aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `disabled` setting for live and topic feeds, as well as user permission to bypass that (#36563)

Browse Source
pull/36577/head
Claire 1 month ago committed by GitHub
parent 9f7075a0ce
commit 7774cd6670
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 677 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
app/models/form/admin_settings.rb
Unescape Escape View File

@ -87,7 +87,7 @@ class Form::AdminSettings
DESCRIPTION_LIMIT = 200
DOMAIN_BLOCK_AUDIENCES = %w(disabled users all).freeze
REGISTRATION_MODES = %w(open approved none).freeze
FEED_ACCESS_MODES = %w(public authenticated).freeze
FEED_ACCESS_MODES = %w(public authenticated disabled).freeze
attr_accessor(*KEYS)

12
app/models/link_feed.rb
Unescape Escape View File

@ -15,18 +15,30 @@ class LinkFeed < PublicFeed
# @param [Integer] min_id
# @return [Array<Status>]
def get(limit, max_id = nil, since_id = nil, min_id = nil)
return [] if incompatible_feed_settings?
scope = public_scope
scope.merge!(discoverable)
scope.merge!(attached_to_preview_card)
scope.merge!(account_filters_scope) if account?
scope.merge!(language_scope) if account&.chosen_languages.present?
scope.merge!(local_only_scope) if local_only?
scope.merge!(remote_only_scope) if remote_only?
scope.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id)
end
private
def local_feed_setting
Setting.local_topic_feed_access
end
def remote_feed_setting
Setting.remote_topic_feed_access
end
def attached_to_preview_card
Status.joins(:preview_cards_status).where(preview_cards_status: { preview_card_id: @preview_card.id })
end

29
app/models/public_feed.rb
Unescape Escape View File

@ -19,6 +19,8 @@ class PublicFeed
# @param [Integer] min_id
# @return [Array<Status>]
def get(limit, max_id = nil, since_id = nil, min_id = nil)
return [] if incompatible_feed_settings?
scope = public_scope
scope.merge!(without_replies_scope) unless with_replies?
@ -36,6 +38,21 @@ class PublicFeed
attr_reader :account, :options
def incompatible_feed_settings?
(local_only? && !user_has_access_to_feed?(local_feed_setting)) || (remote_only? && !user_has_access_to_feed?(remote_feed_setting))
end
def user_has_access_to_feed?(setting)
case setting
when 'public'
true
when 'authenticated'
@account&.user&.functional?
when 'disabled'
@account&.user&.can?(:view_feeds)
end
end
def with_reblogs?
options[:with_reblogs]
end
@ -44,12 +61,20 @@ class PublicFeed
options[:with_replies]
end
def local_feed_setting
Setting.local_live_feed_access
end
def remote_feed_setting
Setting.remote_live_feed_access
end
def local_only?
options[:local] && !options[:remote]
(options[:local] && !options[:remote]) || !user_has_access_to_feed?(remote_feed_setting)
end
def remote_only?
options[:remote] && !options[:local]
(options[:remote] && !options[:local]) || !user_has_access_to_feed?(local_feed_setting)
end
def account?

10
app/models/tag_feed.rb
Unescape Escape View File

@ -23,6 +23,8 @@ class TagFeed < PublicFeed
# @param [Integer] min_id
# @return [Array<Status>]
def get(limit, max_id = nil, since_id = nil, min_id = nil)
return [] if incompatible_feed_settings?
scope = public_scope
scope.merge!(tagged_with_any_scope)
@ -38,6 +40,14 @@ class TagFeed < PublicFeed
private
def local_feed_setting
Setting.local_topic_feed_access
end
def remote_feed_setting
Setting.remote_topic_feed_access
end
def tagged_with_any_scope
Status.group(:id).tagged_with(tags_for(Array(@tag.name) | Array(options[:any])))
end

2
app/models/user_role.rb
Unescape Escape View File

@ -36,6 +36,7 @@ class UserRole < ApplicationRecord
manage_roles: (1 << 17),
manage_user_access: (1 << 18),
delete_user_data: (1 << 19),
view_feeds: (1 << 20),
}.freeze
EVERYONE_ROLE_ID = -99
@ -67,6 +68,7 @@ class UserRole < ApplicationRecord
manage_blocks
manage_taxonomies
manage_invites
view_feeds
).freeze,
administration: %i(

