Skip to content

Commit 9631f05

Browse files
committed
Allow reporting of malicious content
RfCs and Comments on RfCs are user generated content that can be reviewed by other users. This feature can be misused. A simple email based reporting mechanism has been added allow users to report this malicious content. The UI for the RfC comment are part of a separate change.
1 parent 72195f1 commit 9631f05

File tree

21 files changed

+240
-3
lines changed

21 files changed

+240
-3
lines changed

Gemfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ gem 'sentry-rails' # rubocop:disable Bundler/OrderedGems
6464
gem 'sentry-ruby'
6565

6666
group :development do
67+
gem 'ruby-lsp'
6768
gem 'web-console'
6869
end
6970

Gemfile.lock

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -442,6 +442,8 @@ GEM
442442
rb-fsevent (0.11.2)
443443
rb-inotify (0.11.1)
444444
ffi (~> 1.0)
445+
rbs (3.9.4)
446+
logger
445447
rbtree (0.4.6)
446448
rdoc (6.14.0)
447449
erb
@@ -509,6 +511,11 @@ GEM
509511
lint_roller (~> 1.1)
510512
rubocop (~> 1.72, >= 1.72.1)
511513
rubocop-rspec (~> 3.5)
514+
ruby-lsp (0.23.21)
515+
language_server-protocol (~> 3.17.0)
516+
prism (>= 1.2, < 2.0)
517+
rbs (>= 3, < 4)
518+
sorbet-runtime (>= 0.5.10782)
512519
ruby-progressbar (1.13.0)
513520
ruby-vips (2.2.3)
514521
ffi (~> 1.12)
@@ -730,6 +737,7 @@ DEPENDENCIES
730737
rubocop-rails
731738
rubocop-rspec
732739
rubocop-rspec_rails
740+
ruby-lsp
733741
rubytree
734742
rubyzip
735743
sassc-rails
@@ -928,6 +936,7 @@ CHECKSUMS
928936
ransack (4.3.0) sha256=48e141814eb4af8a5cc4e9890b7a088fe818c9996c6b8c846f11104b4c12e8b1
929937
rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
930938
rb-inotify (0.11.1) sha256=a0a700441239b0ff18eb65e3866236cd78613d6b9f78fea1f9ac47a85e47be6e
939+
rbs (3.9.4) sha256=8e42c8f133fc2d94b65f62f34479546de1247b79892b57584f625b61e518a5d7
931940
rbtree (0.4.6) sha256=14eea4469b24fd2472542e5f3eb105d6344c8ccf36f0b56d55fdcfeb4e0f10fc
932941
rdoc (6.14.0) sha256=2c46de58d7129b8743fcf6d76e3db971bdc914150e15ac06b386549bd82ed7db
933942
regexp_parser (2.10.0) sha256=cb6f0ddde88772cd64bff1dbbf68df66d376043fe2e66a9ef77fcb1b0c548c61
@@ -949,6 +958,7 @@ CHECKSUMS
949958
rubocop-rails (2.32.0) sha256=9fcc623c8722fe71e835e99c4a18b740b5b0d3fb69915d7f0777f00794b30490
950959
rubocop-rspec (3.6.0) sha256=c0e4205871776727e54dee9cc91af5fd74578001551ba40e1fe1a1ab4b404479
951960
rubocop-rspec_rails (2.31.0) sha256=775375e18a26a1184a812ef3054b79d218e85601b9ae897f38f8be24dddf1f45
961+
ruby-lsp (0.23.21) sha256=164f2e2d16b75930d1a0dd2ec28a5320f22ac9910defe5ab433467c431b99be0
952962
ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33
953963
ruby-vips (2.2.3) sha256=41d12b1a805cd6ead4a7965201a8f7c5fe459bb58d3a7d967c9eb0719a6edc92
954964
rubytree (2.1.1) sha256=4925016356a81730e982f1f8c3b5f8da461f18906c77d238bad4c4ba896abd41
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# frozen_string_literal: true
2+
3+
class ReportsController < ApplicationController
4+
def create
5+
authorize(reported_content, policy_class: ReportPolicy)
6+
ReportMailer.with(reported_content:).report_content.deliver_later
7+
redirect_back(fallback_location: :root, notice: t('reports.reported'))
8+
end
9+
10+
private
11+
12+
def reported_content
13+
@reported_content ||= GlobalID::Locator.locate(params.require(:global_content_id))
14+
end
15+
end

app/mailers/report_mailer.rb

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# frozen_string_literal: true
2+
3+
class ReportMailer < ApplicationMailer
4+
default to: CodeOcean::Config.new(:code_ocean).read.dig(:content_moderation, :report_emails)
5+
6+
def report_content
7+
@reported_content = params.fetch(:reported_content)
8+
9+
mail(subject: "Spam Report: A #{@reported_content.class.name} on CodeOcean has been marked as inappropriate.")
10+
end
11+
end

app/policies/report_policy.rb

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# frozen_string_literal: true
2+
3+
class ReportPolicy < ApplicationPolicy
4+
def show?
5+
reciever_awalible? && @user
6+
end
7+
8+
def create?
9+
reciever_awalible? && @user && [RequestForComment, Comment].include?(@record.class)
10+
end
11+
12+
private
13+
14+
def reciever_awalible?
15+
ReportMailer.default_params.fetch(:to).present?
16+
end
17+
end
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
The following content has been reported as inappropriate:
2+
3+
<% case @reported_content %>
4+
<% when Comment %>
5+
<%= @reported_content.text %>
6+
<% when RequestForComment %>
7+
<%= @reported_content.question %>
8+
<% else %>
9+
<% raise("Unexpected reported content: #{@reported_content.class.name}") %>
10+
<% end %>
11+
12+
Please take action on the admin page if required.
13+
<%= rails_admin.show_url(
14+
model_name: @reported_content.class.name.underscore,
15+
id: @reported_content.id) %>
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
- if policy(:report).show?
2+
= button_to t('reports.report'), reports_path,
3+
params: { global_content_id: reported_content.to_global_id },
4+
data: { confirm: t('reports.confirm') },
5+
class: 'btn btn-light btn-sm'

app/views/request_for_comments/show.html.slim

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@
2828
.text
2929
- question = @request_for_comment.question
3030
= question.presence || t('request_for_comments.no_question')
31+
.text-end
32+
= render('reports/button', reported_content: @request_for_comment)
3133

3234
- if policy(@request_for_comment).mark_as_solved? && !@request_for_comment.solved?
3335
= render('mark_as_solved')

config/code_ocean.yml.ci

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,6 @@ test:
1414
ca_file: /example/certificates/ca.crt
1515
token: SECRET
1616
unused_runner_expiration_time: 180
17+
content_moderation:
18+
report_emails:
19+
- report@example.com

config/code_ocean.yml.example

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,10 @@ default: &default
5555
# be truly greater than any permitted execution time of an execution environment.
5656
unused_runner_expiration_time: 180
5757

58+
content_moderation:
59+
# Email address to receive reports about inappropriate content.
60+
report_emails:
61+
# - report@example.com
5862

5963
development:
6064
<<: *default

0 commit comments

Comments
 (0)