prev_path) + end + + def next_path + api_v1_admin_canonical_email_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue? + end + + def prev_path + api_v1_admin_canonical_email_blocks_url(pagination_params(min_id: pagination_since_id)) unless @canonical_email_blocks.empty? + end + + def pagination_max_id + @canonical_email_blocks.last.id + end + + def pagination_since_id + @canonical_email_blocks.first.id + end + + def records_continue? + @canonical_email_blocks.size == limit_param(LIMIT) + end + + def pagination_params(core_params) + params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params) + end +end diff --git a/app/helpers/admin/action_logs_helper.rb b/app/helpers/admin/action_logs_helper.rb index 3e9fe17f4..fd1977ac5 100644 --- a/app/helpers/admin/action_logs_helper.rb +++ b/app/helpers/admin/action_logs_helper.rb @@ -9,8 +9,6 @@ module Admin::ActionLogsHelper link_to log.human_identifier, admin_account_path(log.route_param) when 'UserRole' link_to log.human_identifier, admin_roles_path(log.target_id) - when 'CustomEmoji' - log.human_identifier when 'Report' link_to "##{log.human_identifier}", admin_report_path(log.target_id) when 'DomainBlock', 'DomainAllow', 'EmailDomainBlock', 'UnavailableDomain' @@ -21,10 +19,10 @@ module Admin::ActionLogsHelper link_to log.human_identifier, admin_account_path(log.target_id) when 'Announcement' link_to truncate(log.human_identifier), edit_admin_announcement_path(log.target_id) - when 'IpBlock' - log.human_identifier - when 'Instance' + when 'IpBlock', 'Instance', 'CustomEmoji' log.human_identifier + when 'CanonicalEmailBlock' + content_tag(:samp, log.human_identifier[0...7], title: log.human_identifier) when 'Appeal' link_to log.human_identifier, disputes_strike_path(log.route_param) end diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index 6382cd782..c7a7e1a4c 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -22,18 +22,22 @@ class Admin::ActionLogFilter create_domain_allow: { target_type: 'DomainAllow', action: 'create' }.freeze, create_domain_block: { target_type: 'DomainBlock', action: 'create' }.freeze, create_email_domain_block: { target_type: 'EmailDomainBlock', action: 'create' }.freeze, + create_ip_block: { target_type: 'IpBlock', action: 'create' }.freeze, create_unavailable_domain: { target_type: 'UnavailableDomain', action: 'create' }.freeze, create_user_role: { target_type: 'UserRole', action: 'create' }.freeze, + create_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'create' }.freeze, demote_user: { target_type: 'User', action: 'demote' }.freeze, destroy_announcement: { target_type: 'Announcement', action: 'destroy' }.freeze, destroy_custom_emoji: { target_type: 'CustomEmoji', action: 'destroy' }.freeze, destroy_domain_allow: { target_type: 'DomainAllow', action: 'destroy' }.freeze, destroy_domain_block: { target_type: 'DomainBlock', action: 'destroy' }.freeze, + destroy_ip_block: { target_type: 'IpBlock', action: 'destroy' }.freeze, destroy_email_domain_block: { target_type: 'EmailDomainBlock', action: 'destroy' }.freeze, destroy_instance: { target_type: 'Instance', action: 'destroy' }.freeze, destroy_unavailable_domain: { target_type: 'UnavailableDomain', action: 'destroy' }.freeze, destroy_status: { target_type: 'Status', action: 'destroy' }.freeze, destroy_user_role: { target_type: 'UserRole', action: 'destroy' }.freeze, + destroy_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'destroy' }.freeze, disable_2fa_user: { target_type: 'User', action: 'disable' }.freeze, disable_custom_emoji: { target_type: 'CustomEmoji', action: 'disable' }.freeze, disable_user: { target_type: 'User', action: 'disable' }.freeze, @@ -56,6 +60,7 @@ class Admin::ActionLogFilter update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze, update_status: { target_type: 'Status', action: 'update' }.freeze, update_user_role: { target_type: 'UserRole', action: 'update' }.freeze, + update_ip_block: { target_type: 'IpBlock', action: 'update' }.freeze, unblock_email_account: { target_type: 'Account', action: 'unblock_email' }.freeze, }.freeze diff --git a/app/models/canonical_email_block.rb b/app/models/canonical_email_block.rb index 94781386c..1eb69ac67 100644 --- a/app/models/canonical_email_block.rb +++ b/app/models/canonical_email_block.rb @@ -5,27 +5,30 @@ # # id :bigint(8) not null, primary key # canonical_email_hash :string default(""), not null -# reference_account_id :bigint(8) not null +# reference_account_id :bigint(8) # created_at :datetime not null # updated_at :datetime not null # class CanonicalEmailBlock < ApplicationRecord include EmailHelper + include Paginable - belongs_to :reference_account, class_name: 'Account' + belongs_to :reference_account, class_name: 'Account', optional: true validates :canonical_email_hash, presence: true, uniqueness: true + scope :matching_email, ->(email) { where(canonical_email_hash: email_to_canonical_email_hash(email)) } + + def to_log_human_identifier + canonical_email_hash + end + def email=(email) self.canonical_email_hash = email_to_canonical_email_hash(email) end def self.block?