From cd26ead043f9cb92ca4d59e587480520cb51f117 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 23 Jun 2023 09:13:51 +0000 Subject: [PATCH] implement optional moderation of unsolicited comments, minor css fixes and some more work on ocap --- Zotlabs/Lib/Activity.php | 22 +++++++++++----- Zotlabs/Lib/Enotify.php | 2 +- Zotlabs/Lib/ThreadItem.php | 5 +++- Zotlabs/Module/Attach.php | 2 +- Zotlabs/Module/Channel.php | 8 ++---- Zotlabs/Module/Hq.php | 6 ++--- Zotlabs/Module/Moderate.php | 24 +++++++++++++----- Zotlabs/Module/Network.php | 2 ++ Zotlabs/Module/Settings/Privacy.php | 5 ++++ include/attach.php | 31 ++++++++++------------- include/items.php | 18 ++++++++++--- include/security.php | 1 + view/js/main.js | 12 +++++++++ view/theme/redbasic/css/style.css | 1 - view/theme/redbasic/schema/Focus-Boxy.css | 1 + view/tpl/conv_item.tpl | 7 ++++- view/tpl/profile_vcard.tpl | 16 ++++++------ view/tpl/settings_privacy.tpl | 1 + 18 files changed, 110 insertions(+), 54 deletions(-) diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 79821badc..433024cf0 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -2970,13 +2970,23 @@ class Activity { }*/ if (!$allowed) { - logger('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']); - logger('rejected: ' . print_r($item, true), LOGGER_DATA); - // TODO: not implemented - // let the sender know we received their comment but we don't permit spam here. - // self::send_rejection_activity($channel,$item['author_xchan'],$item); - return; + if (get_pconfig($channel['channel_id'], 'system', 'moderate_unsolicited_comments')) { + $item['item_blocked'] = intval(ITEM_MODERATED); + $allowed = true; + } + else { + hz_syslog('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']); + logger('rejected: ' . print_r($item, true), LOGGER_DATA); + + // TODO: not implemented + // let the sender know we received their comment but we don't permit spam here. + // self::send_rejection_activity($channel,$item['author_xchan'],$item); + + return; + } + + } // TODO: not implemented diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index 585761cc4..a8d34b940 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -145,7 +145,7 @@ class Enotify { $itemlink = $params['link']; - $action = t('commented on'); + $action = (($moderated) ? t('requests to comment on') : t('commented on')); if(array_key_exists('item',$params)) { diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index cf877ed92..14c9500ff 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -503,7 +503,10 @@ class ThreadItem { 'thread_level' => $thread_level, 'settings' => $settings, 'thr_parent' => (($item['parent_mid'] != $item['thr_parent']) ? gen_link_id($item['thr_parent']) : ''), - 'contact_id' => (($contact) ? $contact['abook_id'] : '') + 'contact_id' => (($contact) ? $contact['abook_id'] : ''), + 'moderate' => ($item['item_blocked'] == ITEM_MODERATED), + 'moderate_approve' => t('Approve'), + 'moderate_delete' => t('Delete') ); diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 5f5779b51..710f965ef 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -95,7 +95,7 @@ class Attach extends Controller { killme(); } - $r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0)); + $r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0), $token); if (!$r['success']) { notice($r['message'] . EOL); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 748d990cb..036663681 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -284,13 +284,9 @@ class Channel extends Controller { * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; - if (!$is_owner) - $item_normal .= "and item.item_delayed = 0 "; + $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = item_permissions_sql(App::$profile['profile_uid']); + $sql_extra = item_permissions_sql(App::$profile['profile_uid']); if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid)) $page_mode = 'list'; diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 77d56e9a2..efa13b832 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -17,8 +17,6 @@ class Hq extends \Zotlabs\Web\Controller { function init() { if(! local_channel()) return; - - App::$profile_uid = local_channel(); } function get($update = 0, $load = false) { @@ -27,6 +25,8 @@ class Hq extends \Zotlabs\Web\Controller { return; } + App::$profile_uid = local_channel(); + $item_hash = ''; if(argc() > 1 && argv(1) !