Skip to content
This repository has been archived by the owner on Oct 19, 2024. It is now read-only.

Commit

Permalink
Fix issue with moderator identities being revealed (#892)
Browse files Browse the repository at this point in the history 
* Fix issue with moderator identities being revealed

* Fix on multiple threads route

* Fix thread notifs

* Fix failing test

* fix thread messages returning nothing
  • Loading branch information
@Geometrically
Geometrically authored Mar 20, 2024
1 parent 730913b commit decfcb6
Show file tree
Hide file tree
Showing 20 changed files with 79 additions and 334 deletions.
14 changes: 0 additions & 14 deletions .sqlx/query-10279b5a8383ba8e286f1bfb9a486e3f8b362c46cfc2647c90a83a10e5329569.json
View file

This file was deleted.

12 changes: 3 additions & 9 deletions ...57654ede51e944944d4af59fe1ba1f6a336e.json → ...ccecfd09d877e84f3fbe5cd190dd69d3b7e1.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 0 additions & 15 deletions .sqlx/query-49813a96f007216072d69468aae705d73d5b85dcdd64a22060009b12d947ed5a.json
View file

This file was deleted.

14 changes: 0 additions & 14 deletions .sqlx/query-8f5e2a570cf35b2d158182bac37fd40bcec277bbdeddaece5efaa88600048a70.json
View file

This file was deleted.

18 changes: 18 additions & 0 deletions .sqlx/query-9d46594c3dda50dc84defee87fa98210989dd59b06941a5e71b6661f059c9692.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 0 additions & 17 deletions .sqlx/query-b0c29c51bd3ae5b93d487471a98ee9bbb43a4df468ba781852b137dd315b9608.json
View file

This file was deleted.

10 changes: 8 additions & 2 deletions ...a7658d16034b01a35558cb42fa9c16185eb5.json → ...9c02de214299004ea182f5eae93396e1d313.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 0 additions & 15 deletions .sqlx/query-e37ecb6dc1509d390bb6f68ba25899d19f693554d8969bbf8f8ee14a78adf0f9.json
View file

This file was deleted.

20 changes: 0 additions & 20 deletions .sqlx/query-e9d863c1793939d5ae7137d810f23d06460c28a9058b251448e3786c436f80cd.json
View file

This file was deleted.

9 changes: 9 additions & 0 deletions migrations/20240319195753_threads-updates.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
ALTER TABLE threads DROP COLUMN show_in_mod_inbox;

ALTER TABLE threads_messages ADD COLUMN hide_identity BOOLEAN default false NOT NULL;

UPDATE threads_messages
SET hide_identity = TRUE
FROM users
WHERE threads_messages.author_id = users.id
AND users.role IN ('moderator', 'admin');
16 changes: 9 additions & 7 deletions src/database/models/thread_item.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ pub struct Thread {

pub messages: Vec<ThreadMessage>,
pub members: Vec<UserId>,
pub show_in_mod_inbox: bool,
}

pub struct ThreadMessageBuilder {
pub author_id: Option<UserId>,
pub body: MessageBody,
pub thread_id: ThreadId,
pub hide_identity: bool,
}

#[derive(Serialize, Deserialize, Clone)]
Expand All @@ -37,6 +37,7 @@ pub struct ThreadMessage {
pub author_id: Option<UserId>,
pub body: MessageBody,
pub created: DateTime<Utc>,
pub hide_identity: bool,
}