(email) - where(canonical_email_hash: email_to_canonical_email_hash(email)).exists? - end - - def self.find_blocks(email) - where(canonical_email_hash: email_to_canonical_email_hash(email)) + matching_email(email).exists? end end diff --git a/app/policies/canonical_email_block_policy.rb b/app/policies/canonical_email_block_policy.rb new file mode 100644 index 000000000..8d76075c9 --- /dev/null +++ b/app/policies/canonical_email_block_policy.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +class CanonicalEmailBlockPolicy < ApplicationPolicy + def index? + role.can?(:manage_blocks) + end + + def show? + role.can?(:manage_blocks) + end + + def test? + role.can?(:manage_blocks) + end + + def create? + role.can?(:manage_blocks) + end + + def destroy? + role.can?(:manage_blocks) + end +end diff --git a/app/serializers/rest/admin/canonical_email_block_serializer.rb b/app/serializers/rest/admin/canonical_email_block_serializer.rb new file mode 100644 index 000000000..fe385940a --- /dev/null +++ b/app/serializers/rest/admin/canonical_email_block_serializer.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class REST::Admin::CanonicalEmailBlockSerializer < ActiveModel::Serializer + attributes :id, :canonical_email_hash + + def id + object.id.to_s + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 72ebfafba..0b721c163 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -239,6 +239,7 @@ en: confirm_user: Confirm User create_account_warning: Create Warning create_announcement: Create Announcement + create_canonical_email_block: Create E-mail Block create_custom_emoji: Create Custom Emoji create_domain_allow: Create Domain Allow create_domain_block: Create Domain Block @@ -248,6 +249,7 @@ en: create_user_role: Create Role demote_user: Demote User destroy_announcement: Delete Announcement + destroy_canonical_email_block: Delete E-mail Block destroy_custom_emoji: Delete Custom Emoji destroy_domain_allow: Delete Domain Allow destroy_domain_block: Delete Domain Block @@ -283,6 +285,7 @@ en: update_announcement: Update Announcement update_custom_emoji: Update Custom Emoji update_domain_block: Update Domain Block + update_ip_block: Update IP rule update_status: Update Post update_user_role: Update Role actions: @@ -294,6 +297,7 @@ en: confirm_user_html: "%{name} confirmed e-mail address of user %{target}" create_account_warning_html: "%{name} sent a warning to %{target}" create_announcement_html: "%{name} created new announcement %{target}" + create_canonical_email_block_html: "%{name} blocked e-mail with the hash %{target}" create_custom_emoji_html: "%{name} uploaded new emoji %{target}" create_domain_allow_html: "%{name} allowed federation with domain %{target}" create_domain_block_html: "%{name} blocked domain %{target}" @@ -303,6 +307,7 @@ en: create_user_role_html: "%{name} created %{target} role" demote_user_html: "%{name} demoted user %{target}" destroy_announcement_html: "%{name} deleted announcement %{target}" + destroy_canonical_email_block_html: "%{name} unblocked e-mail with the hash %{target}" destroy_custom_emoji_html: "%{name} deleted emoji %{target}" destroy_domain_allow_html: "%{name} disallowed federation with domain %{target}" destroy_domain_block_html: "%{name} unblocked domain %{target}" @@ -338,6 +343,7 @@ en: update_announcement_html: "%{name} updated announcement %{target}" update_custom_emoji_html: "%{name} updated emoji %{target}" update_domain_block_html: "%{name} updated domain block for %{target}" + update_ip_block_html: "%{name} changed rule for IP %{target}" update_status_html: "%{name} updated post by %{target}" update_user_role_html: "%{name} changed %{target} role" empty: No logs found. diff --git a/config/routes.rb b/config/routes.rb index 1168c9aee..8694a6436 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -602,6 +602,12 @@ Rails.application.routes.draw do post :measures, to: 'measures#create' post :dimensions, to: 'dimensions#create' post :retention, to: 'retention#create' + + resources :canonical_email_blocks, only: [:index, :create, :show, :destroy] do + collection do + post :test + end + end end end diff --git a/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb new file mode 100644 index 000000000..5b3ec4727 --- /dev/null +++ b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb @@ -0,0 +1,5 @@ +class ChangeCanonicalEmailBlocksNullable < ActiveRecord::Migration[6.1] + def change + safety_assured { change_column :canonical_email_blocks, :reference_account_id, :bigint, null: true, default: nil } + end +end diff --git a/db/schema.rb b/db/schema.rb index 83fd9549c..db22f538a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_08_24_164532) do +ActiveRecord::Schema.define(version: 2022_08_27_195229) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -296,7 +296,7 @@ ActiveRecord::Schema.define(version: 2022_08_24_164532) do create_table "canonical_email_blocks", force: :cascade do |t| t.string "canonical_email_hash", default: "", null: false - t.bigint "reference_account_id", null: false + t.bigint "reference_account_id" t.datetime "created_at", precision: 6, null: false t.datetime "updated_at", precision: 6, null: false t.index ["canonical_email_hash"], name: "index_canonical_email_blocks_on_canonical_email_hash", unique: true diff --git a/lib/mastodon/canonical_email_blocks_cli.rb b/lib/mastodon/canonical_email_blocks_cli.rb index 64b72e603..ec228d466 100644 --- a/lib/mastodon/canonical_email_blocks_cli.rb +++ b/lib/mastodon/canonical_email_blocks_cli.rb @@ -18,17 +18,15 @@ module Mastodon When suspending a local user, a hash of a "canonical" version of their e-mail address is stored to prevent them from signing up again. - This command can be used to find whether a known email address is blocked, - and if so, which account it was attached to. + This command can be used to find whether a known email address is blocked. LONG_DESC def find(email) - accts = CanonicalEmailBlock.find_blocks(email).map(&:reference_account).map(&:acct).to_a + accts = CanonicalEmailBlock.matching_email(email) + if accts.empty? - say("#{email} is not blocked", :yellow) + say("#{email} is not blocked", :green) else - accts.each do |acct| - say(acct, :white) - end + say("#{email} is blocked", :red) end end @@ -40,24 +38,13 @@ module Mastodon This command allows removing a canonical email block. LONG_DESC def remove(email) - blocks = CanonicalEmailBlock.find_blocks(email) + blocks = CanonicalEmailBlock.matching_email(email) + if blocks.empty? - say("#{email} is not blocked", :yellow) + say("#{email} is not blocked", :green) else blocks.destroy_all - say("Removed canonical email block for #{email}", :green) - end - end - - private - - def color(processed, failed) - if !processed.zero? && failed.zero? - :green - elsif failed.zero? - :yellow - else - :red + say("Unblocked #{email}", :green) end end end -- cgit From f8ca3bb2a1dd648f41e8fea5b5eb87b53bc8d521 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 26 Oct 2022 13:42:29 +0200 Subject: Add ability to view previous edits of a status in admin UI (#19462) * Add ability to view previous edits of a status in admin UI * Change moderator access to posts to be controlled by a separate policy --- app/controllers/admin/statuses_controller.rb | 16 +++++- .../admin/trends/statuses_controller.rb | 4 +- .../mastodon/components/status_action_bar.js | 2 +- .../features/status/components/action_bar.js | 2 +- app/javascript/styles/mastodon/admin.scss | 64 ++++++++++++++++++++++ app/models/admin/status_filter.rb | 5 +- app/models/status_edit.rb | 13 ++++- app/policies/admin/status_policy.rb | 29 ++++++++++ app/policies/status_policy.rb | 12 +--- .../admin/reports/_media_attachments.html.haml | 8 +++ app/views/admin/reports/_status.html.haml | 11 +--- .../admin/status_edits/_status_edit.html.haml | 20 +++++++ app/views/admin/statuses/show.html.haml | 64 ++++++++++++++++++++++ config/locales/en.yml | 13 +++++ config/routes.rb | 2 +- spec/policies/status_policy_spec.rb | 22 -------- 16 files changed, 232 insertions(+), 55 deletions(-) create mode 100644 app/policies/admin/status_policy.rb create mode 100644 app/views/admin/reports/_media_attachments.html.haml create mode 100644 app/views/admin/status_edits/_status_edit.html.haml create mode 100644 app/views/admin/statuses/show.html.haml (limited to 'app/models/admin') diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb index 084921ceb..b80cd20f5 100644 --- a/app/controllers/admin/statuses_controller.rb +++ b/app/controllers/admin/statuses_controller.rb @@ -3,18 +3,23 @@ module Admin class StatusesController < BaseController before_action :set_account - before_action :set_statuses + before_action :set_statuses, except: :show + before_action :set_status, only: :show PER_PAGE = 20 def index - authorize :status, :index? + authorize [:admin, :status], :index? @status_batch_action = Admin::StatusBatchAction.new end + def show + authorize [:admin, @status], :show? + end + def batch - authorize :status, :index? + authorize [:admin, :status], :index? @status_batch_action = Admin::StatusBatchAction.new(admin_status_batch_action_params.merge(current_account: current_account, report_id: params[:report_id], type: action_from_button)) @status_batch_action.save! @@ -32,6 +37,7 @@ module Admin def after_create_redirect_path report_id = @status_batch_action&.report_id || params[:report_id] + if report_id.present? admin_report_path(report_id) else @@ -43,6 +49,10 @@ module Admin @account = Account.find(params[:account_id]) end + def set_status + @status = @account.statuses.find(params[:id]) + end + def set_statuses @statuses = Admin::StatusFilter.new(@account, filter_params).results.preload(:application, :preloadable_poll, :media_attachments, active_mentions: :account, reblog: [:account, :application, :preloadable_poll, :media_attachments, active_mentions: :account]).page(params[:page]).per(PER_PAGE) end diff --git a/app/controllers/admin/trends/statuses_controller.rb b/app/controllers/admin/trends/statuses_controller.rb index 004f42b0c..3d8b53ea8 100644 --- a/app/controllers/admin/trends/statuses_controller.rb +++ b/app/controllers/admin/trends/statuses_controller.rb @@ -2,7 +2,7 @@ class Admin::Trends::StatusesController < Admin::BaseController def index - authorize :status, :review? + authorize [:admin, :status], :review? @locales = StatusTrend.pluck('distinct language') @statuses = filtered_statuses.page(params[:page]) @@ -10,7 +10,7 @@ class Admin::Trends::StatusesController < Admin::BaseController end def batch - authorize :status, :review? + authorize [:admin, :status], :review? @form = Trends::StatusBatch.new(trends_status_batch_params.merge(current_account: current_account, action: action_from_button)) @form.save diff --git a/app/javascript/mastodon/components/status_action_bar.js