From: Nutomic Date: Thu, 28 Apr 2022 20:32:32 +0000 (+0200) Subject: Implement restricted community (only mods can post) (fixes #187) (#2235) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/hacktivis.me/static/%24%7Bargs.thread.url%7D?a=commitdiff_plain;h=7058cfa1cf67e65818e8ce62d9716b1564558734;p=lemmy.git Implement restricted community (only mods can post) (fixes #187) (#2235) * Implement restricted community (only mods can post) (fixes #187) * review fixes * fix tests --- diff --git a/Cargo.lock b/Cargo.lock index 1ca61877..2d813647 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1928,6 +1928,7 @@ dependencies = [ "reqwest", "reqwest-middleware", "serde", + "serde_json", "sha2", "tracing", "url", diff --git a/crates/api/src/community/hide.rs b/crates/api/src/community/hide.rs new file mode 100644 index 00000000..a3910010 --- /dev/null +++ b/crates/api/src/community/hide.rs @@ -0,0 +1,82 @@ +use crate::Perform; +use actix_web::web::Data; +use lemmy_api_common::{ + blocking, + community::{CommunityResponse, HideCommunity}, + get_local_user_view_from_jwt, + is_admin, +}; +use lemmy_apub::protocol::activities::community::update::UpdateCommunity; +use lemmy_db_schema::{ + naive_now, + source::{ + community::{Community, CommunityForm}, + moderator::{ModHideCommunity, ModHideCommunityForm}, + }, + traits::Crud, +}; +use lemmy_utils::{ConnectionId, LemmyError}; +use lemmy_websocket::{send::send_community_ws_message, LemmyContext, UserOperationCrud}; + +#[async_trait::async_trait(?Send)] +impl Perform for HideCommunity { + type Response = CommunityResponse; + + #[tracing::instrument(skip(context, websocket_id))] + async fn perform( + &self, + context: &Data, + websocket_id: Option, + ) -> Result { + let data: &HideCommunity = self; + + // Verify its a admin (only admin can hide or unhide it) + let local_user_view = + get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?; + is_admin(&local_user_view)?; + + let community_id = data.community_id; + let read_community = blocking(context.pool(), move |conn| { + Community::read(conn, community_id) + }) + .await??; + + let community_form = CommunityForm { + name: read_community.name, + title: read_community.title, + description: read_community.description.to_owned(), + hidden: Some(data.hidden), + updated: Some(naive_now()), + ..CommunityForm::default() + }; + + let mod_hide_community_form = ModHideCommunityForm { + community_id: data.community_id, + mod_person_id: local_user_view.person.id, + reason: data.reason.clone(), + hidden: Some(data.hidden), + }; + + let community_id = data.community_id; + let updated_community = blocking(context.pool(), move |conn| { + Community::update(conn, community_id, &community_form) + }) + .await? + .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_community_hidden_status"))?; + + blocking(context.pool(), move |conn| { + ModHideCommunity::create(conn, &mod_hide_community_form) + }) + .await??; + + UpdateCommunity::send( + updated_community.into(), + &local_user_view.person.into(), + context, + ) + .await?; + + let op = UserOperationCrud::EditCommunity; + send_community_ws_message(data.community_id, op, websocket_id, None, context).await + } +} diff --git a/crates/api/src/community/mod.rs b/crates/api/src/community/mod.rs index 8bf2ed54..fda08265 100644 --- a/crates/api/src/community/mod.rs +++ b/crates/api/src/community/mod.rs @@ -2,4 +2,5 @@ mod add_mod; mod ban; mod block; mod follow; +mod hide; mod transfer; diff --git a/crates/api_crud/src/community/update.rs b/crates/api_crud/src/community/update.rs index b3b89368..6a98180b 100644 --- a/crates/api_crud/src/community/update.rs +++ b/crates/api_crud/src/community/update.rs @@ -3,19 +3,15 @@ use actix_web::web::Data; use lemmy_api_common::{ blocking, check_image_has_local_domain, - community::{CommunityResponse, EditCommunity, HideCommunity}, + community::{CommunityResponse, EditCommunity}, get_local_user_view_from_jwt, - is_admin, }; use lemmy_apub::protocol::activities::community::update::UpdateCommunity; use lemmy_db_schema::{ diesel_option_overwrite_to_url, naive_now, newtypes::PersonId, - source::{ - community::{Community, CommunityForm}, - moderator::{ModHideCommunity, ModHideCommunityForm}, - }, + source::community::{Community, CommunityForm}, traits::Crud, }; use lemmy_db_views_actor::community_moderator_view::CommunityModeratorView; @@ -65,11 +61,9 @@ impl PerformCrud for EditCommunity { name: read_community.name, title: data.title.to_owned().unwrap_or(read_community.title), description: data.description.to_owned(), - public_key: read_community.public_key, icon, banner, nsfw: data.nsfw, - hidden: Some(read_community.hidden), updated: Some(naive_now()), ..CommunityForm::default() }; @@ -92,70 +86,3 @@ impl PerformCrud for EditCommunity { send_community_ws_message(data.community_id, op, websocket_id, None, context).await } } - -#[async_trait::async_trait(?Send)] -impl PerformCrud for HideCommunity { - type Response = CommunityResponse; - - #[tracing::instrument(skip(context, websocket_id))] - async fn perform( - &self, - context: &Data, - websocket_id: Option, - ) -> Result { - let data: &HideCommunity = self; - - // Verify its a admin (only admin can hide or unhide it) - let local_user_view = - get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?; - is_admin(&local_user_view)?; - - let community_id = data.community_id; - let read_community = blocking(context.pool(), move |conn| { - Community::read(conn, community_id) - }) - .await??; - - let community_form = CommunityForm { - name: read_community.name, - title: read_community.title, - description: read_community.description.to_owned(), - public_key: read_community.public_key, - icon: Some(read_community.icon), - banner: Some(read_community.banner), - nsfw: Some(read_community.nsfw), - updated: Some(naive_now()), - hidden: Some(data.hidden), - ..CommunityForm::default() - }; - - let mod_hide_community_form = ModHideCommunityForm { - community_id: data.community_id, - mod_person_id: local_user_view.person.id, - reason: data.reason.clone(), - hidden: Some(data.hidden), - }; - - let community_id = data.community_id; - let updated_community = blocking(context.pool(), move |conn| { - Community::update(conn, community_id, &community_form) - }) - .await? - .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_community_hidden_status"))?; - - blocking(context.pool(), move |conn| { - ModHideCommunity::create(conn, &mod_hide_community_form) - }) - .await??; - - UpdateCommunity::send( - updated_community.into(), - &local_user_view.person.into(), - context, - ) - .await?; - - let op = UserOperationCrud::EditCommunity; - send_community_ws_message(data.community_id, op, websocket_id, None, context).await - } -} diff --git a/crates/api_crud/src/post/create.rs b/crates/api_crud/src/post/create.rs index 47396660..eb162e01 100644 --- a/crates/api_crud/src/post/create.rs +++ b/crates/api_crud/src/post/create.rs @@ -16,9 +16,13 @@ use lemmy_apub::{ EndpointType, }; use lemmy_db_schema::{ - source::post::{Post, PostForm, PostLike, PostLikeForm}, + source::{ + community::Community, + post::{Post, PostForm, PostLike, PostLikeForm}, + }, traits::{Crud, Likeable}, }; +use