impl ThreadMessageBuilder {
Expand All @@ -49,16 +50,17 @@ impl ThreadMessageBuilder {
sqlx::query!(
"
INSERT INTO threads_messages (
id, author_id, body, thread_id
id, author_id, body, thread_id, hide_identity
)
VALUES (
$1, $2, $3, $4
$1, $2, $3, $4, $5
)
",
thread_message_id as ThreadMessageId,
self.author_id.map(|x| x.0),
serde_json::value::to_value(self.body.clone())?,
self.thread_id as ThreadId,
self.hide_identity
)
.execute(&mut **transaction)
.await?;
Expand Down Expand Up @@ -131,9 +133,9 @@ impl Thread {
let thread_ids_parsed: Vec<i64> = thread_ids.iter().map(|x| x.0).collect();
let threads = sqlx::query!(
"
SELECT t.id, t.thread_type, t.mod_id, t.report_id, t.show_in_mod_inbox,
SELECT t.id, t.thread_type, t.mod_id, t.report_id,
ARRAY_AGG(DISTINCT tm.user_id) filter (where tm.user_id is not null) members,
JSONB_AGG(DISTINCT jsonb_build_object('id', tmsg.id, 'author_id', tmsg.author_id, 'thread_id', tmsg.thread_id, 'body', tmsg.body, 'created', tmsg.created)) filter (where tmsg.id is not null) messages
JSONB_AGG(DISTINCT jsonb_build_object('id', tmsg.id, 'author_id', tmsg.author_id, 'thread_id', tmsg.thread_id, 'body', tmsg.body, 'created', tmsg.created, 'hide_identity', tmsg.hide_identity)) filter (where tmsg.id is not null) messages
FROM threads t
LEFT OUTER JOIN threads_messages tmsg ON tmsg.thread_id = t.id
LEFT OUTER JOIN threads_members tm ON tm.thread_id = t.id
Expand All @@ -159,7 +161,6 @@ impl Thread {
messages
},
members: x.members.unwrap_or_default().into_iter().map(UserId).collect(),
show_in_mod_inbox: x.show_in_mod_inbox,
}))
})
.try_collect::<Vec<Thread>>()
Expand Down Expand Up @@ -229,7 +230,7 @@ impl ThreadMessage {
let message_ids_parsed: Vec<i64> = message_ids.iter().map(|x| x.0).collect();
let messages = sqlx::query!(
"
SELECT tm.id, tm.author_id, tm.thread_id, tm.body, tm.created
SELECT tm.id, tm.author_id, tm.thread_id, tm.body, tm.created, tm.hide_identity
FROM threads_messages tm
WHERE tm.id = ANY($1)
",
Expand All @@ -244,6 +245,7 @@ impl ThreadMessage {
body: serde_json::from_value(x.body)
.unwrap_or(MessageBody::Deleted { private: false }),
created: x.created,
hide_identity: x.hide_identity,
}))
})
.try_collect::<Vec<ThreadMessage>>()
Expand Down
4 changes: 0 additions & 4 deletions src/models/v2/threads.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ pub enum LegacyMessageBody {
body: String,
#[serde(default)]
private: bool,
#[serde(default)]
hide_identity: bool,
replying_to: Option<ThreadMessageId>,
#[serde(default)]
associated_images: Vec<ImageId>,
Expand Down Expand Up @@ -76,13 +74,11 @@ impl From<crate::models::v3::threads::MessageBody> for LegacyMessageBody {
private,
replying_to,
associated_images,
hide_identity,
} => LegacyMessageBody::Text {
body,
private,
replying_to,
associated_images,
hide_identity,
},
crate::models::v3::threads::MessageBody::StatusChange {
new_status,
Expand Down
16 changes: 4 additions & 12 deletions src/models/v3/threads.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ pub struct ThreadMessage {
pub author_id: Option<UserId>,
pub body: MessageBody,
pub created: DateTime<Utc>,
pub hide_identity: bool,
}

#[derive(Serialize, Deserialize, Clone)]
Expand All @@ -41,8 +42,6 @@ pub enum MessageBody {
body: String,
#[serde(default)]
private: bool,
#[serde(default)]
hide_identity: bool,
replying_to: Option<ThreadMessageId>,
#[serde(default)]
associated_images: Vec<ImageId>,
Expand Down Expand Up @@ -116,24 +115,17 @@ impl Thread {
})
.map(|x| ThreadMessage {
id: x.id.into(),
author_id: if users
.iter()
.find(|y| x.author_id == Some(y.id.into()))
.map(|x| x.role.is_mod() && !user.role.is_mod())
.unwrap_or(false)
{
author_id: if x.hide_identity && !user.role.is_mod() {
None
} else {
x.author_id.map(|x| x.into())
},
body: x.body,
created: x.created,
hide_identity: x.hide_identity,
})
.collect(),
members: users
.into_iter()
.filter(|x| !x.role.is_mod() || user.role.is_mod())
.collect(),
members: users,
}
}
}
7 changes: 4 additions & 3 deletions src/queue/moderation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,7 @@ impl AutomatedModerationQueue {

if !mod_messages.is_empty() {
let first_time = database::models::Thread::get(project.thread_id, &pool).await?
.map(|x| x.messages.iter().all(|x| match x.body { MessageBody::Text { hide_identity, .. } => x.author_id == Some(database::models::UserId(AUTOMOD_ID)) || hide_identity, _ => true}))
.map(|x| x.messages.iter().all(|x| x.author_id == Some(database::models::UserId(AUTOMOD_ID)) || x.hide_identity))
.unwrap_or(true);

let mut transaction = pool.begin().await?;
Expand All @@ -621,11 +621,11 @@ impl AutomatedModerationQueue {
body: MessageBody::Text {
body: mod_messages.markdown(true),
private: false,
hide_identity: false,
replying_to: None,
associated_images: vec![],
},
thread_id: project.thread_id,
hide_identity: false,
}
.insert(&mut transaction)
.await?;
Expand All @@ -645,6 +645,7 @@ impl AutomatedModerationQueue {
old_status: project.inner.status,
},
thread_id: project.thread_id,
hide_identity: false,
}
.insert(&mut transaction)
.await?;
Expand Down Expand Up @@ -733,11 +734,11 @@ impl AutomatedModerationQueue {
body: MessageBody::Text {
body: str,
private: true,
hide_identity: false,
replying_to: None,
associated_images: vec![],
},
thread_id: project.thread_id,
hide_identity: false,
}
.insert(&mut transaction)
.await?;
Expand Down
Loading

0 comments on commit decfcb6

Please sign in to comment.