From 02b8d63fcef2d30e2514111ec89308a9435dd2ed Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 2 Mar 2022 18:57:08 +0100 Subject: [PATCH 1/4] Fix report category not being saved in REST API (#17682) --- app/controllers/api/v1/reports_controller.rb | 12 +---- app/services/report_service.rb | 14 +++-- .../api/v1/reports_controller_spec.rb | 54 ++++++++++++++++--- spec/fabricators/rule_fabricator.rb | 8 +-- 4 files changed, 62 insertions(+), 26 deletions(-) diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb index 052d70cc8d..8ff6c8fe5c 100644 --- a/app/controllers/api/v1/reports_controller.rb +++ b/app/controllers/api/v1/reports_controller.rb @@ -10,9 +10,7 @@ class Api::V1::ReportsController < Api::BaseController @report = ReportService.new.call( current_account, reported_account, - status_ids: reported_status_ids, - comment: report_params[:comment], - forward: report_params[:forward] + report_params ) render json: @report, serializer: REST::ReportSerializer @@ -20,14 +18,6 @@ class Api::V1::ReportsController < Api::BaseController private - def reported_status_ids - reported_account.statuses.with_discarded.find(status_ids).pluck(:id) - end - - def status_ids - Array(report_params[:status_ids]) - end - def reported_account Account.find(report_params[:account_id]) end diff --git a/app/services/report_service.rb b/app/services/report_service.rb index caf99ab6e0..9d784c341a 100644 --- a/app/services/report_service.rb +++ b/app/services/report_service.rb @@ -6,10 +6,10 @@ class ReportService < BaseService def call(source_account, target_account, options = {}) @source_account = source_account @target_account = target_account - @status_ids = options.delete(:status_ids) || [] - @comment = options.delete(:comment) || '' - @category = options.delete(:category) || 'other' - @rule_ids = options.delete(:rule_ids) + @status_ids = options.delete(:status_ids).presence || [] + @comment = options.delete(:comment).presence || '' + @category = options.delete(:category).presence || 'other' + @rule_ids = options.delete(:rule_ids).presence @options = options raise ActiveRecord::RecordNotFound if @target_account.suspended? @@ -26,7 +26,7 @@ class ReportService < BaseService def create_report! @report = @source_account.reports.create!( target_account: @target_account, - status_ids: @status_ids, + status_ids: reported_status_ids, comment: @comment, uri: @options[:uri], forwarded: forward?, @@ -56,6 +56,10 @@ class ReportService < BaseService !@target_account.local? && ActiveModel::Type::Boolean.new.cast(@options[:forward]) end + def reported_status_ids + @target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id) + end + def payload Oj.dump(serialize_payload(@report, ActivityPub::FlagSerializer, account: some_local_account)) end diff --git a/spec/controllers/api/v1/reports_controller_spec.rb b/spec/controllers/api/v1/reports_controller_spec.rb index a13de13706..b5baf60e11 100644 --- a/spec/controllers/api/v1/reports_controller_spec.rb +++ b/spec/controllers/api/v1/reports_controller_spec.rb @@ -13,22 +13,64 @@ RSpec.describe Api::V1::ReportsController, type: :controller do end describe 'POST #create' do - let(:scopes) { 'write:reports' } - let!(:status) { Fabricate(:status) } - let!(:admin) { Fabricate(:user, admin: true) } + let!(:admin) { Fabricate(:user, admin: true) } + + let(:scopes) { 'write:reports' } + let(:status) { Fabricate(:status) } + let(:target_account) { status.account } + let(:category) { nil } + let(:forward) { nil } + let(:rule_ids){ nil } before do allow(AdminMailer).to receive(:new_report).and_return(double('email', deliver_later: nil)) - post :create, params: { status_ids: [status.id], account_id: status.account.id, comment: 'reasons' } + post :create, params: { status_ids: [status.id], account_id: target_account.id, comment: 'reasons', category: category, rule_ids: rule_ids, forward: forward } + end + + it 'returns http success' do + expect(response).to have_http_status(200) end it 'creates a report' do - expect(status.reload.account.targeted_reports).not_to be_empty - expect(response).to have_http_status(200) + expect(target_account.targeted_reports).to_not be_empty + end + + it 'saves comment' do + expect(target_account.targeted_reports.first.comment).to eq 'reasons' end it 'sends e-mails to admins' do expect(AdminMailer).to have_received(:new_report).with(admin.account, Report) end + + context 'when a status does not belong to the reported account' do + let(:target_account) { Fabricate(:account) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when a category is chosen' do + let(:category) { 'spam' } + + it 'saves category' do + expect(target_account.targeted_reports.first.spam?).to