== 'load') { @@ -69,7 +69,7 @@ class Hq extends \Zotlabs\Web\Controller { //if the item is to be moderated redirect to /moderate if($target_item['item_blocked'] == ITEM_MODERATED) { - goaway(z_root() . '/moderate/' . $target_item['id']); + // goaway(z_root() . '/moderate/' . $target_item['id']); } $simple_update = ''; diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index b66b052a6..b895b4a8c 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -17,7 +17,7 @@ class Moderate extends \Zotlabs\Web\Controller { } \App::set_pager_itemspage(30); - $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); //show all items if(argc() == 1) { @@ -40,8 +40,13 @@ class Moderate extends \Zotlabs\Web\Controller { if(argc() > 2) { $post_id = intval(argv(1)); - if(! $post_id) + if(! $post_id) { + if (is_ajax()) { + killme(); + } + goaway(z_root() . '/moderate'); + } $action = argv(2); @@ -61,18 +66,20 @@ class Moderate extends \Zotlabs\Web\Controller { ); $item['item_blocked'] = 0; - item_update_parent_commented($item); - notice( t('Comment approved') . EOL); } elseif($action === 'drop') { + // TODO: not implemented + // let the sender know we received their comment but we don't permit spam here. + // Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item); + drop_item($post_id,false); notice( t('Comment deleted') . EOL); - } + } // refetch the item after changes have been made - + $r = q("select * from item where id = %d", intval($post_id) ); @@ -84,6 +91,11 @@ class Moderate extends \Zotlabs\Web\Controller { if($action === 'approve') { \Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id)); } + + if (is_ajax()) { + killme(); + } + goaway(z_root() . '/moderate'); } } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 00fed55c2..dcc209d1d 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -43,6 +43,8 @@ class Network extends \Zotlabs\Web\Controller { return login(false); } + App::$profile_uid = local_channel(); + $o = ''; $arr = array('query' => App::$query_string); diff --git a/Zotlabs/Module/Settings/Privacy.php b/Zotlabs/Module/Settings/Privacy.php index 24249a865..588ece1f1 100644 --- a/Zotlabs/Module/Settings/Privacy.php +++ b/Zotlabs/Module/Settings/Privacy.php @@ -25,6 +25,9 @@ class Privacy { $permit_all_mentions = (((x($_POST, 'permit_all_mentions')) && (intval($_POST['permit_all_mentions']) == 1)) ? 1 : 0); set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions); + $moderate_unsolicited_comments = (((x($_POST, 'moderate_unsolicited_comments')) && (intval($_POST['moderate_unsolicited_comments']) == 1)) ? 1 : 0); + set_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments', $moderate_unsolicited_comments); + $ocap_enabled = (((x($_POST, 'ocap_enabled')) && (intval($_POST['ocap_enabled']) == 1)) ? 1 : 0); set_pconfig(local_channel(), 'system', 'ocap_enabled', $ocap_enabled); @@ -106,6 +109,7 @@ class Privacy { $index_opt_out = get_pconfig(local_channel(), 'system', 'index_opt_out'); $group_actor = get_pconfig(local_channel(), 'system', 'group_actor'); $permit_all_mentions = get_pconfig(local_channel(), 'system', 'permit_all_mentions'); + $moderate_unsolicited_comments = get_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments'); $ocap_enabled = get_pconfig(local_channel(), 'system', 'ocap_enabled'); $permissions_role = get_pconfig(local_channel(), 'system', 'permissions_role', 'custom'); @@ -129,6 +133,7 @@ class Privacy { '$index_opt_out' => ['index_opt_out', t('Opt-out of search engine indexing'), $index_opt_out, '', [t('No'), t('Yes')]], '$group_actor' => ['group_actor', t('Group actor'), $group_actor, t('Allow this channel to act as a forum'), [t('No'), t('Yes')]], '$permit_all_mentions' => ['permit_all_mentions', t('Accept all messages which mention you'), $permit_all_mentions, t('This setting bypasses normal permissions'), [t('No'), t('Yes')]], + '$moderate_unsolicited_comments' => ['moderate_unsolicited_comments', t('Moderate unsolicited comments'), $moderate_unsolicited_comments, t('Otherwise they will be silently dropped'), [t('No'), t('Yes')]], '$ocap_enabled' => ['ocap_enabled', t('Enable OCAP access'), $ocap_enabled, t('Grant limited posts the right to access linked private media'), [t('No'), t('Yes')]], ]); diff --git a/include/attach.php b/include/attach.php index 1de5f5a67..ead5a8e06 100644 --- a/include/attach.php +++ b/include/attach.php @@ -254,7 +254,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ * @param int $rev (optional) Revision default 0 * @return array */ -function attach_by_hash($hash, $observer_hash, $rev = 0) { +function attach_by_hash($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -274,7 +274,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash, $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -311,7 +311,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { * @param string $observer_hash * @return array */ -function attach_by_id($id, $observer_hash) { +function attach_by_id($id, $observer_hash, $token = EMPTY_STR) { $ret = array('success' => false); @@ -325,7 +325,7 @@ function attach_by_id($id, $observer_hash) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'])) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'], $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -340,17 +340,16 @@ function attach_by_id($id, $observer_hash) { function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $resource; - if (!$token) { if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) { return false; } } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($resource), intval($uid) ); @@ -373,24 +372,22 @@ function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $folder_hash; - if(!$folder_hash && !