From 4a3c05a5c39462e94d0b57d8f0a2bb838ff1364e Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 20 Nov 2024 20:05:06 +0100 Subject: [PATCH 1/4] Implement Admin Report Notes API --- .../api/v1/admin/reports/notes_controller.rb | 70 +++++++++++++++++++ app/policies/report_note_policy.rb | 4 ++ .../rest/admin/account_minimal_serializer.rb | 31 ++++++++ .../rest/admin/moderation_note_serializer.rb | 25 +++++++ config/routes/api.rb | 2 + 5 files changed, 132 insertions(+) create mode 100644 app/controllers/api/v1/admin/reports/notes_controller.rb create mode 100644 app/serializers/rest/admin/account_minimal_serializer.rb create mode 100644 app/serializers/rest/admin/moderation_note_serializer.rb diff --git a/app/controllers/api/v1/admin/reports/notes_controller.rb b/app/controllers/api/v1/admin/reports/notes_controller.rb new file mode 100644 index 0000000000..1f6f40e4e3 --- /dev/null +++ b/app/controllers/api/v1/admin/reports/notes_controller.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +class Api::V1::Admin::Reports::NotesController < Api::BaseController + include Authorization + include AccountableConcern + + PERMITTED_PARAMS = %i( + content + ).freeze + + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:reports' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:reports' }, except: [:index, :show] + before_action :set_report + before_action :set_report_note, except: [:index, :create] + + rescue_from ArgumentError do |e| + render json: { error: e.to_s }, status: 422 + end + + def index + authorize @report, :show? + render json: @report.notes.chronological.includes(:account), each_serializer: REST::Admin::ModerationNoteSerializer + end + + def show + authorize @report_note, :show? + render json: @report_note, serializer: REST::Admin::ModerationNoteSerializer + end + + def create + authorize :report_note, :create? + authorize @report, :update? if truthy_param?(:resolve_report) || truthy_param?(:unresolve_report) + + @report_note = current_account.report_notes.new(report_note_params.merge(report_id: @report.id)) + + if @report_note.save! + if truthy_param?(:resolve_report) + @report.resolve!(current_account) + log_action :resolve, @report + elsif truthy_param?(:unresolve_report) + @report.unresolve! + log_action :reopen, @report + end + + render json: @report_note, serializer: REST::Admin::ModerationNoteSerializer + end + end + + def destroy + authorize @report_note, :destroy? + @report_note.destroy! + render_empty + end + + private + + def set_report + @report = Report.find(params[:report_id]) + end + + def set_report_note + @report_note = ReportNote.where(report_id: params[:report_id]).find(params[:id]) + end + + def report_note_params + params + .slice(*PERMITTED_PARAMS) + .permit(*PERMITTED_PARAMS) + end +end diff --git a/app/policies/report_note_policy.rb b/app/policies/report_note_policy.rb index dc31416e8e..dd7e92da03 100644 --- a/app/policies/report_note_policy.rb +++ b/app/policies/report_note_policy.rb @@ -5,6 +5,10 @@ class ReportNotePolicy < ApplicationPolicy role.can?(:manage_reports) end + def show? + role.can?(:manage_reports) + end + def destroy? owner? || (role.can?(:manage_reports) && role.overrides?(record.account.user_role)) end diff --git a/app/serializers/rest/admin/account_minimal_serializer.rb b/app/serializers/rest/admin/account_minimal_serializer.rb new file mode 100644 index 0000000000..f665b607b2 --- /dev/null +++ b/app/serializers/rest/admin/account_minimal_serializer.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +class REST::Admin::AccountMinimalSerializer < ActiveModel::Serializer + include RoutingHelper + + attributes :id, :username, :acct, :display_name, :uri, :url, :avatar, :avatar_static + + def id + object.id.to_s + end + + def acct + object.pretty_acct + end + + def url + ActivityPub::TagManager.instance.url_for(object) + end + + def uri + ActivityPub::TagManager.instance.uri_for(object) + end + + def avatar + full_asset_url(object.unavailable? ? object.avatar.default_url : object.avatar_original_url) + end + + def avatar_static + full_asset_url(object.unavailable? ? object.avatar.default_url : object.avatar_static_url) + end +end diff --git a/app/serializers/rest/admin/moderation_note_serializer.rb b/app/serializers/rest/admin/moderation_note_serializer.rb new file mode 100644 index 0000000000..06829112ae --- /dev/null +++ b/app/serializers/rest/admin/moderation_note_serializer.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +class REST::Admin::ModerationNoteSerializer < ActiveModel::Serializer + include RoutingHelper + + attributes :id, :content, :created_at, :updated_at, :target + belongs_to :account, serializer: REST::Admin::AccountMinimalSerializer + + def id + object.id.to_s + end + + def content + object.content.strip + end + + def target + case object + when ReportNote + { type: 'Report', id: object.report_id.to_s, url: api_v1_admin_report_url(object.report) } + when AccountModerationNote + { type: 'Account', id: object.target_account_id.to_s, url: api_v1_admin_account_url(object.target_account) } + end + end +end diff --git a/config/routes/api.rb b/config/routes/api.rb index 86e41a2abe..3d4dbd8ceb 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -254,6 +254,8 @@ namespace :api, format: false do post :reopen post :resolve end + + resources :notes, controller: 'reports/notes', except: [:new, :edit, :update] end resources :domain_allows, only: [:index, :show, :create, :destroy] From d54dc8983ac0c76db456371cb51f9a448a59108e Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 20 Nov 2024 20:18:56 +0100 Subject: [PATCH 2/4] Implement Admin Account Moderation Notes API --- .../api/v1/admin/accounts/notes_controller.rb | 60 +++++++++++++++++++ .../rest/admin/moderation_note_serializer.rb | 4 +- config/routes/api.rb | 3 +- 3 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 app/controllers/api/v1/admin/accounts/notes_controller.rb diff --git a/app/controllers/api/v1/admin/accounts/notes_controller.rb b/app/controllers/api/v1/admin/accounts/notes_controller.rb new file mode 100644 index 0000000000..7dfe3cfd39 --- /dev/null +++ b/app/controllers/api/v1/admin/accounts/notes_controller.