be true + end + end + + context 'when violated rules are chosen' do + let(:rule) { Fabricate(:rule) } + let(:category) { 'violation' } + let(:rule_ids) { [rule.id] } + + it 'saves category' do + expect(target_account.targeted_reports.first.violation?).to be true + end + + it 'saves rule_ids' do + expect(target_account.targeted_reports.first.rule_ids).to match_array([rule.id]) + end + end end end diff --git a/spec/fabricators/rule_fabricator.rb b/spec/fabricators/rule_fabricator.rb index 4bdfd05e0e..bc29bc48e1 100644 --- a/spec/fabricators/rule_fabricator.rb +++ b/spec/fabricators/rule_fabricator.rb @@ -1,5 +1,5 @@ Fabricator(:rule) do - priority "" - deleted_at "2021-02-21 05:51:09" - text "MyText" -end \ No newline at end of file + priority 0 + deleted_at nil + text { Faker::Lorem.paragraph } +end From e24b14cc74034585b29ca92bbb9623df32328bf3 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 2 Mar 2022 18:57:26 +0100 Subject: [PATCH 2/4] Fix leak of existence of otherwise inaccessible statuses in REST API (#17684) --- app/controllers/api/v1/statuses_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 2d82a7a99b..f48aeb945a 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -92,8 +92,9 @@ class Api::V1::StatusesController < Api::BaseController end def set_thread - @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]) - rescue ActiveRecord::RecordNotFound + @thread = Status.find(status_params[:in_reply_to_id]) if status_params[:in_reply_to_id].present? + authorize(@thread, :show?) if @thread.present? + rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404 end From 9b58fb1ea4036daca945cb524e674446adb9ac42 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 2 Mar 2022 18:57:44 +0100 Subject: [PATCH 3/4] Add descriptions to trending features in admin UI (#17677) --- app/views/admin/trends/links/index.html.haml | 4 ++++ .../trends/links/preview_card_providers/index.html.haml | 5 ++++- app/views/admin/trends/statuses/_status.html.haml | 3 +++ app/views/admin/trends/statuses/index.html.haml | 4 ++++ app/views/admin/trends/tags/index.html.haml | 4 ++++ config/locales/en.yml | 5 +++++ 6 files changed, 24 insertions(+), 1 deletion(-) diff --git a/app/views/admin/trends/links/index.html.haml b/app/views/admin/trends/links/index.html.haml index 79f3513d31..49a53d979b 100644 --- a/app/views/admin/trends/links/index.html.haml +++ b/app/views/admin/trends/links/index.html.haml @@ -4,6 +4,10 @@ - content_for :header_tags do = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' +%p= t('admin.trends.links.description_html') + +%hr.spacer/ + = form_tag admin_trends_links_path, method: 'GET', class: 'simple_form' do - Trends::PreviewCardFilter::KEYS.each do |key| = hidden_field_tag key, params[key] if params[key].present? diff --git a/app/views/admin/trends/links/preview_card_providers/index.html.haml b/app/views/admin/trends/links/preview_card_providers/index.html.haml index b793499477..c3648c35e9 100644 --- a/app/views/admin/trends/links/preview_card_providers/index.html.haml +++ b/app/views/admin/trends/links/preview_card_providers/index.html.haml @@ -4,6 +4,10 @@ - content_for :header_tags do = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' +%p= t('admin.trends.preview_card_providers.description_html') + +%hr.spacer/ + .filters .filter-subset %strong= t('admin.tags.review') @@ -17,7 +21,6 @@ = fa_icon 'chevron-left fw' = t('admin.trends.links.title') - %hr.spacer/ = form_for(@form, url: batch_admin_trends_links_preview_card_providers_path) do |f| diff --git a/app/views/admin/trends/statuses/_status.html.haml b/app/views/admin/trends/statuses/_status.html.haml index c99ee5d60e..edb27b9ff5 100644 --- a/app/views/admin/trends/statuses/_status.html.haml +++ b/app/views/admin/trends/statuses/_status.html.haml @@ -22,6 +22,9 @@ - if status.language.present? • = standard_locale_name(status.language) + - if status.trendable? && !status.account.discoverable? + • + = t('admin.trends.statuses.not_discoverable') - if status.trendable? && (rank = Trends.statuses.rank(status.id)) • %abbr{ title: t('admin.trends.tags.current_score', score: Trends.statuses.score(status.id)) }= t('admin.trends.tags.trending_rank', rank: rank + 1) diff --git a/app/views/admin/trends/statuses/index.html.haml b/app/views/admin/trends/statuses/index.html.haml index 3476882628..b0059b20d7 100644 --- a/app/views/admin/trends/statuses/index.html.haml +++ b/app/views/admin/trends/statuses/index.html.haml @@ -4,6 +4,10 @@ - content_for :header_tags do = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' +%p= t('admin.trends.statuses.description_html') + +%hr.spacer/ + = form_tag admin_trends_statuses_path, method: 