Merge pull request #14730 from Carbrex/patch-14

Prohibit blocked users from posting in the comments thread of the blocker account's blog
lichess-org · Feb 27, 2024 · cbfa96c · cbfa96c
2 parents d1f093c + 919d799
commit cbfa96c
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 37 deletions.
diff --git a/app/controllers/ForumPost.scala b/app/controllers/ForumPost.scala
@@ -5,6 +5,7 @@ import views.*
 import lila.app.{ given, * }
 import lila.common.IpAddress
 import lila.msg.MsgPreset
+import lila.i18n.{ I18nKeys as trans }
 
 final class ForumPost(env: Env) extends LilaController(env) with ForumController:
 
@@ -37,30 +38,44 @@ final class ForumPost(env: Env) extends LilaController(env) with ForumController
         if topic.closed then BadRequest("This topic is closed")
         else if topic.isOld then BadRequest("This topic is archived")
         else
-          categ.team.so(env.team.api.isLeader(_, me)) flatMap { inOwnTeam =>
-            forms
-              .post(inOwnTeam)
-              .bindFromRequest()
-              .fold(
-                err =>
-                  CategGrantWrite(categId, tryingToPostAsMod = true):
-                    for
-                      captcha     <- forms.anyCaptcha
-                      unsub       <- env.timeline.status(s"forum:${topic.id}")
-                      canModCateg <- access.isGrantedMod(categ.slug)
-                      page <- renderPage:
-                        html.forum.topic
-                          .show(categ, topic, posts, Some(err -> captcha), unsub, canModCateg = canModCateg)
-                    yield BadRequest(page)
-                ,
-                data =>
-                  CategGrantWrite(categId, tryingToPostAsMod = ~data.modIcon):
-                    CreateRateLimit(ctx.ip, rateLimited):
-                      postApi.makePost(categ, topic, data) map { post =>
-                        Redirect(routes.ForumPost.redirect(post.id))
-                      }
-              )
-          }
+          for
+            canModCateg <- access.isGrantedMod(categ.slug)
+            replyBlocked <- access.isReplyBlockedOnUBlog(topic, canModCateg)
+            res <-
+              if replyBlocked then fuccess(BadRequest(trans.ublog.youBlockedByBlogAuthor()))
+              else
+                categ.team.so(env.team.api.isLeader(_, me)) flatMap { inOwnTeam =>
+                  forms
+                    .post(inOwnTeam)
+                    .bindFromRequest()
+                    .fold(
+                      err =>
+                        CategGrantWrite(categId, tryingToPostAsMod = true):
+                          for
+                            captcha     <- forms.anyCaptcha
+                            unsub       <- env.timeline.status(s"forum:${topic.id}")
+                            canModCateg <- access.isGrantedMod(categ.slug)
+                            page <- renderPage:
+                              html.forum.topic
+                                .show(
+                                  categ,
+                                  topic,
+                                  posts,
+                                  Some(err -> captcha),
+                                  unsub,
+                                  canModCateg = canModCateg
+                                )
+                          yield BadRequest(page)
+                      ,
+                      data =>
+                        CategGrantWrite(categId, tryingToPostAsMod = ~data.modIcon):
+                          CreateRateLimit(ctx.ip, rateLimited):
+                            postApi.makePost(categ, topic, data) map { post =>
+                              Redirect(routes.ForumPost.redirect(post.id))
+                            }
+                    )
+                }
+          yield res
   }
 
   def edit(postId: ForumPostId) = AuthBody { ctx ?=> me ?=>

diff --git a/app/controllers/ForumTopic.scala b/app/controllers/ForumTopic.scala
@@ -55,20 +55,22 @@ final class ForumTopic(env: Env) extends LilaController(env) with ForumControlle
         then notFound
         else
           for
-            unsub       <- ctx.me soUse env.timeline.status(s"forum:${topic.id}")
-            canRead     <- access.isGrantedRead(categ.slug)
-            canWrite    <- access.isGrantedWrite(categ.slug, tryingToPostAsMod = true)
-            canModCateg <- access.isGrantedMod(categ.slug)
-            inOwnTeam   <- ~(categ.team, ctx.me).mapN(env.team.api.isLeader(_, _))
+            unsub        <- ctx.me soUse env.timeline.status(s"forum:${topic.id}")
+            canRead      <- access.isGrantedRead(categ.slug)
+            canWrite     <- access.isGrantedWrite(categ.slug, tryingToPostAsMod = true)
+            canModCateg  <- access.isGrantedMod(categ.slug)
+            replyBlocked <- ctx.me soUse access.isReplyBlockedOnUBlog(topic, canModCateg)
+            inOwnTeam    <- ~(categ.team, ctx.me).mapN(env.team.api.isLeader(_, _))
             form <- ctx.me
-              .filter(_ => canWrite && topic.open && !topic.isOld)
+              .filter(_ => canWrite && topic.open && !topic.isOld && !replyBlocked)
               .soUse: _ ?=>
                 forms.postWithCaptcha(inOwnTeam) map some
             _ <- env.user.lightUserApi preloadMany posts.currentPageResults.flatMap(_.post.userId)
             res <-
               if canRead then
-                Ok.page(html.forum.topic.show(categ, topic, posts, form, unsub, canModCateg))
-                  .map(_.withCanonical(routes.ForumTopic.show(categ.slug, topic.slug, page)))
+                Ok.page(
+                  html.forum.topic.show(categ, topic, posts, form, unsub, canModCateg, None, replyBlocked)
+                ).map(_.withCanonical(routes.ForumTopic.show(categ.slug, topic.slug, page)))
               else notFound
           yield res
 

