From 7774cd6670275616752ee201ead8f1ee832ce520 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 23 Oct 2025 10:37:05 +0200 Subject: [PATCH] Add `disabled` setting for live and topic feeds, as well as user permission to bypass that (#36563) --- app/models/form/admin_settings.rb | 2 +- app/models/link_feed.rb | 12 ++ app/models/public_feed.rb | 29 ++- app/models/tag_feed.rb | 10 + app/models/user_role.rb | 2 + config/locales/en.yml | 3 + config/roles.yml | 1 + spec/models/public_feed_spec.rb | 315 ++++++++++++++++++++++++++++++ spec/models/tag_feed_spec.rb | 306 +++++++++++++++++++++++++++++ 9 files changed, 677 insertions(+), 3 deletions(-) diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index a0decbea86..8b3c09a351 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -87,7 +87,7 @@ class Form::AdminSettings DESCRIPTION_LIMIT = 200 DOMAIN_BLOCK_AUDIENCES = %w(disabled users all).freeze REGISTRATION_MODES = %w(open approved none).freeze - FEED_ACCESS_MODES = %w(public authenticated).freeze + FEED_ACCESS_MODES = %w(public authenticated disabled).freeze attr_accessor(*KEYS) diff --git a/app/models/link_feed.rb b/app/models/link_feed.rb index 29ea430cc0..4554796cc5 100644 --- a/app/models/link_feed.rb +++ b/app/models/link_feed.rb @@ -15,18 +15,30 @@ class LinkFeed < PublicFeed # @param [Integer] min_id # @return [Array] def get(limit, max_id = nil, since_id = nil, min_id = nil) + return [] if incompatible_feed_settings? + scope = public_scope scope.merge!(discoverable) scope.merge!(attached_to_preview_card) scope.merge!(account_filters_scope) if account? scope.merge!(language_scope) if account&.chosen_languages.present? + scope.merge!(local_only_scope) if local_only? + scope.merge!(remote_only_scope) if remote_only? scope.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id) end private + def local_feed_setting + Setting.local_topic_feed_access + end + + def remote_feed_setting + Setting.remote_topic_feed_access + end + def attached_to_preview_card Status.joins(:preview_cards_status).where(preview_cards_status: { preview_card_id: @preview_card.id }) end diff --git a/app/models/public_feed.rb b/app/models/public_feed.rb index ba9473db0b..92efc0f7e5 100644 --- a/app/models/public_feed.rb +++ b/app/models/public_feed.rb @@ -19,6 +19,8 @@ class PublicFeed # @param [Integer] min_id # @return [Array] def get(limit, max_id = nil, since_id = nil, min_id = nil) + return [] if incompatible_feed_settings? + scope = public_scope scope.merge!(without_replies_scope) unless with_replies? @@ -36,6 +38,21 @@ class PublicFeed attr_reader :account, :options + def incompatible_feed_settings? + (local_only? && !user_has_access_to_feed?(local_feed_setting)) || (remote_only? && !user_has_access_to_feed?(remote_feed_setting)) + end + + def user_has_access_to_feed?(setting) + case setting + when 'public' + true + when 'authenticated' + @account&.user&.functional? + when 'disabled' + @account&.user&.can?(:view_feeds) + end + end + def with_reblogs? options[:with_reblogs] end @@ -44,12 +61,20 @@ class PublicFeed options[:with_replies] end + def local_feed_setting + Setting.local_live_feed_access + end + + def remote_feed_setting + Setting.remote_live_feed_access + end + def local_only? - options[:local] && !options[:remote] + (options[:local] && !options[:remote]) || !user_has_access_to_feed?(remote_feed_setting) end def remote_only? - options[:remote] && !options[:local] + (options[:remote] && !options[:local]) || !user_has_access_to_feed?(local_feed_setting) end def account? diff --git a/app/models/tag_feed.rb b/app/models/tag_feed.rb index 6b5831d246..171fe5e158 100644 --- a/app/models/tag_feed.rb +++ b/app/models/tag_feed.rb @@ -23,6 +23,8 @@ class TagFeed < PublicFeed # @param [Integer] min_id # @return [Array] def get(limit, max_id = nil, since_id = nil, min_id = nil) + return [] if incompatible_feed_settings? + scope = public_scope scope.merge!(tagged_with_any_scope) @@ -38,6 +40,14 @@ class TagFeed < PublicFeed private + def local_feed_setting + Setting.local_topic_feed_access + end + + def remote_feed_setting + Setting.remote_topic_feed_access + end + def tagged_with_any_scope Status.group(:id).tagged_with(tags_for(Array(@tag.name) | Array(options[:any]))) end diff --git a/app/models/user_role.rb b/app/models/user_role.rb index d567bf5eca..31c8ff20a6 100644 --- a/app/models/user_role.rb +++ b/app/models/user_role.rb @@ -36,6 +36,7 @@ class UserRole < ApplicationRecord manage_roles: (1 << 17), manage_user_access: (1 << 18), delete_user_data: (1 << 19), + view_feeds: (1 << 20), }.freeze EVERYONE_ROLE_ID = -99 @@ -67,6 +68,7 @@ class UserRole < ApplicationRecord manage_blocks manage_taxonomies manage_invites + view_feeds ).freeze, administration: %i( diff --git a/config/locales/en.yml b/config/locales/en.yml index eee4d9409f..15c3c582bb 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -796,6 +796,8 @@ en: view_dashboard_description: Allows users to access the dashboard and various metrics view_devops: DevOps view_devops_description: Allows users to access Sidekiq and pgHero dashboards + view_feeds: View live and topic feeds + view_feeds_description: Allows users to access the live and topic feeds regardless of server settings title: Roles rules: add_new: Add rule @@ -851,6 +853,7 @@ en: