Add config option to allow anonymous reporting

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-06-09 14:07:49 +02:00
parent ea69bad151
commit 43ceda961b
14 changed files with 177 additions and 47 deletions

View File

@ -26,6 +26,7 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an
- Duplicate an event - Duplicate an event
- Ability to handle basic administration settings in the admin panel - Ability to handle basic administration settings in the admin panel
- Added physical address change to the list of important changes that trigger event notifications - Added physical address change to the list of important changes that trigger event notifications
- Config option to allow anonymous reporting
### Changed ### Changed
- Configuration handling (see above) - Configuration handling (see above)

View File

@ -202,6 +202,9 @@ config :mobilizon, :anonymous,
], ],
captcha: [enabled: false] captcha: [enabled: false]
} }
],
reports: [
allowed: false
] ]
config :mobilizon, Oban, config :mobilizon, Oban,

View File

@ -92,6 +92,11 @@ config :mobilizon, :instance,
# config :mobilizon, :activitypub, sign_object_fetches: false # config :mobilizon, :activitypub, sign_object_fetches: false
config :mobilizon, :anonymous,
reports: [
allowed: true
]
require Logger require Logger
cond do cond do

View File

@ -62,7 +62,7 @@ export const COMMENTS_THREADS = gql`
} }
} }
} }
${COMMENT_RECURSIVE_FRAGMENT} ${COMMENT_FIELDS_FRAGMENT}
`; `;
export const CREATE_COMMENT_FROM_EVENT = gql` export const CREATE_COMMENT_FROM_EVENT = gql`

View File

@ -34,6 +34,9 @@ export const CONFIG = gql`
} }
} }
} }
reports {
allowed
}
actorId actorId
} }
location { location {

View File

@ -39,6 +39,9 @@ export interface IConfig {
}; };
}; };
}; };
reports: {
allowed: boolean;
};
actorId: string; actorId: string;
}; };
maps: { maps: {

View File

@ -272,7 +272,7 @@
<b-icon icon="calendar-plus" /> <b-icon icon="calendar-plus" />
</span> </span>
</b-dropdown-item> </b-dropdown-item>
<b-dropdown-item aria-role="listitem"> <b-dropdown-item aria-role="listitem" v-if="ableToReport">
<span @click="isReportModalActive = true"> <span @click="isReportModalActive = true">
{{ $t("Report") }} {{ $t("Report") }}
<b-icon icon="flag" /> <b-icon icon="flag" />
@ -750,14 +750,25 @@ export default class Event extends EventMixin {
async reportEvent(content: string, forward: boolean) { async reportEvent(content: string, forward: boolean) {
this.isReportModalActive = false; this.isReportModalActive = false;
// @ts-ignore
this.$refs.reportModal.close();
if (!this.event.organizerActor) return; if (!this.event.organizerActor) return;
const eventTitle = this.event.title; const eventTitle = this.event.title;
let reporterId = null;
if (this.currentActor.id) {
reporterId = this.currentActor.id;
} else {
if (this.config.anonymous.reports.allowed) {
reporterId = this.config.anonymous.actorId;
}
}
if (!reporterId) return;
try { try {
await this.$apollo.mutate<IReport>({ await this.$apollo.mutate<IReport>({
mutation: CREATE_REPORT, mutation: CREATE_REPORT,
variables: { variables: {
eventId: this.event.id, eventId: this.event.id,
reporterId: this.currentActor.id, reporterId,
reportedId: this.event.organizerActor.id, reportedId: this.event.organizerActor.id,
content, content,
forward, forward,
@ -996,6 +1007,12 @@ export default class Event extends EventMixin {
await removeAnonymousParticipation(this.uuid); await removeAnonymousParticipation(this.uuid);
this.anonymousParticipation = null; this.anonymousParticipation = null;
} }
get ableToReport(): boolean {
return (
this.config && (this.currentActor.id != undefined || this.config.anonymous.reports.allowed)
);
}
} }
</script> </script>
<style lang="scss" scoped> <style lang="scss" scoped>

View File

@ -154,7 +154,7 @@ import Subtitle from "../components/Utils/Subtitle.vue";
}; };
}, },
update: (data) => update: (data) =>
data.loggedUser.participations.map( data.loggedUser.participations.elements.map(
(participation: IParticipant) => new Participant(participation) (participation: IParticipant) => new Participant(participation)
), ),
skip() { skip() {