diff --git a/app/views/forum/topic.scala b/app/views/forum/topic.scala
@@ -73,7 +73,8 @@ object topic:
       formWithCaptcha: Option[FormWithCaptcha],
       unsub: Option[Boolean],
       canModCateg: Boolean,
-      formText: Option[String] = None
+      formText: Option[String] = None,
+      replyBlocked: Boolean = false
   )(using ctx: PageContext) =
     views.html.base.layout(
       title = s"${topic.name} • page ${posts.currentPage}/${posts.nbPages} • ${categ.name}",
@@ -136,6 +137,7 @@ object topic:
                     a(href := teamRoutes.show(teamId))(trans.teamNamedX(teamLink(teamId, true)))
               .orElse:
                 if ctx.me.exists(_.isBot) then p("Bots cannot post in the forum.").some
+                else if replyBlocked then p(trans.ublog.youBlockedByBlogAuthor()).some
                 else ctx.isAuth option p(trans.youCannotPostYetPlaySomeGames())
           ,
           div(

diff --git a/modules/api/src/main/ForumAccess.scala b/modules/api/src/main/ForumAccess.scala
@@ -1,13 +1,16 @@
 package lila.api
 
-import lila.forum.ForumCateg
+import lila.forum.{ ForumCateg, ForumTopic }
 import lila.security.{ Granter, Permission }
 import lila.team.Team
 import lila.user.{ User, Me }
+import lila.relation.Block
 
-final class ForumAccess(teamApi: lila.team.TeamApi, teamCached: lila.team.Cached)(using
-    Executor
-):
+final class ForumAccess(
+    teamApi: lila.team.TeamApi,
+    teamCached: lila.team.Cached,
+    relationApi: lila.relation.RelationApi
+)(using Executor):
 
   enum Operation:
     case Read, Write
@@ -45,3 +48,8 @@ final class ForumAccess(teamApi: lila.team.TeamApi, teamCached: lila.team.Cached
   def isGrantedMod(categId: ForumCategId)(using meOpt: Option[Me]): Fu[Boolean] = meOpt.so: me =>
     if Granter.opt(_.ModerateForum) then fuTrue
     else ForumCateg.toTeamId(categId).so(teamApi.hasPerm(_, me, _.Comm))
+
+  def isReplyBlockedOnUBlog(topic: ForumTopic, canModCateg: Boolean)(using me: Me): Fu[Boolean] =
+    (topic.ublogId.isDefined && !canModCateg).so:
+      topic.userId.so: topicAuthor =>
+        relationApi.fetchBlocks(topicAuthor, me)
diff --git a/modules/i18n/src/main/I18nKeys.scala b/modules/i18n/src/main/I18nKeys.scala
@@ -2455,6 +2455,7 @@ object I18nKeys:
     val `inappropriateContentAccountClosed` = I18nKey("ublog:inappropriateContentAccountClosed")
     val `blogTips` = I18nKey("ublog:blogTips")
     val `discussThisBlogPostInTheForum` = I18nKey("ublog:discussThisBlogPostInTheForum")
+    val `youBlockedByBlogAuthor` = I18nKey("ublog:youBlockedByBlogAuthor")
     val `publishedNbBlogPosts` = I18nKey("ublog:publishedNbBlogPosts")
     val `nbViews` = I18nKey("ublog:nbViews")
     val `viewAllNbPosts` = I18nKey("ublog:viewAllNbPosts")

diff --git a/translation/source/ublog.xml b/translation/source/ublog.xml
@@ -52,4 +52,5 @@
   <string name="inappropriateContentAccountClosed">Anything inappropriate could get your account closed.</string>
   <string name="blogTips">Our simple tips to write great blog posts</string>
   <string name="discussThisBlogPostInTheForum">Discuss this blog post in the forum</string>
+  <string name="youBlockedByBlogAuthor">You are blocked by the blog author.</string>
 </resources>