lemmy_db_views_actor::community_view::CommunityView; use lemmy_utils::{ request::fetch_site_data, utils::{ @@ -62,6 +66,22 @@ impl PerformCrud for CreatePost { check_community_ban(local_user_view.person.id, data.community_id, context.pool()).await?; check_community_deleted_or_removed(data.community_id, context.pool()).await?; + let community_id = data.community_id; + let community = blocking(context.pool(), move |conn| { + Community::read(conn, community_id) + }) + .await??; + if community.posting_restricted_to_mods { + let community_id = data.community_id; + let is_mod = blocking(context.pool(), move |conn| { + CommunityView::is_mod_or_admin(conn, local_user_view.local_user.person_id, community_id) + }) + .await?; + if !is_mod { + return Err(LemmyError::from_message("only_mods_can_post_in_community")); + } + } + // Fetch post links and pictrs cached image let data_url = data.url.as_ref(); let (metadata_res, pictrs_thumbnail) = diff --git a/crates/apub/assets/lemmy/activities/community/update_community.json b/crates/apub/assets/lemmy/activities/community/update_community.json index 275d6d2b..bddae0f7 100644 --- a/crates/apub/assets/lemmy/activities/community/update_community.json +++ b/crates/apub/assets/lemmy/activities/community/update_community.json @@ -15,6 +15,7 @@ }, "sensitive": false, "moderators": "http://enterprise.lemmy.ml/c/main/moderators", + "postingRestrictedToMods": false, "inbox": "http://enterprise.lemmy.ml/c/main/inbox", "outbox": "http://enterprise.lemmy.ml/c/main/outbox", "followers": "http://enterprise.lemmy.ml/c/main/followers", diff --git a/crates/apub/assets/lemmy/objects/group.json b/crates/apub/assets/lemmy/objects/group.json index 7eddd86b..67ddd955 100644 --- a/crates/apub/assets/lemmy/objects/group.json +++ b/crates/apub/assets/lemmy/objects/group.json @@ -20,6 +20,7 @@ "inbox": "https://enterprise.lemmy.ml/c/tenforward/inbox", "followers": "https://enterprise.lemmy.ml/c/tenforward/followers", "moderators": "https://enterprise.lemmy.ml/c/tenforward/moderators", + "postingRestrictedToMods": false, "endpoints": { "sharedInbox": "https://enterprise.lemmy.ml/inbox" }, diff --git a/crates/apub/src/objects/community.rs b/crates/apub/src/objects/community.rs index 342a4080..59489d3e 100644 --- a/crates/apub/src/objects/community.rs +++ b/crates/apub/src/objects/community.rs @@ -103,6 +103,7 @@ impl ApubObject for ApubCommunity { public_key: self.get_public_key()?, published: Some(convert_datetime(self.published)), updated: self.updated.map(convert_datetime), + posting_restricted_to_mods: Some(self.posting_restricted_to_mods), }; Ok(group) } diff --git a/crates/apub/src/protocol/objects/group.rs b/crates/apub/src/protocol/objects/group.rs index 410c9e87..57d0ae15 100644 --- a/crates/apub/src/protocol/objects/group.rs +++ b/crates/apub/src/protocol/objects/group.rs @@ -50,6 +50,8 @@ pub struct Group { pub(crate) sensitive: Option, // lemmy extension pub(crate) moderators: Option>, + // lemmy extension + pub(crate) posting_restricted_to_mods: Option, pub(crate) outbox: ObjectId, pub(crate) endpoints: Option, pub(crate) published: Option>, @@ -96,6 +98,7 @@ impl Group { followers_url: Some(self.followers.into()), inbox_url: Some(self.inbox.into()), shared_inbox_url: Some(self.endpoints.map(|e| e.shared_inbox.into())), + posting_restricted_to_mods: self.posting_restricted_to_mods, } } } diff --git a/crates/apub_lib/Cargo.toml b/crates/apub_lib/Cargo.toml index d3642c04..1b2cabbf 100644 --- a/crates/apub_lib/Cargo.toml +++ b/crates/apub_lib/Cargo.toml @@ -14,6 +14,7 @@ chrono = "0.4.19" serde = { version = "1.0.136", features = ["derive"] } async-trait = "0.1.53" url = { version = "2.2.2", features = ["serde"] } +serde_json = { version = "1.0.79", features = ["preserve_order"] } anyhow = "1.0.56" reqwest = { version = "0.11.10", features = ["json"] } reqwest-middleware = "0.1.5" diff --git a/crates/db_schema/src/impls/community.rs b/crates/db_schema/src/impls/community.rs index a7b50996..fb8bd6e4 100644 --- a/crates/db_schema/src/impls/community.rs +++ b/crates/db_schema/src/impls/community.rs @@ -43,6 +43,7 @@ mod safe_type { icon, banner, hidden, + posting_restricted_to_mods, ); impl ToSafe for Community { @@ -63,6 +64,7 @@ mod safe_type { icon, banner, hidden, + posting_restricted_to_mods, ) } } @@ -373,6 +375,7 @@ mod tests { inbox_url: inserted_community.inbox_url.to_owned(), shared_inbox_url: None, hidden: false, + posting_restricted_to_mods: false, }; let community_follower_form = CommunityFollowerForm { diff --git a/crates/db_schema/src/schema.rs b/crates/db_schema/src/schema.rs index 3ff56317..3662d095 100644 --- a/crates/db_schema/src/schema.rs +++ b/crates/db_schema/src/schema.rs @@ -94,6 +94,7 @@ table! { inbox_url -> Varchar, shared_inbox_url -> Nullable, hidden -> Bool, + posting_restricted_to_mods -> Bool, } } diff --git a/crates/db_schema/src/source/community.rs b/crates/db_schema/src/source/community.rs index 35b695db..3e8bbf17 100644 --- a/crates/db_schema/src/source/community.rs +++ b/crates/db_schema/src/source/community.rs @@ -27,6 +27,7 @@ pub struct Community { pub inbox_url: DbUrl, pub shared_inbox_url: Option, pub hidden: bool, + pub posting_restricted_to_mods: bool, } /// A safe representation of community, without the sensitive info @@ -47,6 +48,7 @@ pub struct CommunitySafe { pub icon: Option, pub banner: Option, pub hidden: bool, + pub posting_restricted_to_mods: bool, } #[derive(Insertable, AsChangeset, Debug, Default)] @@ -71,6 +73,7 @@ pub struct CommunityForm { pub inbox_url: Option, pub shared_inbox_url: Option>, pub hidden: Option, + pub posting_restricted_to_mods: Option, } #[derive(Identifiable, Queryable, Associations, PartialEq, Debug)] diff --git a/crates/db_views/src/comment_report_view.rs b/crates/db_views/src/comment_report_view.rs index 63701db9..73224be5 100644 --- a/crates/db_views/src/comment_report_view.rs +++ b/crates/db_views/src/comment_report_view.rs @@ -431,6 +431,7 @@ mod tests { updated: None, banner: None, hidden: false, + posting_restricted_to_mods: false, published: inserted_community.published, }, creator: PersonSafe { diff --git a/crates/db_views/src/comment_view.rs b/crates/db_views/src/comment_view.rs index 4a7f96b6..da42bb13 100644 --- a/crates/db_views/src/comment_view.rs +++ b/crates/db_views/src/comment_view.rs @@ -709,6 +709,7 @@ mod tests { updated: None, banner: None, hidden: false, + posting_restricted_to_mods: false, published: inserted_community.published, }, counts: CommentAggregates { diff --git a/crates/db_views/src/post_report_view.rs b/crates/db_views/src/post_report_view.rs index 66341d67..0f56c262 100644 --- a/crates/db_views/src/post_report_view.rs +++ b/crates/db_views/src/post_report_view.rs @@ -413,6 +413,7 @@ mod tests { updated: None, banner: None, hidden: false, + posting_restricted_to_mods: false, published: inserted_community.published, }, creator: PersonSafe { diff --git a/crates/db_views/src/post_view.rs b/crates/db_views/src/post_view.rs index a3df66af..dd97cd8d 100644 --- a/crates/db_views/src/post_view.rs +++ b/crates/db_views/src/post_view.rs @@ -703,6 +703,7 @@ mod tests { updated: None, banner: None, hidden: false, + posting_restricted_to_mods: