ea1c4aab18
* If a user is about to delete all remaining gallery photos, and their account is certified, show a warning banner and extra confirmation modal before they continue with the deletion, that their account will lose its certified status. * Minor improvements to change logs around cert photos.
177 lines
5.5 KiB
Go
177 lines
5.5 KiB
Go
package models
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/log"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// CertificationPhoto table.
|
|
type CertificationPhoto struct {
|
|
ID uint64 `gorm:"primaryKey"`
|
|
UserID uint64 `gorm:"uniqueIndex"`
|
|
Filename string
|
|
Filesize int64
|
|
Status CertificationPhotoStatus
|
|
AdminComment string
|
|
SecondaryNeeded bool // a secondary form of ID has been requested
|
|
SecondaryFilename string // photo ID upload
|
|
SecondaryVerified bool // mark true when ID checked so original can be deleted
|
|
IPAddress string // the IP they uploaded the photo from
|
|
CreatedAt time.Time
|
|
UpdatedAt time.Time
|
|
}
|
|
|
|
type CertificationPhotoStatus string
|
|
|
|
const (
|
|
CertificationPhotoNeeded CertificationPhotoStatus = "needed"
|
|
CertificationPhotoPending CertificationPhotoStatus = "pending"
|
|
CertificationPhotoApproved CertificationPhotoStatus = "approved"
|
|
CertificationPhotoRejected CertificationPhotoStatus = "rejected"
|
|
|
|
// If a photo is pending approval but the admin wants to engage the
|
|
// secondary check (prompt user for a photo ID upload)
|
|
CertificationPhotoSecondary CertificationPhotoStatus = "secondary"
|
|
)
|
|
|
|
// GetCertificationPhoto retrieves the user's record from the DB or upserts their initial record.
|
|
func GetCertificationPhoto(userID uint64) (*CertificationPhoto, error) {
|
|
p := &CertificationPhoto{}
|
|
result := DB.Where("user_id = ?", userID).First(&p)
|
|
if result.Error == gorm.ErrRecordNotFound {
|
|
p = &CertificationPhoto{
|
|
UserID: userID,
|
|
Status: CertificationPhotoNeeded,
|
|
}
|
|
result = DB.Create(p)
|
|
return p, result.Error
|
|
}
|
|
return p, result.Error
|
|
}
|
|
|
|
// CertifiedSince retrieve's the last updated date of the user's certification photo, if approved.
|
|
//
|
|
// This incurs a DB query for their cert photo.
|
|
func (u *User) CertifiedSince() (time.Time, error) {
|
|
if !u.Certified {
|
|
return time.Time{}, errors.New("user is not certified")
|
|
}
|
|
|
|
cert, err := GetCertificationPhoto(u.ID)
|
|
if err != nil {
|
|
return time.Time{}, err
|
|
}
|
|
|
|
if cert.Status != CertificationPhotoApproved {
|
|
// The edge case can come up if a user was manually certified but didn't have an approved picture.
|
|
// Return their CreatedAt instead.
|
|
return u.CreatedAt, nil
|
|
}
|
|
|
|
return cert.UpdatedAt, nil
|
|
}
|
|
|
|
// CertificationPhotosNeedingApproval returns a pager of the pictures that require admin approval.
|
|
func CertificationPhotosNeedingApproval(status CertificationPhotoStatus, pager *Pagination) ([]*CertificationPhoto, error) {
|
|
var p = []*CertificationPhoto{}
|
|
|
|
query := DB.Where(
|
|
"status = ?",
|
|
status,
|
|
).Order(
|
|
pager.Sort,
|
|
)
|
|
|
|
// Get the total count.
|
|
query.Model(&CertificationPhoto{}).Count(&pager.Total)
|
|
|
|
result := query.Offset(
|
|
pager.GetOffset(),
|
|
).Limit(pager.PerPage).Find(&p)
|
|
|
|
return p, result.Error
|
|
}
|
|
|
|
// CountCertificationPhotosNeedingApproval gets the count of pending photos for admin alert.
|
|
func CountCertificationPhotosNeedingApproval() int64 {
|
|
var count int64
|
|
DB.Where("status = ?", CertificationPhotoPending).Model(&CertificationPhoto{}).Count(&count)
|
|
return count
|
|
}
|
|
|
|
// MaybeRevokeCertificationForEmptyGallery will delete a user's certification photo if they delete every picture from their gallery.
|
|
//
|
|
// Returns true if their certification was revoked.
|
|
func MaybeRevokeCertificationForEmptyGallery(user *User) bool {
|
|
cert, err := GetCertificationPhoto(user.ID)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
// Ignore if their cert photo status is not applicable to be revoked.
|
|
if cert.Status == CertificationPhotoNeeded || cert.Status == CertificationPhotoRejected {
|
|
return false
|
|
}
|
|
|
|
if count := CountPhotos(user.ID); count == 0 {
|
|
// Revoke their cert status.
|
|
cert.Status = CertificationPhotoRejected
|
|
cert.SecondaryVerified = false
|
|
cert.AdminComment = "Your certification photo has been automatically rejected because you have deleted every photo on your gallery. " +
|
|
"To restore your certified status, please upload photos to your gallery and submit a new Certification Photo for approval."
|
|
|
|
if err := cert.Save(); err != nil {
|
|
log.Error("MaybeRevokeCertificationForEmptyGallery(%s): %s", user.Username, err)
|
|
}
|
|
|
|
// Update the user's Certified flag. Note: we freshly query the user here in case they had JUST deleted
|
|
// their default profile picture - so that we don't (re)set their old ProfilePhotoID by accident!
|
|
if user, err := GetUser(user.ID); err == nil {
|
|
user.Certified = false
|
|
if err := user.Save(); err != nil {
|
|
log.Error("MaybeRevokeCertificationForEmptyGallery(%s): saving user certified flag: %s", user.Username, err)
|
|
}
|
|
}
|
|
|
|
// Notify the site admin for visibility.
|
|
fb := &Feedback{
|
|
Intent: "report",
|
|
Subject: "A certified user has deleted all their pictures",
|
|
UserID: user.ID,
|
|
TableName: "users",
|
|
TableID: user.ID,
|
|
Message: fmt.Sprintf(
|
|
"The username **@%s** has deleted every picture in their gallery, and so their Certification Photo status has been revoked.",
|
|
user.Username,
|
|
),
|
|
}
|
|
|
|
// Save the feedback.
|
|
if err := CreateFeedback(fb); err != nil {
|
|
log.Error("Couldn't save feedback from user auto-revoking their cert photo: %s", err)
|
|
}
|
|
|
|
// Update the cert photo's change log.
|
|
LogEvent(user, nil, ChangeLogRejected, "certification_photos", user.ID, "Their cert photo was automatically rejected because they deleted their entire photo gallery.")
|
|
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// Save photo.
|
|
func (p *CertificationPhoto) Save() error {
|
|
result := DB.Save(p)
|
|
return result.Error
|
|
}
|
|
|
|
// Delete the DB entry.
|
|
func (p *CertificationPhoto) Delete() error {
|
|
return DB.Delete(p).Error
|
|
}
|