feed_access: modes: authenticated: Authenticated users only + disabled: Require specific user role public: Everyone registrations: moderation_recommandation: Please make sure you have an adequate and reactive moderation team before you open registrations to everyone! diff --git a/config/roles.yml b/config/roles.yml index f443250d17..33d2635f4d 100644 --- a/config/roles.yml +++ b/config/roles.yml @@ -4,6 +4,7 @@ moderator: permissions: - view_dashboard - view_audit_log + - view_feeds - manage_users - manage_reports - manage_taxonomies diff --git a/spec/models/public_feed_spec.rb b/spec/models/public_feed_spec.rb index 5ea58cd16f..312ade2ffa 100644 --- a/spec/models/public_feed_spec.rb +++ b/spec/models/public_feed_spec.rb @@ -202,5 +202,320 @@ RSpec.describe PublicFeed do end end end + + context 'when both local_live_feed_access and remote_live_feed_access are disabled' do + before do + Setting.local_live_feed_access = 'disabled' + Setting.remote_live_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'includes all expected statuses' do + expect(subject).to include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(viewer, local: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(viewer, remote: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'includes remote statuses only' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end + + context 'when local_live_feed_access is disabled' do + before do + Setting.local_live_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(viewer, local: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(viewer, remote: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end + + context 'when remote_live_feed_access is disabled' do + before do + Setting.remote_live_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + + it 'is not affected by personal domain blocks' do + viewer.block_domain!('test.com') + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(viewer, local: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + + it 'is not affected by personal domain blocks' do + viewer.block_domain!('test.com') + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(viewer, remote: true).get(20).map(&:id) } + + let!(:local_account) { Fabricate(:account, domain: nil) } + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { Fabricate(:status, account: local_account) } + let!(:remote_status) { Fabricate(:status, account: remote_account) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end end end diff --git a/spec/models/tag_feed_spec.rb b/spec/models/tag_feed_spec.rb index 578fc78238..8618b67334 100644 --- a/spec/models/tag_feed_spec.rb +++ b/spec/models/tag_feed_spec.rb @@ -66,5 +66,311 @@ RSpec.describe TagFeed do results = described_class.new(tag_cats, nil).get(20) expect(results).to include(status) end + + context 'when both local_topic_feed_access and remote_topic_feed_access are disabled' do + before do + Setting.local_topic_feed_access = 'disabled' + Setting.remote_topic_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(tag_cats, viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'includes all expected statuses' do + expect(subject).to include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'includes remote statuses only' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end + + context 'when local_topic_feed_access is disabled' do + before do + Setting.local_topic_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(tag_cats, viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end + + context 'when remote_topic_feed_access is disabled' do + before do + Setting.remote_topic_feed_access = 'disabled' + end + + context 'without local_only option' do + subject { described_class.new(tag_cats, viewer).get(20).map(&:id) } + + let(:viewer) { nil } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + + it 'is not affected by personal domain blocks' do + viewer.block_domain!('test.com') + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a local_only option set' do + subject { described_class.new(tag_cats, viewer, local: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'does not include remote instances statuses' do + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + + it 'is not affected by personal domain blocks' do + viewer.block_domain!('test.com') + expect(subject).to include(local_status.id) + expect(subject).to_not include(remote_status.id) + end + end + end + + context 'with a remote_only option set' do + subject { described_class.new(tag_cats, viewer, remote: true).get(20).map(&:id) } + + let!(:remote_account) { Fabricate(:account, domain: 'test.com') } + let!(:local_status) { status_tagged_with_cats } + let!(:remote_status) { Fabricate(:status, account: remote_account, tags: [tag_cats]) } + + context 'without a viewer' do + let(:viewer) { nil } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a viewer' do + let(:viewer) { Fabricate(:account, username: 'viewer') } + + it 'returns an empty list' do + expect(subject).to be_empty + end + end + + context 'with a moderator as viewer' do + let(:viewer) { Fabricate(:moderator_user).account } + + it 'does not include local instances statuses' do + expect(subject).to_not include(local_status.id) + expect(subject).to include(remote_status.id) + end + end + end + end end end