b/app/javascript/mastodon/components/status_action_bar.js index 17150524e..fe8ece0f9 100644 --- a/app/javascript/mastodon/components/status_action_bar.js +++ b/app/javascript/mastodon/components/status_action_bar.js @@ -323,7 +323,7 @@ class StatusActionBar extends ImmutablePureComponent { if ((this.context.identity.permissions & PERMISSION_MANAGE_USERS) === PERMISSION_MANAGE_USERS) { menu.push(null); menu.push({ text: intl.formatMessage(messages.admin_account, { name: account.get('username') }), href: `/admin/accounts/${status.getIn(['account', 'id'])}` }); - menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses?id=${status.get('id')}` }); + menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}` }); } } diff --git a/app/javascript/mastodon/features/status/components/action_bar.js b/app/javascript/mastodon/features/status/components/action_bar.js index a0a6a7894..4bd419ca4 100644 --- a/app/javascript/mastodon/features/status/components/action_bar.js +++ b/app/javascript/mastodon/features/status/components/action_bar.js @@ -254,7 +254,7 @@ class ActionBar extends React.PureComponent { if ((permissions & PERMISSION_MANAGE_USERS) === PERMISSION_MANAGE_USERS) { menu.push(null); menu.push({ text: intl.formatMessage(messages.admin_account, { name: status.getIn(['account', 'username']) }), href: `/admin/accounts/${status.getIn(['account', 'id'])}` }); - menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses?id=${status.get('id')}` }); + menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}` }); } } diff --git a/app/javascript/styles/mastodon/admin.scss b/app/javascript/styles/mastodon/admin.scss index affe1c79c..f86778399 100644 --- a/app/javascript/styles/mastodon/admin.scss +++ b/app/javascript/styles/mastodon/admin.scss @@ -1752,3 +1752,67 @@ a.sparkline { } } } + +.history { + counter-reset: step 0; + font-size: 15px; + line-height: 22px; + + li { + counter-increment: step 1; + padding-left: 2.5rem; + padding-bottom: 8px; + position: relative; + margin-bottom: 8px; + + &::before { + position: absolute; + content: counter(step); + font-size: 0.625rem; + font-weight: 500; + left: 0; + display: flex; + justify-content: center; + align-items: center; + width: calc(1.375rem + 1px); + height: calc(1.375rem + 1px); + background: $ui-base-color; + border: 1px solid $highlight-text-color; + color: $highlight-text-color; + border-radius: 8px; + } + + &::after { + position: absolute; + content: ""; + width: 1px; + background: $highlight-text-color; + bottom: 0; + top: calc(1.875rem + 1px); + left: 0.6875rem; + } + + &:last-child { + margin-bottom: 0; + + &::after { + display: none; + } + } + } + + &__entry { + h5 { + font-weight: 500; + color: $primary-text-color; + line-height: 25px; + margin-bottom: 16px; + } + + .status { + border: 1px solid lighten($ui-base-color, 4%); + background: $ui-base-color; + border-radius: 4px; + } + } +} diff --git a/app/models/admin/status_filter.rb b/app/models/admin/status_filter.rb index 4fba612a6..d7a16f760 100644 --- a/app/models/admin/status_filter.rb +++ b/app/models/admin/status_filter.rb @@ -3,7 +3,6 @@ class Admin::StatusFilter KEYS = %i( media - id report_id ).freeze @@ -28,12 +27,10 @@ class Admin::StatusFilter private - def scope_for(key, value) + def scope_for(key, _value) case key.to_s when 'media' Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id).reorder('statuses.id desc') - when 'id' - Status.where(id: value) else raise "Unknown filter: #{key}" end diff --git a/app/models/status_edit.rb b/app/models/status_edit.rb index e9c8fbe98..e33470226 100644 --- a/app/models/status_edit.rb +++ b/app/models/status_edit.rb @@ -30,7 +30,7 @@ class StatusEdit < ApplicationRecord :preview_remote_url, :text_url, :meta, :blurhash, :not_processed?, :needs_redownload?, :local?, :file, :thumbnail, :thumbnail_remote_url, - :shortcode, to: :media_attachment + :shortcode, :video?, :audio?, to: :media_attachment end rate_limit by: :account, family: :statuses @@ -40,7 +40,8 @@ class StatusEdit < ApplicationRecord default_scope { order(id: :asc) } - delegate :local?, to: :status + delegate :local?, :application, :edited?, :edited_at, + :discarded?, :visibility, to: :status def emojis return @emojis if defined?(@emojis) @@ -59,4 +60,12 @@ class StatusEdit < ApplicationRecord end end end + + def proper + self + end + + def reblog? + false + end end diff --git a/app/policies/admin/status_policy.rb b/app/policies/admin/status_policy.rb new file mode 100644 index 000000000..ffaa30f13 --- /dev/null +++ b/app/policies/admin/status_policy.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class Admin::StatusPolicy < ApplicationPolicy + def initialize(current_account, record, preloaded_relations = {}) + super(current_account, record) + + @preloaded_relations = preloaded_relations + end + + def index? + role.can?(:manage_reports, :manage_users) + end + + def show? + role.can?(:manage_reports, :manage_users) && (record.public_visibility? || record.unlisted_visibility? || record.reported?) + end + + def destroy? + role.can?(:manage_reports) + end + + def update? + role.can?(:manage_reports) + end + + def review? + role.can?