#527: code for handling spam reports

VocaDB · Nov 20, 2019 · a6c231e · a6c231e
1 parent 22a1bde
commit a6c231e
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 6 deletions.
diff --git a/VocaDbModel/Database/Queries/UserQueries.cs b/VocaDbModel/Database/Queries/UserQueries.cs
@@ -115,9 +115,10 @@ class CachedUserStats {
 
 		}
 
-		private void CreateReport(IDatabaseContext ctx, User reportedUser, string hostname, string notes) {
-			var report = new UserReport(reportedUser, UserReportType.Other, ctx.OfType<User>().GetLoggedUser(PermissionContext), hostname, notes);
+		private UserReport CreateReport(IDatabaseContext ctx, User reportedUser, UserReportType reportType, string hostname, string notes) {
+			var report = new UserReport(reportedUser, reportType, ctx.OfType<User>().GetLoggedUser(PermissionContext), hostname, notes);
 			ctx.Save(report);
+			return report;
 		}
 
 		private int[] GetFavoriteTagIds(IDatabaseContext<User> ctx, User user) {
@@ -516,6 +517,47 @@ class CachedUserStats {
 
 		}
 
+		public (bool created, int reportId) CreateReport(int userId, UserReportType reportType, string hostname, string notes) {
+
+			PermissionContext.VerifyPermission(PermissionToken.ReportUser);
+
+			return repository.HandleTransaction(ctx => {
+				var user = ctx.Load(userId);
+
+				ctx.AuditLogger.SysLog($"reporting {user} as {reportType}");
+
+				if (user.GroupId >= UserGroupId.Moderator) {
+					log.Error("Cannot report user with group " + user.GroupId);
+					return (false, 0);
+				}
+
+				if (user.GroupId <= UserGroupId.Regular && reportType == UserReportType.Spamming) {
+					var activeReportCount = ctx.Query<UserReport>()
+						.Where(ur => ur.User.Id == userId && ur.Status == ReportStatus.Open && ur.ReportType == UserReportType.Spamming)
+						.ToArray()
+						.Distinct(ur => ur.Hostname)
+						.Count();
+					if (activeReportCount >= 10) {
+						log.Info("User disabled");
+						user.Active = false;
+						ctx.Update(user);
+					} else if (activeReportCount >= 5) {
+						log.Info("User set to limited");
+						user.GroupId = UserGroupId.Limited;
+						ctx.Update(user);
+					}
+				}
+
+				var report = CreateReport(ctx, user, reportType, hostname, notes);
+
+				ctx.AuditLogger.AuditLog($"reported {user} as {reportType}");
+
+				return (true, report.Id);
+
+			});
+
+		}
+
 		/// <summary>
 		/// Disconnects Twitter account for the currently logged in user.
 		/// Twitter account can NOT be disconnected if the user has not set a VocaDB password.
@@ -1413,7 +1455,7 @@ class CachedUserStats {
 				var reasonText = !string.IsNullOrEmpty(reason) ? ": " + reason : string.Empty;
 
 				if (createReport) {
-					CreateReport(session, user, hostname, string.Format("removed edit permissions{0}", reasonText));
+					CreateReport(session, user, UserReportType.Other, hostname, string.Format("removed edit permissions{0}", reasonText));
 				}
 
 				var message = string.Format("updated user {0} by removing edit permissions{1}", EntryLinkFactory.CreateEntryLink(user), reasonText);

diff --git a/VocaDbModel/Domain/Users/UserReport.cs b/VocaDbModel/Domain/Users/UserReport.cs
@@ -1,4 +1,4 @@
-namespace VocaDb.Model.Domain.Users {
+namespace VocaDb.Model.Domain.Users {
 
 	public class UserReport : GenericEntryReport<User, UserReportType> {
 
@@ -16,7 +16,9 @@ public enum UserReportType {
 		/// </summary>
 		MaliciousIP = 1,
 
-		Other = 2
+		Spamming	= 2,
+
+		Other		= 4
 
 	}
 }
diff --git a/VocaDbWeb/Views/User/Details.cshtml b/VocaDbWeb/Views/User/Details.cshtml
@@ -70,7 +70,7 @@
 		@Html.Raw("&nbsp;")
 		@Html.ActionLink(ViewRes.SharedStrings.Edit, "Edit", new { id = Model.Id }, new { id = "editUserLink" });
 	}
-	@if (Login.Manager.HasPermission(PermissionToken.ReportUser) && UserContext.LoggedUserId != Model.Id && Model.GroupId <= UserGroupId.Regular && Model.Active) {
+	@if (Login.Manager.HasPermission(PermissionToken.ReportUser) && UserContext.LoggedUserId != Model.Id && Model.GroupId <= UserGroupId.Trusted && Model.Active) {
 		@Html.Raw("&nbsp;")
 		<a href="" id="reportUser" data-bind="click: function() { reportUserViewModel.show(); }">@Res.ReportSpamming</a>
 	}