mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-08-05 18:56:46 +02:00
d87e2e7e40
- Implementation of milestone 5. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035): `5. Forgejo admins can see a list of reports` There is a lot of room for improvements, but it was decided to start with a basic version so that feedback can be collected from real-life usages (based on which the UI might change a lot). - Also covers milestone 2. from same **Task F. Moderation features: Reporting**: `2. Reports from multiple users are combined in the database and don't create additional reports.` But instead of combining the reports when stored, they are grouped when retrieved (it was concluded _that it might be preferable to take care of the deduplication while implementing the admin interface_; see https://codeberg.org/forgejo/forgejo/pulls/7939#issuecomment-4841754 for more details). --- Follow-up of !6977 ### See also: - forgejo/design#30 --- This adds a new _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, where administrators can see an overview with the submitted abuse reports that are still open (not yet handled in any way). When multiple reports exist for the same content (submitted by distinct users) only the first one will be shown in the list and a counter can be seen on the right side (indicating the number of open reports for the same content type and ID). Clicking on the counter or the icon from the right side will open the details page where a list with all the reports (when multiple) linked to the reported content is available, as well as any shadow copy saved for the current report(s). The new section is available only when moderation in enabled ([moderation] ENABLED config is set as true within app.ini). Discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-2908849 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7905 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: jerger <jerger@noreply.codeberg.org> Co-authored-by: floss4good <floss4good@disroot.org> Co-committed-by: floss4good <floss4good@disroot.org>
141 lines
5 KiB
Go
141 lines
5 KiB
Go
// Copyright 2025 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
package user
|
|
|
|
import (
|
|
"context"
|
|
"reflect"
|
|
"slices"
|
|
"sync"
|
|
|
|
"forgejo.org/models/moderation"
|
|
"forgejo.org/modules/json"
|
|
"forgejo.org/modules/timeutil"
|
|
|
|
"xorm.io/xorm/names"
|
|
)
|
|
|
|
// UserData represents a trimmed down user that is used for preserving
|
|
// only the fields needed for abusive content reports (mainly string fields).
|
|
type UserData struct { //revive:disable-line:exported
|
|
Name string
|
|
FullName string
|
|
Email string
|
|
LoginName string
|
|
Location string
|
|
Website string
|
|
Pronouns string
|
|
Description string
|
|
CreatedUnix timeutil.TimeStamp
|
|
UpdatedUnix timeutil.TimeStamp
|
|
// This field was intentionally renamed so that is not the same with the one from User struct.
|
|
// If we keep it the same as in User, during login it might trigger the creation of a shadow copy.
|
|
// TODO: Should we decide that this field is not that relevant for abuse reporting purposes, better remove it.
|
|
LastLogin timeutil.TimeStamp `json:"LastLoginUnix"`
|
|
Avatar string
|
|
AvatarEmail string
|
|
}
|
|
|
|
// Implements GetFieldsMap() from ShadowCopyData interface, returning a list of <key, value> pairs
|
|
// to be used when rendering the shadow copy for admins reviewing the corresponding abuse report(s).
|
|
func (ud UserData) GetFieldsMap() []moderation.ShadowCopyField {
|
|
return []moderation.ShadowCopyField{
|
|
{Key: "Name", Value: ud.Name},
|
|
{Key: "FullName", Value: ud.FullName},
|
|
{Key: "Email", Value: ud.Email},
|
|
{Key: "LoginName", Value: ud.LoginName},
|
|
{Key: "Location", Value: ud.Location},
|
|
{Key: "Website", Value: ud.Website},
|
|
{Key: "Pronouns", Value: ud.Pronouns},
|
|
{Key: "Description", Value: ud.Description},
|
|
{Key: "CreatedUnix", Value: ud.CreatedUnix.AsLocalTime().String()},
|
|
{Key: "UpdatedUnix", Value: ud.UpdatedUnix.AsLocalTime().String()},
|
|
{Key: "LastLogin", Value: ud.LastLogin.AsLocalTime().String()},
|
|
{Key: "Avatar", Value: ud.Avatar},
|
|
{Key: "AvatarEmail", Value: ud.AvatarEmail},
|
|
}
|
|
}
|
|
|
|
// newUserData creates a trimmed down user to be used just to create a JSON structure
|
|
// (keeping only the fields relevant for moderation purposes)
|
|
func newUserData(user *User) UserData {
|
|
return UserData{
|
|
Name: user.Name,
|
|
FullName: user.FullName,
|
|
Email: user.Email,
|
|
LoginName: user.LoginName,
|
|
Location: user.Location,
|
|
Website: user.Website,
|
|
Pronouns: user.Pronouns,
|
|
Description: user.Description,
|
|
CreatedUnix: user.CreatedUnix,
|
|
UpdatedUnix: user.UpdatedUnix,
|
|
LastLogin: user.LastLoginUnix,
|
|
Avatar: user.Avatar,
|
|
AvatarEmail: user.AvatarEmail,
|
|
}
|
|
}
|
|
|
|
// userDataColumnNames builds (only once) and returns a slice with the column names
|
|
// (e.g. FieldName -> field_name) corresponding to UserData struct fields.
|
|
var userDataColumnNames = sync.OnceValue(func() []string {
|
|
mapper := new(names.GonicMapper)
|
|
udType := reflect.TypeOf(UserData{})
|
|
columnNames := make([]string, 0, udType.NumField())
|
|
for i := 0; i < udType.NumField(); i++ {
|
|
columnNames = append(columnNames, mapper.Obj2Table(udType.Field(i).Name))
|
|
}
|
|
return columnNames
|
|
})
|
|
|
|
// IfNeededCreateShadowCopyForUser checks if for the given user there are any reports of abusive content submitted
|
|
// and if found a shadow copy of relevant user fields will be stored into DB and linked to the above report(s).
|
|
// This function should be called before a user is deleted or updated.
|
|
//
|
|
// In case the User object was already altered before calling this method, just provide the userID and
|
|
// nil for unalteredUser; when it is decided that a shadow copy should be created and unalteredUser is nil,
|
|
// the user will be retrieved from DB based on the provided userID.
|
|
//
|
|
// For deletions alteredCols argument must be omitted.
|
|
//
|
|
// In case of updates it will first checks whether any of the columns being updated (alteredCols argument)
|
|
// is relevant for moderation purposes (i.e. included in the UserData struct).
|
|
func IfNeededCreateShadowCopyForUser(ctx context.Context, userID int64, unalteredUser *User, alteredCols ...string) error {
|
|
// TODO: this can be triggered quite often (e.g. by routers/web/repo/middlewares.go SetDiffViewStyle())
|
|
|
|
shouldCheckIfNeeded := len(alteredCols) == 0 // no columns being updated, therefore a deletion
|
|
if !shouldCheckIfNeeded {
|
|
// for updates we need to go further only if certain columns are being changed
|
|
for _, colName := range userDataColumnNames() {
|
|
if shouldCheckIfNeeded = slices.Contains(alteredCols, colName); shouldCheckIfNeeded {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if !shouldCheckIfNeeded {
|
|
return nil
|
|
}
|
|
|
|
shadowCopyNeeded, err := moderation.IsShadowCopyNeeded(ctx, moderation.ReportedContentTypeUser, userID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if shadowCopyNeeded {
|
|
if unalteredUser == nil {
|
|
if unalteredUser, err = GetUserByID(ctx, userID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
userData := newUserData(unalteredUser)
|
|
content, err := json.Marshal(userData)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return moderation.CreateShadowCopyForUser(ctx, userID, string(content))
|
|
}
|
|
|
|
return nil
|
|
}
|