(:manage_taxonomies) + end +end diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 2f48b5d70..f3d0ffdba 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -7,10 +7,6 @@ class StatusPolicy < ApplicationPolicy @preloaded_relations = preloaded_relations end - def index? - role.can?(:manage_reports, :manage_users) - end - def show? return false if author.suspended? @@ -32,17 +28,13 @@ class StatusPolicy < ApplicationPolicy end def destroy? - role.can?(:manage_reports) || owned? + owned? end alias unreblog? destroy? def update? - role.can?(:manage_reports) || owned? - end - - def review? - role.can?(:manage_taxonomies) + owned? end private diff --git a/app/views/admin/reports/_media_attachments.html.haml b/app/views/admin/reports/_media_attachments.html.haml new file mode 100644 index 000000000..d0b7d52c3 --- /dev/null +++ b/app/views/admin/reports/_media_attachments.html.haml @@ -0,0 +1,8 @@ +- if status.ordered_media_attachments.first.video? + - video = status.ordered_media_attachments.first + = react_component :video, src: video.file.url(:original), preview: video.file.url(:small), frameRate: video.file.meta.dig('original', 'frame_rate'), blurhash: video.blurhash, sensitive: status.sensitive?, visible: false, width: 610, height: 343, inline: true, alt: video.description, media: [ActiveModelSerializers::SerializableResource.new(video, serializer: REST::MediaAttachmentSerializer)].as_json +- elsif status.ordered_media_attachments.first.audio? + - audio = status.ordered_media_attachments.first + = react_component :audio, src: audio.file.url(:original), height: 110, alt: audio.description, duration: audio.file.meta.dig(:original, :duration) +- else + = react_component :media_gallery, height: 343, sensitive: status.sensitive?, visible: false, media: status.ordered_media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } diff --git a/app/views/admin/reports/_status.html.haml b/app/views/admin/reports/_status.html.haml index 392fc8f81..b2982a42b 100644 --- a/app/views/admin/reports/_status.html.haml +++ b/app/views/admin/reports/_status.html.haml @@ -12,14 +12,7 @@ = prerender_custom_emojis(status_content_format(status.proper), status.proper.emojis) - unless status.proper.ordered_media_attachments.empty? - - if status.proper.ordered_media_attachments.first.video? - - video = status.proper.ordered_media_attachments.first - = react_component :video, src: video.file.url(:original), preview: video.file.url(:small), frameRate: video.file.meta.dig('original', 'frame_rate'), blurhash: video.blurhash, sensitive: status.proper.sensitive?, visible: false, width: 610, height: 343, inline: true, alt: video.description, media: [ActiveModelSerializers::SerializableResource.new(video, serializer: REST::MediaAttachmentSerializer)].as_json - - elsif status.proper.ordered_media_attachments.first.audio? - - audio = status.proper.ordered_media_attachments.first - = react_component :audio, src: audio.file.url(:original), height: 110, alt: audio.description, duration: audio.file.meta.dig(:original, :duration) - - else - = react_component :media_gallery, height: 343, sensitive: status.proper.sensitive?, visible: false, media: status.proper.ordered_media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } + = render partial: 'admin/reports/media_attachments', locals: { status: status.proper } .detailed-status__meta - if status.application @@ -29,7 +22,7 @@ %time.formatted{ datetime: status.created_at.iso8601, title: l(status.created_at) }= l(status.created_at) - if status.edited? · - = t('statuses.edited_at_html', date: content_tag(:time, l(status.edited_at), datetime: status.edited_at.iso8601, title: l(status.edited_at), class: 'formatted')) + = link_to t('statuses.edited_at_html', date: content_tag(:time, l(status.edited_at), datetime: status.edited_at.iso8601, title: l(status.edited_at), class: 'formatted')), admin_account_status_path(status.account_id, status), class: 'detailed-status__datetime' - if status.discarded? · %span.negative-hint= t('admin.statuses.deleted') diff --git a/app/views/admin/status_edits/_status_edit.html.haml b/app/views/admin/status_edits/_status_edit.html.haml new file mode 100644 index 000000000..19a0e063d --- /dev/null +++ b/app/views/admin/status_edits/_status_edit.html.haml @@ -0,0 +1,20 @@ +.status + .status__content>< + - if status_edit.spoiler_text.blank? + = prerender_custom_emojis(status_content_format(status_edit), status_edit.emojis) + - else + %details< + %summary>< + %strong> Content warning: #{prerender_custom_emojis(h(status_edit.spoiler_text), status_edit.emojis)} + = prerender_custom_emojis(status_content_format(status_edit), status_edit.emojis) + + - unless status_edit.ordered_media_attachments.empty? + = render partial: 'admin/reports/media_attachments', locals: { status: status_edit } + + .detailed-status__meta + %time.formatted{ datetime: status_edit.created_at.iso8601, title: l(status_edit.created_at) }= l(status_edit.created_at) + + - if status_edit.sensitive? + · + = fa_icon('eye-slash fw') + = t('stream_entries.sensitive_content') diff --git a/app/views/admin/statuses/show.html.haml b/app/views/admin/statuses/show.html.haml new file mode 100644 index 000000000..62b49de8c --- /dev/null +++ b/app/views/admin/statuses/show.html.haml @@ -0,0 +1,64 @@ +- content_for :header_tags do + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' + +- content_for :page_title do + = t('statuses.title', name: display_name(@account), quote: truncate(@status.spoiler_text.presence || @status.text, length: 50, omission: '…', escape: false)) + +- content_for :heading_actions do + = link_to t('admin.statuses.open'), ActivityPub::TagManager.instance.url_for(@status), class: 'button', target: '_blank' + +%h3= t('admin.statuses.metadata') + +.table-wrapper + %table.table.horizontal-table + %tbody + %tr + %th= t('admin.statuses.account') + %td= admin_account_link_to @status.account + - if @status.reply? + %tr + %th= t('admin.statuses.in_reply_to') + %td= admin_account_link_to @status.in_reply_to_account, path: admin_account_status_path(@status.thread.account_id, @status.in_reply_to_id) + %tr + %th= t('admin.statuses.application') + %td= @status.application&.name + %tr + %th= t('admin.statuses.language') + %td= standard_locale_name(@status.language) + %tr + %th= t('admin.statuses.visibility') + %td= t("statuses.visibilities.#{@status.visibility}") + - if @status.trend + %tr + %th= t('admin.statuses.trending') + %td + - if @status.trend.allowed? + %abbr{ title: t('admin.trends.tags.current_score', score: @status.trend.score) }= t('admin.trends.tags.trending_rank', rank: @status.trend.rank) + - elsif @status.trend.requires_review? + = t('admin.trends.pending_review') + - else + = t('admin.trends.not_allowed_to_trend') + %tr + %th= t('admin.statuses.reblogs') + %td= friendly_number_to_human @status.reblogs_count + %tr + %th= t('admin.statuses.favourites') + %td= friendly_number_to_human @status.favourites_count + +%hr.spacer/ + +%h3= t('admin.statuses.history') + +%ol.history + - @status.edits.includes(:account, status: [:account]).each.with_index do |status_edit, i| + %li + .history__entry + %h5 + - if i.zero? + = t('admin.statuses.original_status') + - else + = t('admin.statuses.status_changed') + · + %time.formatted{ datetime: status_edit.created_at.iso8601, title: l(status_edit.created_at) }= l(status_edit.created_at) + + = render status_edit diff --git a/config/locales/en.yml b/config/locales/en.yml index 70850d478..fd845c3c2 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -705,16 +705,29 @@ en: delete: Delete uploaded file destroyed_msg: Site upload successfully deleted! statuses: + account: Author + application: Application back_to_account: Back to account page back_to_report: Back to report page batch: remove_from_report: Remove from report report: Report deleted: Deleted + favourites: Favourites + history: Version history + in_reply_to: Replying to + language: Language media: title: Media + metadata: Metadata no_status_selected: No posts were changed as none were selected + open: Open post + original_status: Original post + reblogs: Reblogs + status_changed: Post changed title: Account posts + trending: Trending + visibility: Visibility with_media: With media strikes: actions: diff --git a/config/routes.rb b/config/routes.rb index b44479e77..12726a677 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -325,7 +325,7 @@ Rails.application.routes.draw do resource :reset, only: [:create] resource :action, only: [:new, :create], controller: 'account_actions' - resources :statuses, only: [:index] do + resources :statuses, only: [:index, :show] do collection do post :batch end diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index 205ecd720..b88521708 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -96,10 +96,6 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to permit(status.account, status) end - it 'grants access when account is admin' do - expect(subject).to permit(admin.account, status) - end - it 'denies access when account is not deleter' do expect(subject).to_not permit(bob, status) end @@ -125,27 +121,9 @@ RSpec.describe StatusPolicy, type: :model do end end - permissions :index? do - it 'grants access if staff' do - expect(subject).to permit(admin.account) - end - - it 'denies access unless staff' do - expect(subject).to_not permit(alice) - end - end - permissions :update? do - it 'grants access if staff' do - expect(subject).to permit(admin.account, status) - end - it 'grants access if owner' do expect(subject).to permit(status.account, status) end - - it 'denies access unless staff' do - expect(subject).to_not permit(bob, status) - end end end -- cgit From 07cc201accd4a04c8c11cda21eecded4e7875d55 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 28 Oct 2022 00:48:30 +0200 Subject: Fix using wrong policy on status-related actions in admin UI (#19490) --- app/models/admin/status_batch_action.rb | 4 ++-- app/models/trends/status_batch.