'GET', class: 'simple_form' do - Trends::StatusFilter::KEYS.each do |key| = hidden_field_tag key, params[key] if params[key].present? diff --git a/app/views/admin/trends/tags/index.html.haml b/app/views/admin/trends/tags/index.html.haml index 8a2f785bc2..bde32a2952 100644 --- a/app/views/admin/trends/tags/index.html.haml +++ b/app/views/admin/trends/tags/index.html.haml @@ -4,6 +4,10 @@ - content_for :header_tags do = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' +%p= t('admin.trends.tags.description_html') + +%hr.spacer/ + .filters .filter-subset %strong= t('admin.tags.review') diff --git a/config/locales/en.yml b/config/locales/en.yml index 5ce43be1ab..6a55941858 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -777,6 +777,7 @@ en: links: allow: Allow link allow_provider: Allow publisher + description_html: These are links that are currently being shared a lot by accounts that your server sees posts from. It can help your users find out what's going on in the world. No links are displayed publicly until you approve the publisher. You can also allow or reject individual links. disallow: Disallow link disallow_provider: Disallow publisher shared_by_over_week: @@ -788,14 +789,17 @@ en: pending_review: Pending review preview_card_providers: allowed: Links from this publisher can trend + description_html: These are domains from which links are often shared on your server. Links will not trend publicly unless the domain of the link is approved. Your approval (or rejection) extends to subdomains. rejected: Links from this publisher won't trend title: Publishers rejected: Rejected statuses: allow: Allow post allow_account: Allow author + description_html: These are posts that your server knows about that are currently being shared and favourited a lot at the moment. It can help your new and returning users to find more people to follow. No posts are displayed publicly until you approve the author, and the author allows their account to be suggested to others. You can also allow or reject individual posts. disallow: Disallow post disallow_account: Disallow author + not_discoverable: Author has not opted-in to being discoverable shared_by: one: Shared or favourited one time other: Shared and favourited %{friendly_count} times @@ -808,6 +812,7 @@ en: tag_servers_dimension: Top servers tag_servers_measure: different servers tag_uses_measure: total uses + description_html: These are hashtags that are currently appearing in a lot of posts that your server sees. It can help your users find out what people are talking the most about at the moment. No hashtags are displayed publicly until you approve them. listable: Can be suggested not_listable: Won't be suggested not_trendable: Won't appear under trends From c0c4b5718d8827fc59d5564c227e848547a2cb69 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 2 Mar 2022 20:28:25 +0100 Subject: [PATCH 4/4] Change visual separation of applications in authorized apps list (#17686) --- app/javascript/styles/mastodon/admin.scss | 8 ++++++++ app/javascript/styles/mastodon/forms.scss | 1 + app/views/oauth/authorized_applications/index.html.haml | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/javascript/styles/mastodon/admin.scss b/app/javascript/styles/mastodon/admin.scss index 52bc2086a5..06ec4d37bc 100644 --- a/app/javascript/styles/mastodon/admin.scss +++ b/app/javascript/styles/mastodon/admin.scss @@ -888,6 +888,14 @@ a.name-tag, text-align: center; } +.applications-list__item { + padding: 15px 0; + background: $ui-base-color; + border: 1px solid lighten($ui-base-color, 4%); + border-radius: 4px; + margin-top: 15px; +} + .announcements-list { border: 1px solid lighten($ui-base-color, 4%); border-radius: 4px; diff --git a/app/javascript/styles/mastodon/forms.scss b/app/javascript/styles/mastodon/forms.scss index 6e02e2332b..90d56b0759 100644 --- a/app/javascript/styles/mastodon/forms.scss +++ b/app/javascript/styles/mastodon/forms.scss @@ -1069,6 +1069,7 @@ code { &:last-child { border-bottom: 0; + padding-bottom: 0; } } } diff --git a/app/views/oauth/authorized_applications/index.html.haml b/app/views/oauth/authorized_applications/index.html.haml index fead56f4ae..0280d8aef8 100644 --- a/app/views/oauth/authorized_applications/index.html.haml +++ b/app/views/oauth/authorized_applications/index.html.haml @@ -5,9 +5,9 @@ %hr.spacer/ -.announcements-list +.applications-list - @applications.each do |application| - .announcements-list__item + .applications-list__item - if application.website.present? = link_to application.name, application.website, target: '_blank', rel: 'noopener noreferrer', class: 'announcements-list__item__title' - else