mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-01 15:06:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/models/user/moderation.go
forgejo-backport-action 9d47719545 [v12.0/forgejo] fix: make sure to use unaltered fields when saving a shadow copy for updated profiles or comments (#8584) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8533

Follow-up of !6977

### Manual testing
- User **S** creates an organization **O** and posts a comment **C** (on a random issue);
- User **R** report as abuse the comment **C**, the organization **O** as well as the user **S**;
- User **S** changes the content of comment **C** and the description of organization **O** as well as the description of their own profile;
- Check (within DB) that shadow copies are being created (and linked to corresponding abuse reports) for comment **C**, organization **O** and user **S** and the content is the one from the moment when the reports were submitted (therefore before the updates made by **S**).

Co-authored-by: floss4good <floss4good@disroot.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8584
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-07-22 03:08:12 +02:00

121 lines
4.1 KiB
Go
Raw Blame History

// Copyright 2025 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: GPL-3.0-or-later
package user
import (
"context"
"reflect"
"slices"
"sync"
"forgejo.org/models/moderation"
"forgejo.org/modules/json"
"forgejo.org/modules/timeutil"
"xorm.io/xorm/names"
)
// UserData represents a trimmed down user that is used for preserving
// only the fields needed for abusive content reports (mainly string fields).
type UserData struct { //revive:disable-line:exported
Name string
FullName string
Email string
LoginName string
Location string
Website string
Pronouns string
Description string
CreatedUnix timeutil.TimeStamp
UpdatedUnix timeutil.TimeStamp
// This field was intentionally renamed so that is not the same with the one from User struct.
// If we keep it the same as in User, during login it might trigger the creation of a shadow copy.
// TODO: Should we decide that this field is not that relevant for abuse reporting purposes, better remove it.
LastLogin timeutil.TimeStamp `json:"LastLoginUnix"`
Avatar string
AvatarEmail string
}
// newUserData creates a trimmed down user to be used just to create a JSON structure
// (keeping only the fields relevant for moderation purposes)
func newUserData(user *User) UserData {
return UserData{
Name: user.Name,
FullName: user.FullName,
Email: user.Email,
LoginName: user.LoginName,
Location: user.Location,
Website: user.Website,
Pronouns: user.Pronouns,
Description: user.Description,
CreatedUnix: user.CreatedUnix,
UpdatedUnix: user.UpdatedUnix,
LastLogin: user.LastLoginUnix,
Avatar: user.Avatar,
AvatarEmail: user.AvatarEmail,
}
}
// userDataColumnNames builds (only once) and returns a slice with the column names
// (e.g. FieldName -> field_name) corresponding to UserData struct fields.
var userDataColumnNames = sync.OnceValue(func() []string {
mapper := new(names.GonicMapper)
udType := reflect.TypeOf(UserData{})
columnNames := make([]string, 0, udType.NumField())
for i := 0; i < udType.NumField(); i++ {
columnNames = append(columnNames, mapper.Obj2Table(udType.Field(i).Name))
}
return columnNames
})
// IfNeededCreateShadowCopyForUser checks if for the given user there are any reports of abusive content submitted
// and if found a shadow copy of relevant user fields will be stored into DB and linked to the above report(s).
// This function should be called before a user is deleted or updated.
//
// In case the User object was already altered before calling this method, just provide the userID and
// nil for unalteredUser; when it is decided that a shadow copy should be created and unalteredUser is nil,
// the user will be retrieved from DB based on the provided userID.
//
// For deletions alteredCols argument must be omitted.
//
// In case of updates it will first checks whether any of the columns being updated (alteredCols argument)
// is relevant for moderation purposes (i.e. included in the UserData struct).
func IfNeededCreateShadowCopyForUser(ctx context.Context, userID int64, unalteredUser *User, alteredCols ...string) error {
// TODO: this can be triggered quite often (e.g. by routers/web/repo/middlewares.go SetDiffViewStyle())
shouldCheckIfNeeded := len(alteredCols) == 0 // no columns being updated, therefore a deletion
if !shouldCheckIfNeeded {
// for updates we need to go further only if certain columns are being changed
for _, colName := range userDataColumnNames() {
if shouldCheckIfNeeded = slices.Contains(alteredCols, colName); shouldCheckIfNeeded {
break
}
}
}
if !shouldCheckIfNeeded {
return nil
}
shadowCopyNeeded, err := moderation.IsShadowCopyNeeded(ctx, moderation.ReportedContentTypeUser, userID)
if err != nil {
return err
}
if shadowCopyNeeded {
if unalteredUser == nil {
if unalteredUser, err = GetUserByID(ctx, userID); err != nil {
return err
}
}
userData := newUserData(unalteredUser)
content, err := json.Marshal(userData)
if err != nil {
return err
}
return moderation.CreateShadowCopyForUser(ctx, userID, string(content))
}
return nil
}
Reference in a new issue View git blame Copy permalink