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'app/models/admin') diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index 7bf6fa6da..0ec4fef82 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -40,7 +40,7 @@ class Admin::StatusBatchAction end def handle_delete! - statuses.each { |status| authorize(status, :destroy?) } + statuses.each { |status| authorize([:admin, status], :destroy?) } ApplicationRecord.transaction do statuses.each do |status| @@ -75,7 +75,7 @@ class Admin::StatusBatchAction statuses.includes(:media_attachments, :preview_cards).find_each do |status| next unless status.with_media? || status.with_preview_card? - authorize(status, :update?) + authorize([:admin, status], :update?) if target_account.local? UpdateStatusService.new.call(status, representative_account.id, sensitive: true) diff --git a/app/models/trends/status_batch.rb b/app/models/trends/status_batch.rb index 78d93bed4..f9b97b224 100644 --- a/app/models/trends/status_batch.rb +++ b/app/models/trends/status_batch.rb @@ -30,7 +30,7 @@ class Trends::StatusBatch end def approve! - statuses.each { |status| authorize(status, :review?) } + statuses.each { |status| authorize([:admin, status], :review?) } statuses.update_all(trendable: true) end @@ -45,7 +45,7 @@ class Trends::StatusBatch end def reject! - statuses.each { |status| authorize(status, :review?) } + statuses.each { |status| authorize([:admin, status], :review?) } statuses.update_all(trendable: false) end -- cgit From 40c7f3e830538951862dc73074d1045a82395ab0 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 30 Oct 2022 02:44:32 +0200 Subject: Fix account action type validation (#19476) * Fix account action type validation Fix #19143 * Fix #19145 * Fix code style issues --- app/models/admin/account_action.rb | 9 +++-- .../v1/admin/account_actions_controller_spec.rb | 44 ++++++++++++++-------- 2 files changed, 34 insertions(+), 19 deletions(-) (limited to 'app/models/admin') diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb index aed3bc0c7..bce0d6e17 100644 --- a/app/models/admin/account_action.rb +++ b/app/models/admin/account_action.rb @@ -25,6 +25,8 @@ class Admin::AccountAction alias send_email_notification? send_email_notification alias include_statuses? include_statuses + validates :type, :target_account, :current_account, presence: true + def initialize(attributes = {}) @send_email_notification = true @include_statuses = true @@ -41,13 +43,15 @@ class Admin::AccountAction end def save! + raise ActiveRecord::RecordInvalid, self unless valid? + ApplicationRecord.transaction do process_action! process_strike! + process_reports! end process_email! - process_reports! process_queue! end @@ -106,9 +110,8 @@ class Admin::AccountAction # Otherwise, we will mark all unresolved reports about # the account as resolved. - reports.each { |report| authorize(report, :update?) } - reports.each do |report| + authorize(report, :update?) log_action(:resolve, report) report.resolve!(current_account) end diff --git a/spec/controllers/api/v1/admin/account_actions_controller_spec.rb b/spec/controllers/api/v1/admin/account_actions_controller_spec.rb index 199395f55..462c2cfa9 100644 --- a/spec/controllers/api/v1/admin/account_actions_controller_spec.rb +++ b/spec/controllers/api/v1/admin/account_actions_controller_spec.rb @@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do end describe 'POST #create' do - before do - post :create, params: { account_id: account.id, type: 'disable' } - end + context do + before do + post :create, params: { account_id: account.id, type: 'disable' } + end - it_behaves_like 'forbidden for wrong scope', 'write:statuses' - it_behaves_like 'forbidden for wrong role', '' + it_behaves_like 'forbidden for wrong scope', 'write:statuses' + it_behaves_like 'forbidden for wrong role', '' - it 'returns http success' do - expect(response).to have_http_status(200) - end + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'performs action against account' do + expect(account.reload.user_disabled?).to be true + end + + it 'logs action' do + log_item = Admin::ActionLog.last - it 'performs action against account' do - expect(account.reload.user_disabled?).to be true + expect(log_item).to_not be_nil + expect(log_item.action).to eq :disable + expect(log_item.account_id).to eq user.account_id + expect(log_item.target_id).to eq account.user.id + end end - it 'logs action' do - log_item = Admin::ActionLog.last + context 'with no type' do + before do + post :create, params: { account_id: account.id } + end - expect(log_item).to_not be_nil - expect(log_item.action).to eq :disable - expect(log_item.account_id).to eq user.account_id - expect(log_item.target_id).to eq account.user.id + it 'returns http unprocessable entity' do + expect(response).to have_http_status(422) + end end end end -- cgit From 125322718bfe983e94937f5d127003d47a138313 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 2 Nov 2022 18:50:21 +0100 Subject: Fix inaccurate admin log entry for re-sending confirmation e-mails (#19674) Fixes #19593 --- app/controllers/admin/confirmations_controller.rb | 2 +- app/models/admin/action_log_filter.rb | 1 + config/locales/en.yml | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) (limited to 'app/models/admin') diff --git a/app/controllers/admin/confirmations_controller.rb b/app/controllers/admin/confirmations_controller.rb index efe7dcbd4..6f4e42679 100644 --- a/app/controllers/admin/confirmations_controller.rb +++ b/app/controllers/admin/confirmations_controller.rb @@ -17,7 +17,7 @@ module Admin @user.resend_confirmation_instructions - log_action :confirm, @user + log_action :resend, @user flash[:notice] = I18n.t('admin.accounts.resend_confirmation.success') redirect_to admin_accounts_path diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index c7a7e1a4c..edb391e2e 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -47,6 +47,7 @@ class Admin::ActionLogFilter promote_user: { target_type: 'User', action: 'promote' }.freeze, remove_avatar_user: { target_type: 'User', action: 'remove_avatar' }.freeze, reopen_report: { target_type: 'Report', action: 'reopen' }.freeze, + resend_user: { target_type: 'User', action: 'resend' }.freeze, reset_password_user: { target_type: 'User', action: 'reset_password' }.freeze, resolve_report: { target_type: 'Report', action: 'resolve' }.freeze, sensitive_account: { target_type: 'Account', action: 'sensitive' }.freeze, diff --git a/config/locales/en.yml b/config/locales/en.yml index 547b19f07..ce8dea65b 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -207,6 +207,7 @@ en: reject_user: Reject User remove_avatar_user: Remove Avatar reopen_report: Reopen Report + resend_user: Resend Confirmation Mail reset_password_user: Reset Password resolve_report: Resolve Report sensitive_account: Force-Sensitive Account @@ -265,6 +266,7 @@ en: reject_user_html: "%{name} rejected sign-up from %{target}" remove_avatar_user_html: "%{name} removed %{target}'s avatar" reopen_report_html: "%{name} reopened report %{target}" + resend_user_html: "%{name} resent confirmation e-mail for %{target}" reset_password_user_html: "%{name} reset password of user %{target}" resolve_report_html: "%{name} resolved report %{target}" sensitive_account_html: "%{name} marked %{target}'s media as sensitive" -- cgit From c2170991c7889b8f6c6434f416cb0a8450db25a1 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 4 Nov 2022 16:31:44 +0100 Subject: Fix reblogs being discarded after the reblogged status (#19731) --- app/controllers/api/v1/statuses_controller.rb | 2 +- app/lib/status_reach_finder.rb | 2 +- app/models/admin/status_batch_action.rb | 2 +- app/models/status.rb | 6 ++++++ app/services/account_statuses_cleanup_service.rb | 2 +- app/services/remove_status_service.rb | 4 ++-- 6 files changed, 12 insertions(+), 6 deletions(-) (limited to 'app/models/admin') diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 2e239d48b..676ec2a79 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -77,7 +77,7 @@ class Api::V1::StatusesController < Api::BaseController @status = Status.where(account: current_account).find(params[:id]) authorize @status, :destroy? - @status.discard + @status.discard_with_reblogs StatusPin.find_by(status: @status)&.destroy @status.account.statuses_count = @status.account.statuses_count - 1 json = render_to_body json: @status, serializer: REST::StatusSerializer, source_requested: true diff --git a/app/lib/status_reach_finder.rb b/app/lib/status_reach_finder.rb index 98e502bb6..ccf1e9e3a 100644 --- a/app/lib/status_reach_finder.rb +++ b/app/lib/status_reach_finder.rb @@ -55,7 +55,7 @@ class StatusReachFinder # Beware: Reblogs can be created without the author having had access to the status def reblogs_account_ids - @status.reblogs.pluck(:account_id) if distributable? || unsafe? + @status.reblogs.rewhere(deleted_at: [nil, @status.deleted_at]).pluck(:account_id) if distributable? || unsafe? end # Beware: Favourites can be created without the author having had access to the status diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index 0ec4fef82..0f019b854 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -44,7 +44,7 @@ class Admin::StatusBatchAction ApplicationRecord.transaction do statuses.each do |status| - status.discard + status.discard_with_reblogs log_action(:destroy, status) end diff --git a/app/models/status.rb b/app/models/status.rb index 4805abfea..8bdb5e8db 100644 --- a/app/models/status.rb +++ b/app/models/status.rb @@ -440,6 +440,12 @@ class Status < ApplicationRecord im end + def discard_with_reblogs + discard_time = Time.current + Status.unscoped.where(reblog_of_id: id, deleted_at: [nil, deleted_at]).in_batches.update_all(deleted_at: discard_time) unless reblog? + update_attribute(:deleted_at, discard_time) + end + private def update_status_stat!(attrs) diff --git a/app/services/account_statuses_cleanup_service.rb b/app/services/account_statuses_cleanup_service.rb index 3918b5ba4..96bc3db7d 100644 --- a/app/services/account_statuses_cleanup_service.rb +++ b/app/services/account_statuses_cleanup_service.rb @@ -14,7 +14,7 @@ class AccountStatusesCleanupService < BaseService last_deleted = nil account_policy.statuses_to_delete(budget, cutoff_id, account_policy.last_inspected).reorder(nil).find_each(order: :asc) do |status| - status.discard + status.discard_with_reblogs RemovalWorker.perform_async(status.id, { 'redraft' => false }) num_deleted += 1 last_deleted = status.id diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb index f9fdea2cb..37d2dabae 100644 --- a/app/services/remove_status_service.rb +++ b/app/services/remove_status_service.rb @@ -19,7 +19,7 @@ class RemoveStatusService < BaseService @options = options with_lock("distribute:#{@status.id}") do - @status.discard + @status.discard_with_reblogs StatusPin.find_by(status: @status)&.destroy @@ -102,7 +102,7 @@ class RemoveStatusService < BaseService # because once original status is gone, reblogs will disappear # without us being able to do all the fancy stuff - @status.reblogs.includes(:account).reorder(nil).find_each do |reblog| + @status.reblogs.rewhere(deleted_at: [nil, @status.deleted_at]).includes(:account).reorder(nil).find_each do |reblog| RemoveStatusService.new.call(reblog, original_removed: true) end end -- cgit