View File

@ -89,6 +89,9 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
} }
} }
}, },
reports: %{
allowed: Config.anonymous_reporting?()
},
actor_id: Config.anonymous_actor_id() actor_id: Config.anonymous_actor_id()
}, },
geocoding: %{ geocoding: %{

View File

@ -60,9 +60,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
end end
end end
def check_event_access(%Event{local: true}), do: true @spec check_event_access(Event.t()) :: boolean()
defp check_event_access(%Event{local: true}), do: true
def check_event_access(%Event{url: url}) do defp check_event_access(%Event{url: url}) do
relay_actor_id = Config.relay_actor_id() relay_actor_id = Config.relay_actor_id()
Events.check_if_event_has_instance_follow(url, relay_actor_id) Events.check_if_event_has_instance_follow(url, relay_actor_id)
end end

View File

@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
alias Mobilizon.Actors alias Mobilizon.Actors
alias Mobilizon.Actors.Actor alias Mobilizon.Actors.Actor
alias Mobilizon.Config
alias Mobilizon.Reports alias Mobilizon.Reports
alias Mobilizon.Reports.{Note, Report} alias Mobilizon.Reports.{Note, Report}
alias Mobilizon.Users.User alias Mobilizon.Users.User
@ -47,7 +48,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
def create_report( def create_report(
_parent, _parent,
%{reporter_id: reporter_id} = args, %{reporter_id: reporter_id} = args,
%{context: %{current_user: user}} = _resolution %{context: %{current_user: %User{} = user}} = _resolution
) do ) do
with {:is_owned, %Actor{}} <- User.owns_actor(user, reporter_id), with {:is_owned, %Actor{}} <- User.owns_actor(user, reporter_id),
{:ok, _, %Report{} = report} <- API.Reports.report(args) do {:ok, _, %Report{} = report} <- API.Reports.report(args) do
@ -61,6 +62,31 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
end end
end end
@doc """
Create a report anonymously if allowed
"""
def create_report(
_parent,
%{reporter_id: reporter_id} = args,
_resolution
) do
with {:anonymous_reporting_allowed, true} <-
{:anonymous_reporting_allowed, Config.anonymous_reporting?()},
{:wrong_id, true} <- {:wrong_id, reporter_id == to_string(Config.anonymous_actor_id())},
{:ok, _, %Report{} = report} <- API.Reports.report(args) do
{:ok, report}
else
{:anonymous_reporting_allowed, _} ->
{:error, "You need to be logged-in to create reports"}
{:wrong_id, _} ->
{:error, "Reporter ID is not the anonymous actor id"}
_error ->
{:error, "Error while saving report"}
end
end
def create_report(_parent, _args, _resolution) do def create_report(_parent, _args, _resolution) do
{:error, "You need to be logged-in to create reports"} {:error, "You need to be logged-in to create reports"}
end end

View File

@ -59,6 +59,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
object :anonymous do object :anonymous do
field(:participation, :anonymous_participation) field(:participation, :anonymous_participation)
field(:event_creation, :anonymous_event_creation) field(:event_creation, :anonymous_event_creation)
field(:reports, :anonymous_reports)
field(:actor_id, :id) field(:actor_id, :id)
end end
@ -100,6 +101,10 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
field(:enabled, :boolean) field(:enabled, :boolean)
end end
object :anonymous_reports do
field(:allowed, :boolean)
end
object :resource_provider do object :resource_provider do
field(:type, :string) field(:type, :string)
field(:endpoint, :string) field(:endpoint, :string)

View File

@ -139,6 +139,10 @@ defmodule Mobilizon.Config do
:enabled :enabled
] ]
@spec anonymous_reporting? :: boolean
def anonymous_reporting?,
do: Application.get_env(:mobilizon, :anonymous)[:reports][:allowed]
def instance_resource_providers do def instance_resource_providers do
types = get_in(Application.get_env(:mobilizon, Mobilizon.Service.ResourceProviders), [:types]) types = get_in(Application.get_env(:mobilizon, Mobilizon.Service.ResourceProviders), [:types])