3
config/locales/en.yml
Unescape Escape View File

@ -796,6 +796,8 @@ en:
view_dashboard_description: Allows users to access the dashboard and various metrics
view_devops: DevOps
view_devops_description: Allows users to access Sidekiq and pgHero dashboards
view_feeds: View live and topic feeds
view_feeds_description: Allows users to access the live and topic feeds regardless of server settings
title: Roles
rules:
add_new: Add rule
@ -851,6 +853,7 @@ en:
feed_access:
modes:
authenticated: Authenticated users only
disabled: Require specific user role
public: Everyone
registrations:
moderation_recommandation: Please make sure you have an adequate and reactive moderation team before you open registrations to everyone!

1
config/roles.yml
Unescape Escape View File

@ -4,6 +4,7 @@ moderator:
permissions:
- view_dashboard
- view_audit_log
- view_feeds
- manage_users
- manage_reports
- manage_taxonomies

315
spec/models/public_feed_spec.rb
Unescape Escape View File

@ -202,5 +202,320 @@ RSpec.describe PublicFeed do
end
end
end
context 'when both local_live_feed_access and remote_live_feed_access are disabled' do
before do
Setting.local_live_feed_access = 'disabled'
Setting.remote_live_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'includes all expected statuses' do
expect(subject).to include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(viewer, local: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(viewer, remote: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'includes remote statuses only' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
context 'when local_live_feed_access is disabled' do
before do
Setting.local_live_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(viewer, local: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(viewer, remote: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
context 'when remote_live_feed_access is disabled' do
before do
Setting.remote_live_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
it 'is not affected by personal domain blocks' do
viewer.block_domain!('test.com')
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(viewer, local: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
it 'is not affected by personal domain blocks' do
viewer.block_domain!('test.com')
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(viewer, remote: true).get(20).map(&:id) }
let!(:local_account) { Fabricate(:account, domain: nil) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { Fabricate(:status, account: local_account) }
let!(:remote_status) { Fabricate(:status, account: remote_account) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
end
end

306
spec/models/tag_feed_spec.rb
Unescape Escape View File

@ -66,5 +66,311 @@ RSpec.describe TagFeed do
results = described_class.new(tag_cats, nil).get(20)
expect(results).to include(status)
end
context 'when both local_topic_feed_access and remote_topic_feed_access are disabled' do
before do
Setting.local_topic_feed_access = 'disabled'
Setting.remote_topic_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(tag_cats, viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'includes all expected statuses' do
expect(subject).to include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'includes remote statuses only' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
context 'when local_topic_feed_access is disabled' do
before do
Setting.local_topic_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(tag_cats, viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
context 'when remote_topic_feed_access is disabled' do
before do
Setting.remote_topic_feed_access = 'disabled'
end
context 'without local_only option' do
subject { described_class.new(tag_cats, viewer).get(20).map(&:id) }
let(:viewer) { nil }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
it 'is not affected by personal domain blocks' do
viewer.block_domain!('test.com')
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a local_only option set' do
subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'does not include remote instances statuses' do
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
it 'is not affected by personal domain blocks' do
viewer.block_domain!('test.com')
expect(subject).to include(local_status.id)
expect(subject).to_not include(remote_status.id)
end
end
end
context 'with a remote_only option set' do
subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) }
let!(:remote_account) { Fabricate(:account, domain: 'test.com') }
let!(:local_status) { status_tagged_with_cats }
let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) }
context 'without a viewer' do
let(:viewer) { nil }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a viewer' do
let(:viewer) { Fabricate(:account, username: 'viewer') }
it 'returns an empty list' do
expect(subject).to be_empty
end
end
context 'with a moderator as viewer' do
let(:viewer) { Fabricate(:moderator_user).account }
it 'does not include local instances statuses' do
expect(subject).to_not include(local_status.id)
expect(subject).to include(remote_status.id)
end
end
end
end
end
end

Write Preview
Loading…
Cancel
Save