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +class Api::V1::Admin::Accounts::NotesController < Api::BaseController + include Authorization + include AccountableConcern + + PERMITTED_PARAMS = %i( + content + ).freeze + + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] + before_action :set_account + before_action :set_account_note, except: [:index, :create] + + rescue_from ArgumentError do |e| + render json: { error: e.to_s }, status: 422 + end + + def index + authorize @account, :show? + render json: @account.targeted_moderation_notes.chronological.includes(:account), each_serializer: REST::Admin::ModerationNoteSerializer + end + + def show + authorize @account_moderation_note, :show? + render json: @account_moderation_note, serializer: REST::Admin::ModerationNoteSerializer + end + + def create + authorize AccountModerationNote, :create? + + @account_moderation_note = current_account.account_moderation_notes.new(account_note_params.merge(target_account_id: @account.id)) + @account_moderation_note.save! + + render json: @account_moderation_note, serializer: REST::Admin::ModerationNoteSerializer + end + + def destroy + authorize @account_moderation_note, :destroy? + @account_moderation_note.destroy! + render_empty + end + + private + + def set_account + @account = Account.find(params[:account_id]) + end + + def set_account_note + @account_moderation_note = AccountModerationNote.where(target_account_id: params[:account_id]).find(params[:id]) + end + + def account_note_params + params + .slice(*PERMITTED_PARAMS) + .permit(*PERMITTED_PARAMS) + end +end diff --git a/app/serializers/rest/admin/moderation_note_serializer.rb b/app/serializers/rest/admin/moderation_note_serializer.rb index 06829112ae..b381e7114c 100644 --- a/app/serializers/rest/admin/moderation_note_serializer.rb +++ b/app/serializers/rest/admin/moderation_note_serializer.rb @@ -17,9 +17,9 @@ class REST::Admin::ModerationNoteSerializer < ActiveModel::Serializer def target case object when ReportNote - { type: 'Report', id: object.report_id.to_s, url: api_v1_admin_report_url(object.report) } + { type: 'Report', id: object.report_id.to_s, url: api_v1_admin_report_url(object.report.id) } when AccountModerationNote - { type: 'Account', id: object.target_account_id.to_s, url: api_v1_admin_account_url(object.target_account) } + { type: 'Account', id: object.target_account_id.to_s, url: api_v1_admin_account_url(object.target_account.id) } end end end diff --git a/config/routes/api.rb b/config/routes/api.rb index 3d4dbd8ceb..2326225c4a 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -245,6 +245,7 @@ namespace :api, format: false do end resource :action, only: [:create], controller: 'account_actions' + resources :notes, controller: 'accounts/notes', only: [:index, :show, :create, :destroy] end resources :reports, only: [:index, :update, :show] do @@ -255,7 +256,7 @@ namespace :api, format: false do post :resolve end - resources :notes, controller: 'reports/notes', except: [:new, :edit, :update] + resources :notes, controller: 'reports/notes', only: [:index, :show, :create, :destroy] end resources :domain_allows, only: [:index, :show, :create, :destroy] From 1bc1d923cb02ba44431a8e8da48369ac6e263c1e Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 20 Nov 2024 20:20:51 +0100 Subject: [PATCH 3/4] fixup! Implement Admin Report Notes API --- app/controllers/api/v1/admin/reports/notes_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/admin/reports/notes_controller.rb b/app/controllers/api/v1/admin/reports/notes_controller.rb index 1f6f40e4e3..1eabd65772 100644 --- a/app/controllers/api/v1/admin/reports/notes_controller.rb +++ b/app/controllers/api/v1/admin/reports/notes_controller.rb @@ -28,7 +28,7 @@ class Api::V1::Admin::Reports::NotesController < Api::BaseController end def create - authorize :report_note, :create? + authorize ReportNote, :create? authorize @report, :update? if truthy_param?(:resolve_report) || truthy_param?(:unresolve_report) @report_note = current_account.report_notes.new(report_note_params.merge(report_id: @report.id)) From 125a298dbaaba73ec5e2e40b186c8a5d5c0fb558 Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 20 Nov 2024 20:39:37 +0100 Subject: [PATCH 4/4] Apply suggestions from code review --- app/controllers/api/v1/admin/accounts/notes_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/v1/admin/accounts/notes_controller.rb b/app/controllers/api/v1/admin/accounts/notes_controller.rb index 7dfe3cfd39..6db0e1fcbc 100644 --- a/app/controllers/api/v1/admin/accounts/notes_controller.rb +++ b/app/controllers/api/v1/admin/accounts/notes_controller.rb @@ -11,7 +11,7 @@ class Api::V1::Admin::Accounts::NotesController < Api::BaseController before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] before_action :set_account - before_action :set_account_note, except: [:index, :create] + before_action :set_account_moderation_note, except: [:index, :create] rescue_from ArgumentError do |e| render json: { error: e.to_s }, status: 422 @@ -48,7 +48,7 @@ class Api::V1::Admin::Accounts::NotesController < Api::BaseController @account = Account.find(params[:account_id]) end - def set_account_note + def set_account_moderation_note @account_moderation_note = AccountModerationNote.where(target_account_id: params[:account_id]).find(params[:id]) end