Issue 86 - Submission and comment violation reporting #158
Conversation
There was a problem hiding this comment.
This has security concerns.
The mod threads are hidden from standard users, but if the thread is created by a non-mod they will still probably get reply notifications/other information.
We could create a migration that creates a user with ID=0 and name something like nautbot, and use this user to submit these reports.
Or we can filter the notifications and other things
|
I didn't think about that. We will want a "nautbot" user for other reasons too wouldn't we? I'll add a migration to create that user and use that for the reports. |
|
Yes, it'll definitely be used for other things as well. You drew the short straw, and created the first feature that needs it haha |
|
Added a db migration for adding nautbot user, made the comment and submission report method use nautbot for the mod thread. |
|
Doesnt look like you can log in as nautbot |
There was a problem hiding this comment.
🏆
This is freakin' awesome.
Few minor things:
- Improve error translation
- refactor controller methods into one
Feel free to add to this PR and then Squash + Merge
OR
Squash + Merge this now and follow up with another PR to address the refactor/translation.
Also - let's create an issue for "Users without Password" and mention any Symfony articles / links to codelines directly that make it explicit that empty password is OK measure to avoid login.
config/app_routes/submission.yaml
Outdated
| controller: App\Controller\SubmissionController::report | ||
| path: /f/{forum_name}/{submission_id}/report | ||
| methods: [POST] | ||
| requirements: { id: \d+ } |
There was a problem hiding this comment.
there's no 'id' param here though, only submission_id and forum_name
src/Controller/CommentController.php
Outdated
| $this->validateCsrf('report_comment', $request->request->get('token')); | ||
|
|
||
| // Find nautbot. | ||
| $nautbot = $em->find("App\\Entity\\User", 0); |
There was a problem hiding this comment.
this needs to be backed up by SQL migration creating a nautbot user with id = 0
src/Controller/CommentController.php
Outdated
|
|
||
| $this->addFlash('success', 'flash.comment_reported'); | ||
| } else { | ||
| $this->addFlash('notice', 'flash.generic_error'); |
There was a problem hiding this comment.
Let's have explicit error - "flash.comment_report_fail" and something along the lines -
"Reporting system is unavailable, please contact Moderators directly"
| 'submission_id' => $submission->getId(), | ||
| 'slug' => Slugger::slugify($submission->getTitle()), | ||
| ]); | ||
| } |
There was a problem hiding this comment.
This is almost a complete copy-paste of comment report, let's extract this method somewhere so controllers can be calling it with few different params and do the same thing.
Could live in utils
There was a problem hiding this comment.
I'm working on a new Utils class for NautBot functions
src/Utils/NautBot.php
It'd be sweet if you used the same and build something like
newNautBotNotice($forum, $title, $body): Submission {
// build nautbot submission and return
}
That returned a new submission. This would get used a lot and be a huge help!
There was a problem hiding this comment.
Not seeing that class. Is it in another branch?
There was a problem hiding this comment.
It's not pushed up yet, still working on this feature. Sorry I should've been more clear.
| public function up(Schema $schema) | ||
| { | ||
| // this up() migration is auto-generated, please modify it to your needs | ||
| $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.'); |
| @@ -128,6 +129,9 @@ flash: | |||
| page_unlocked: The page was unlocked. | |||
| no_cookies_verification: Does the image not load correctly? Please make sure you aren't blocking cookies and try again. | |||
| no_password_resets: Password resets have been disabled by the administrator. | |||
| thread_reported: The submission has been reported. | |||
| comment_reported: The comment has been reported. | |||
| generic_error: An error had occurred, please try again later. | |||
There was a problem hiding this comment.
If nautbot goes down - we want users to:
- know reporting is fucked for the moment
- tell mods/admins about it - so we can fix it
- tell mods to do something about comment/submission manually
…to messages, route fix.
|
Added some code to our UserChecker to force nautbot to not be able to be logged in, even if it had a password. Made the requested changes. |
|
We might have missed a use case with this. Each report will be a new thread, so there's no easy way for mods to see how many times a submission/comment has been reported, which is decently important I think. We may want to talk to the former mods about how important this is, but I think this will be needed, because previously, after 5 reports a thread was removed until a mod looked at it. I think it'd also be useful for mods to see the number of reports when they view a thread, but again, we'd have to ask the mods for sure. This use case may not be urgent, and this could potentially be pushed to v2/3, but I think it'd be good functionality to have down the line. The below is just a suggestion, kind of spitballing how this could be accomplishedFor submissions this probably wouldn't be too hard to do based on what you've built so far. On submissions and comment entities you can create a report count, and increment it each time a new report is filed. Then you can get the old thread: |
|
Seeing the number of accrued reports on a single item is helpful - several of us are looking at the modqueue throughout the day, and seeing something with multiple reports is usually a sign that we need to jump it immediately. The count would be nice for us to have and would be needed by nautbot to implement auto-moderation rules, but not immediately critical for the mods so long as there is a basic flagging/reporting mechanism. |
|
Created a more detailed reporting/moderation queue user story in issue #160 |
…inig-issue-86 # Conflicts: # config/app_routes/comment.yaml # src/Entity/Comment.php
| // this down() migration is auto-generated, please modify it to your needs | ||
| $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.'); | ||
|
|
||
| $this->addSql('CREATE SCHEMA public'); |
There was a problem hiding this comment.
oh wow, doctrine:migrations:diff created that?
delete that line - we should use existing schema all the time - it's part of DBA, not code/dev
There was a problem hiding this comment.
Yeah I'll get rid of that. migrations:diff also adds a ton of "alter tables" that don't actually do anything. You can see them in some of the other more recent migrations.
Version20180401054730 specifically
I've been manually removing those lines from the migrations.
|
@tstiegler approved, please squash when ready and notify Jenkins/dev to run migrations. |
|
Theres actually still one thing I wanted to do for this issue and that was to make it so that multiple reports don't get jumbled into multiple threads. Part of @nationwide13 suggestion was some code that did that. |
…inig-issue-86 # Conflicts: # src/Controller/SubmissionController.php
|
Need a new review on this, I'm going to hold off my change to de-dupe reporting threads since issue #160 will nullify most of this stuff. |
This PR allows a logged in user to report both submissions or comments. As per the issue, no report "reason" is required.
To test this issue:
Log in as a normal user
Click the "Report" link which is displayed underneath each submission.
Click "Yes"/"Ok" to the prompt.
Log out of the account and log in with a mod/admin
Navigate to the mod forum for the forum that the submission was in
You should see a "Submission Report" that links to the submission that was reported.
Log in as a normal user
Navigate to a submission with comments (or create one)
Click the "Report" link which is displayed underneath each comment.
Click "Yes"/"Ok" to the prompt.
Log out of the account and log in with a mod/admin
Navigate to the mod forum for the forum that the submission was in
You should see a "Comment Report" that links to the comment that was reported.