$token) { return perm_is_allowed($uid, $ob_hash, 'view_storage'); } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); do { $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($folder_hash), intval($uid) ); if(! $r) return false; - $hash = $r[0]['folder']; - } while($hash); + $folder_hash = $r[0]['folder']; + } while($folder_hash); return true; } @@ -410,7 +407,7 @@ function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component */ -function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { +function attach_by_hash_nodata($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -435,7 +432,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid'], $observer_hash); + $sql_extra = permissions_sql($r[0]['uid'], $observer_hash, '', $token); // Now we'll see if we can access the attachment @@ -450,7 +447,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder'], $token); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; diff --git a/include/items.php b/include/items.php index a74fe8b50..c6aeaa0ed 100644 --- a/include/items.php +++ b/include/items.php @@ -242,9 +242,21 @@ function comments_are_now_closed($item) { } function item_normal() { - return " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; + $profile_uid = App::$profile['profile_uid'] ?? App::$profile_uid ?? null; + $uid = local_channel(); + $is_owner = ($uid && intval($profile_uid) === $uid); + + $sql = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_pending_remove = 0"; + + if ($is_owner) { + $sql .= " and item.item_blocked IN (0, " . intval(ITEM_MODERATED) . ") and item.item_delayed IN (0, 1) "; + } + else { + $sql .= " and item.item_blocked = 0 and item.item_delayed = 0 "; + } + + return $sql; } function item_normal_search() { diff --git a/include/security.php b/include/security.php index 539e5f5b5..5ea6f13ef 100644 --- a/include/security.php +++ b/include/security.php @@ -326,6 +326,7 @@ function change_channel($change_channel) { * @param int $owner_id * @param bool $remote_observer (optional) use current observer if unset * @param $table (optional) + * @param $token (optional) * * @return string additional SQL where statement */ diff --git a/view/js/main.js b/view/js/main.js index dcdf58396..9c2480795 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -1314,6 +1314,18 @@ function dounsubthread(ident) { liking = 1; } +function moderate_approve(ident) { + $('#like-rotator-' + ident.toString()).show(); + $.get('moderate/' + ident.toString() + '/approve', updateInit ); + liking = 1; +} + +function moderate_drop(ident) { + $('#like-rotator-' + ident.toString()).show(); + $.get('moderate/' + ident.toString() + '/drop', $('#thread-wrapper-' + ident.toString()).fadeOut(function() { this.remove(); })); + liking = 1; +} + function dostar(ident) { ident = ident.toString(); $('#like-rotator-' + ident).show(); diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index 3e34fff95..4ba65c112 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -1380,7 +1380,6 @@ blockquote { overflow: auto; } -.dropdown-item.active, .textcomplete-item.active { color: #fff; background-color: var(--bs-tertiary-bg); diff --git a/view/theme/redbasic/schema/Focus-Boxy.css b/view/theme/redbasic/schema/Focus-Boxy.css index e5f3280f6..df5bf2d75 100644 --- a/view/theme/redbasic/schema/Focus-Boxy.css +++ b/view/theme/redbasic/schema/Focus-Boxy.css @@ -25,6 +25,7 @@ } .vcard-card .card { + border: 1px solid var(--bs-border-color); border-top: 0; border-right: 0; border-left: 0; diff --git a/view/tpl/conv_item.tpl b/view/tpl/conv_item.tpl index 3f760998d..cd2130295 100644 --- a/view/tpl/conv_item.tpl +++ b/view/tpl/conv_item.tpl @@ -7,7 +7,7 @@
-
+
{{if $item.photo}}
{{$item.photo}} @@ -120,6 +120,10 @@
{{/if}} + {{if $item.moderate}} + {{$item.moderate_approve}} + {{$item.moderate_delete}} + {{else}}
{{if $item.like}}
+ {{/if}}
{{if $item.responses || $item.attachments}} diff --git a/view/tpl/profile_vcard.tpl b/view/tpl/profile_vcard.tpl index 6cf40bf79..37339a40a 100644 --- a/view/tpl/profile_vcard.tpl +++ b/view/tpl/profile_vcard.tpl @@ -48,10 +48,10 @@ {{/if}} - {{if $details}} -
+ {{if $details && ($location || $hometown || $gender || $marital || $homepage)}} +
{{if $location}} -
+
{{$location}}
{{if $profile.address}} @@ -71,30 +71,30 @@
{{/if}} {{if $hometown}} -
+
{{$hometown}}
{{$profile.hometown}}
{{/if}} {{if $gender}} -
+
{{$gender}}
{{if $profile.gender_icon}} {{/if}}{{$profile.gender}}
{{/if}} {{if $marital}} -
+
 {{$marital}}
{{$profile.marital}}
{{/if}} {{if $homepage}} -
+
{{$homepage}}
{{$profile.homepage}}
{{/if}} -
+
{{/if}}
diff --git a/view/tpl/settings_privacy.tpl b/view/tpl/settings_privacy.tpl index ae81cee78..03224ae65 100644 --- a/view/tpl/settings_privacy.tpl +++ b/view/tpl/settings_privacy.tpl @@ -11,6 +11,7 @@ {{include file="field_checkbox.tpl" field=$index_opt_out}} {{include file="field_checkbox.tpl" field=$autoperms}} {{include file="field_checkbox.tpl" field=$permit_all_mentions}} + {{include file="field_checkbox.tpl" field=$moderate_unsolicited_comments}} {{include file="field_checkbox.tpl" field=$ocap_enabled}} {{if $sec_addon}}