false, published: inserted_community.published, }, counts: PostAggregates { diff --git a/crates/db_views_actor/src/community_view.rs b/crates/db_views_actor/src/community_view.rs index a7b711b4..2063fb14 100644 --- a/crates/db_views_actor/src/community_view.rs +++ b/crates/db_views_actor/src/community_view.rs @@ -74,28 +74,29 @@ impl CommunityView { }) } - // TODO: this function is only used by is_mod_or_admin() below, can probably be merged - fn community_mods_and_admins( - conn: &PgConnection, - community_id: CommunityId, - ) -> Result, Error> { - let mut mods_and_admins: Vec = Vec::new(); - mods_and_admins.append( - &mut CommunityModeratorView::for_community(conn, community_id) - .map(|v| v.into_iter().map(|m| m.moderator.id).collect())?, - ); - mods_and_admins.append( - &mut PersonViewSafe::admins(conn).map(|v| v.into_iter().map(|a| a.person.id).collect())?, - ); - Ok(mods_and_admins) - } - pub fn is_mod_or_admin( conn: &PgConnection, person_id: PersonId, community_id: CommunityId, ) -> bool { - Self::community_mods_and_admins(conn, community_id) + let is_mod = CommunityModeratorView::for_community(conn, community_id) + .map(|v| { + v.into_iter() + .map(|m| m.moderator.id) + .collect::>() + }) + .unwrap_or_default() + .contains(&person_id); + if is_mod { + return true; + } + + PersonViewSafe::admins(conn) + .map(|v| { + v.into_iter() + .map(|a| a.person.id) + .collect::>() + }) .unwrap_or_default() .contains(&person_id) } diff --git a/migrations/2022-04-26-105145_only_mod_can_post/down.sql b/migrations/2022-04-26-105145_only_mod_can_post/down.sql new file mode 100644 index 00000000..a9c95bf6 --- /dev/null +++ b/migrations/2022-04-26-105145_only_mod_can_post/down.sql @@ -0,0 +1 @@ +alter table community drop column posting_restricted_to_mods; \ No newline at end of file diff --git a/migrations/2022-04-26-105145_only_mod_can_post/up.sql b/migrations/2022-04-26-105145_only_mod_can_post/up.sql new file mode 100644 index 00000000..fbc56983 --- /dev/null +++ b/migrations/2022-04-26-105145_only_mod_can_post/up.sql @@ -0,0 +1 @@ +alter table community add column posting_restricted_to_mods boolean default false; \ No newline at end of file diff --git a/src/api_routes.rs b/src/api_routes.rs index 757e40a1..36310386 100644 --- a/src/api_routes.rs +++ b/src/api_routes.rs @@ -49,7 +49,7 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) { .wrap(rate_limit.message()) .route("", web::get().to(route_get_crud::)) .route("", web::put().to(route_post_crud::)) - .route("/hide", web::put().to(route_post_crud::)) + .route("/hide", web::put().to(route_post::)) .route("/list", web::get().to(route_get_crud::)) .route("/follow", web::post().to(route_post::)) .route("/block", web::post().to(route_post::)) diff --git a/src/code_migrations.rs b/src/code_migrations.rs index d626c7de..69e41916 100644 --- a/src/code_migrations.rs +++ b/src/code_migrations.rs @@ -107,22 +107,15 @@ fn community_updates_2020_04_02( name: ccommunity.name.to_owned(), title: ccommunity.title.to_owned(), description: ccommunity.description.to_owned(), - removed: None, - deleted: None, - nsfw: None, - updated: None, hidden: Some(false), actor_id: Some(community_actor_id.to_owned()), local: Some(ccommunity.local), private_key: Some(Some(keypair.private_key)), public_key: keypair.public_key, last_refreshed_at: Some(naive_now()), - published: None, icon: Some(ccommunity.icon.to_owned()), banner: Some(ccommunity.banner.to_owned()), - followers_url: None, - inbox_url: None, - shared_inbox_url: None, + ..Default::default() }; Community::update(conn, ccommunity.id, &form)?;