View File

@ -1,9 +1,11 @@
defmodule Mobilizon.GraphQL.Resolvers.ReportTest do defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
use Mobilizon.Web.ConnCase use Mobilizon.Web.ConnCase
use Mobilizon.Tests.Helpers
import Mobilizon.Factory import Mobilizon.Factory
alias Mobilizon.Actors.Actor alias Mobilizon.Actors.Actor
alias Mobilizon.Config
alias Mobilizon.Events.Event alias Mobilizon.Events.Event
alias Mobilizon.Reports.{Note, Report} alias Mobilizon.Reports.{Note, Report}
alias Mobilizon.Users.User alias Mobilizon.Users.User
@ -11,67 +13,124 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
alias Mobilizon.GraphQL.AbsintheHelpers alias Mobilizon.GraphQL.AbsintheHelpers
describe "Resolver: Report a content" do describe "Resolver: Report a content" do
@create_report_mutation """
mutation CreateReport($reporterId: ID!, $reportedId: ID!, $eventId: ID, $content: String) {
createReport(
reporterId: $reporterId,
reportedId: $reportedId,
eventId: $eventId,
content: $content
) {
content,
reporter {
id
},
event {
id
},
status
}
}
"""
clear_config([:anonymous, :reports])
setup %{conn: conn} do
Mobilizon.Config.clear_config_cache()
anonymous_actor_id = Config.anonymous_actor_id()
{:ok, conn: conn, anonymous_actor_id: anonymous_actor_id}
end
test "create_report/3 creates a report", %{conn: conn} do test "create_report/3 creates a report", %{conn: conn} do
%User{} = user_reporter = insert(:user) %User{} = user_reporter = insert(:user)
%Actor{} = reporter = insert(:actor, user: user_reporter) %Actor{} = reporter = insert(:actor, user: user_reporter)
%Actor{} = reported = insert(:actor) %Actor{} = reported = insert(:actor)
%Event{} = event = insert(:event, organizer_actor: reported) %Event{} = event = insert(:event, organizer_actor: reported)
mutation = """
mutation {
createReport(
reporter_id: #{reporter.id},
reported_id: #{reported.id},
event_id: #{event.id},
content: "This is an issue"
) {
content,
reporter {
id
},
event {
id
},
status
}
}
"""
res = res =
conn conn
|> auth_conn(user_reporter) |> auth_conn(user_reporter)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) |> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: reporter.id,
eventId: event.id,
content: "This is an issue"
}
)
assert json_response(res, 200)["errors"] == nil assert res["errors"] == nil
assert json_response(res, 200)["data"]["createReport"]["content"] == "This is an issue" assert res["data"]["createReport"]["content"] == "This is an issue"
assert json_response(res, 200)["data"]["createReport"]["status"] == "OPEN" assert res["data"]["createReport"]["status"] == "OPEN"
assert json_response(res, 200)["data"]["createReport"]["event"]["id"] == to_string(event.id) assert res["data"]["createReport"]["event"]["id"] == to_string(event.id)
assert json_response(res, 200)["data"]["createReport"]["reporter"]["id"] == assert res["data"]["createReport"]["reporter"]["id"] ==
to_string(reporter.id) to_string(reporter.id)
end end
test "create_report/3 without being connected doesn't create any report", %{conn: conn} do test "create_report/3 without being connected doesn't create any report", %{conn: conn} do
%Actor{} = reported = insert(:actor) %Actor{} = reported = insert(:actor)
mutation = """ res =
mutation { conn
createReport( |> AbsintheHelpers.graphql_query(
reported_id: #{reported.id}, query: @create_report_mutation,
reporter_id: 5, variables: %{
content: "This is an issue" reportedId: reported.id,
) { reporterId: 5,
content content: "This is an issue"
} }
} )
"""
assert res["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in to create reports"
end
test "create_report/3 anonymously creates a report if config has allowed", %{
conn: conn,
anonymous_actor_id: anonymous_actor_id
} do
%Actor{} = reported = insert(:actor)
Config.put([:anonymous, :reports, :allowed], true)
res = res =
conn conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) |> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: anonymous_actor_id,
content: "This is an issue"
}
)
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") == assert is_nil(res["errors"])
"You need to be logged-in to create reports" assert res["data"]["createReport"]["content"] == "This is an issue"
assert res["data"]["createReport"]["status"] == "OPEN"
assert res["data"]["createReport"]["reporter"]["id"] ==
to_string(anonymous_actor_id)
end
test "create_report/3 anonymously doesn't creates a report if the anonymous actor ID is wrong",
%{conn: conn} do
%Actor{} = reported = insert(:actor)
Config.put([:anonymous, :reports, :allowed], true)
res =
conn
|> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: 53,
content: "This is an issue"
}
)
assert res["errors"] |> hd |> Map.get("message") ==
"Reporter ID is not the anonymous actor id"
end end
end end