FAQ update and notifications fix

This commit is contained in:
Noah Petherbridge 2024-01-10 20:47:38 -08:00
parent 19006877a2
commit eed971d997
5 changed files with 77 additions and 22 deletions

View File

@ -96,25 +96,28 @@ func Likes() http.HandlerFunc {
case "photos":
if photo, err := models.GetPhoto(tableID); err == nil {
if user, err := models.GetUser(photo.UserID); err == nil {
// Admin safety check: in case the admin clicked 'Like' on a friends-only or private
// picture they shouldn't have been expected to see, do not log a like.
if currentUser.IsAdmin && currentUser.ID != user.ID {
// Safety check: if the current user should not see this picture, they can not "Like" it.
// Example: you unfriended them but they still had the image on their old browser page.
var unallowed bool
if currentUser.ID != user.ID {
if (photo.Visibility == models.PhotoFriends && !models.AreFriends(user.ID, currentUser.ID)) ||
(photo.Visibility == models.PhotoPrivate && !models.IsPrivateUnlocked(user.ID, currentUser.ID)) {
SendJSON(w, http.StatusForbidden, Response{
Error: "You are not allowed to like that photo.",
})
return
unallowed = true
}
}
// Blocking safety check: if either user blocks the other, liking is not allowed.
if models.IsBlocking(currentUser.ID, user.ID) {
unallowed = true
}
if unallowed {
SendJSON(w, http.StatusForbidden, Response{
Error: "You are not allowed to like that photo.",
})
return
}
targetUser = user
}
} else {

View File

@ -60,6 +60,11 @@ func AddFriend() http.HandlerFunc {
return
}
// Revoke any friends-only photo notifications they had received before.
if err := models.RevokeFriendPhotoNotifications(currentUser, user.ID); err != nil {
log.Error("Couldn't revoke friend photo notifications from %s to %s: %s", currentUser.Username, user.Username, err)
}
var message string
if verdict == "reject" {
message = fmt.Sprintf("Friend request from %s has been rejected.", username)

View File

@ -446,6 +446,25 @@ func RemoveFriend(sourceUserID, targetUserID uint64) error {
return result.Error
}
// RevokeFriendPhotoNotifications removes notifications about newly uploaded friends photos
// that were sent to your former friends, when you remove their friendship.
//
// For example: if I unfriend you, all your past notifications that showed my friends-only photos should
// be revoked so that you can't see them anymore.
func RevokeFriendPhotoNotifications(currentUser *User, fromUserID uint64) error {
// Gather the IDs of all our private photos to nuke notifications for.
photoIDs, err := currentUser.AllFriendsOnlyPhotoIDs()
if err != nil {
return err
} else if len(photoIDs) == 0 {
// Nothing to do.
return nil
}
log.Info("RevokeFriendPhotoNotifications(%s): forget about friend photo uploads for user %d on photo IDs: %v", currentUser.Username, fromUserID, photoIDs)
return RemoveSpecificNotificationBulk(fromUserID, NotificationNewPhoto, "photos", photoIDs)
}
// Save photo.
func (f *Friend) Save() error {
result := DB.Save(f)

View File

@ -100,6 +100,25 @@ func (u *User) AllPrivatePhotoIDs() ([]uint64, error) {
return photoIDs, nil
}
// AllFriendsOnlyPhotoIDs returns the listing of all IDs of the user's private photos.
func (u *User) AllFriendsOnlyPhotoIDs() ([]uint64, error) {
var photoIDs = []uint64{}
err := DB.Table(
"photos",
).Select(
"photos.id AS id",
).Where(
"user_id = ? AND visibility = ?",
u.ID, PhotoFriends,
).Scan(&photoIDs)
if err.Error != nil {
return photoIDs, fmt.Errorf("AllFriendsOnlyPhotoIDs(%s): %s", u.Username, err.Error)
}
return photoIDs, nil
}
// AllPhotoIDs returns the listing of all IDs of the user's photos.
func (u *User) AllPhotoIDs() ([]uint64, error) {
if u.cachePhotoIDs != nil {

View File

@ -52,7 +52,7 @@
<li><a href="#other-people">Can I include other people in my photos?</a></li>
<li><a href="#define-explicit">What is considered "explicit" in photos?</a></li>
<li><a href="#photoshop">Are digitally altered or 'photoshopped' pictures okay?</a></li>
<li><a href="#downloading">Does this site <strong>prevent people from downloading</strong> my pictures?</a></li>
<li><a href="#downloading">Does this site <strong>prevent people from downloading</strong> my pictures?</a> <span class="tag is-success">UPDATED Jan 10 2024</span></li>
</ul>
</li>
<li>
@ -706,29 +706,38 @@
<h3 id="downloading">Does this site prevent people from downloading my pictures?</h3>
<p>
This website does not go out of its way to prevent people from downloading pictures, and
nor will it pretend to. This is actually a very difficult problem to solve in the year {{.YYYY}}.
<span class="tag is-success">Updated Jan 10 2024</span>
</p>
<p>
I <em>could</em> add some JavaScripts that prevent right-clicking on my pages so you can't
just "Save image as," but this would only deter desktop (mouse &amp; keyboard) users and is easy
to work around. I <em>could</em> place a transparent image over top of all your pictures like
Instagram does and if you try and save it, you just get a one-pixel transparent GIF; but this
is trivially defeated by any novice web designer by just right-clicking, "Inspect element" and
deleting it from the web page to get at the photo it was protecting.
As of November 2023, the {{PrettyTitle}} website does discourage the downloading of pictures
to the limited extent that a web page is able to. We have a right-click handler (long press
on mobile) where if you right-click on a photo anywhere on the site, you are shown a pop-up
message to "please respect our members' privacy" and a reminder that it is against the rules
to download and share images from this site elsewhere. We also have a script that inteferes with
dragging an image off of the page and into your URL bar or another application which helps to
protect pictures from being easily saved.
</p>
<p>
And people can always just screenshot the whole web page - and a web page can't do anything
at all to prevent that. With mobile phones this is an especially easy and common thing to
do. Any mild measures this site could take to deter downloading would only provide a false
sense of security, which is worse than having no security.
You can see this in action by attempting to right-click, long press, or drag the image below:
</p>
<p>
There are risks inherent with putting a picture on the Internet. This website does provide
some controls you can utilize as to <em>who</em> will see the pictures you upload:
<img src="/static/img/shy.png" width="48" height="48">
</p>
<p>
However, a motivated individual can <strong>always</strong> circumvent these kind of restrictions
and download a picture if they really want to. There is no technical measure that a website can
take to prevent this entirely: because at the end of the day, they can always just screenshot the whole
entire web page which is especially trivial and common to do from mobile devices.
</p>
<p>
There are risks inherent with putting a picture on the Internet. This website <em>does</em> provide
some controls you can utilize to limit who is allowed to see your picture in the first place, to
those who you think you can trust not to download your picture:
</p>
<ul>