website/pkg/controller/account/user_note.go
Noah Petherbridge e146c09850 Improvements to Feedback & Reports
* Add an AboutUserID field to feedbacks, so when the report is about a
  picture that is later deleted, the feedback can still link to the
  original owner's account instead of showing an error.
* Add filters to the User Notes page so the admin can see:
  * All feedback From or About the user or their content (default)
  * Feedback created by the user
  * Feedback about the user or their content
  * Fuzzy search for any feedback containing the user's name.
* On chat room reports: make the @channel ID a clickable user profile
  link for convenience.
2024-10-17 19:21:18 -07:00

307 lines
7.8 KiB
Go

package account
import (
"net/http"
"net/url"
"strconv"
"code.nonshy.com/nonshy/website/pkg/config"
"code.nonshy.com/nonshy/website/pkg/log"
"code.nonshy.com/nonshy/website/pkg/middleware"
"code.nonshy.com/nonshy/website/pkg/models"
"code.nonshy.com/nonshy/website/pkg/session"
"code.nonshy.com/nonshy/website/pkg/templates"
)
// User notes page (/notes/u/username)
func UserNotes() http.HandlerFunc {
tmpl := templates.Must("account/user_notes.html")
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Parse the username out of the URL parameters.
var (
username = r.PathValue("username")
show = r.FormValue("show") // admin feedback filter
)
// Find this user.
user, err := models.FindUser(username)
if err != nil {
templates.NotFoundPage(w, r)
return
}
// Get the current user.
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}
// Is the site under a Maintenance Mode restriction?
if middleware.MaintenanceMode(currentUser, w, r) {
return
}
// Banned or disabled? Only admin can view then.
if user.Status != models.UserStatusActive && !currentUser.IsAdmin {
templates.NotFoundPage(w, r)
return
}
// Is either one blocking?
if models.IsBlocking(currentUser.ID, user.ID) && !currentUser.IsAdmin {
templates.NotFoundPage(w, r)
return
}
// Look up our current note about this person.
var myNote = models.GetNoteBetweenUsers(currentUser, user)
// Are we submitting a note?
if r.Method == http.MethodPost {
var message = r.FormValue("message")
// Update & save our note.
if message == "" {
// Delete it.
if err := myNote.Delete(); err != nil && err != models.ErrNoUserNoteToDelete {
session.FlashError(w, r, "Error deleting your note: %s", err)
} else if err == nil {
session.Flash(w, r, "Your note was deleted!")
}
} else {
// Update it.
myNote.Message = message
if err := myNote.Save(); err != nil {
session.FlashError(w, r, "Error saving your note: %s", err)
} else {
session.Flash(w, r, "Your notes have been saved!")
}
}
templates.Redirect(w, r.URL.Path)
return
}
// Admin view: paginate their feedback & reports.
var (
feedback = []*models.Feedback{}
otherNotes = []*models.UserNote{}
userMap = models.UserMap{}
notePager = &models.Pagination{
Page: 1,
PerPage: config.PageSizeAdminUserNotes,
Sort: "updated_at desc",
}
fbPager = &models.Pagination{
Page: 1,
PerPage: config.PageSizeAdminFeedbackNotesPage,
Sort: "created_at desc",
}
)
notePager.ParsePage(r)
fbPager.ParsePage(r)
if currentUser.IsAdmin {
// Paginate all notes written about this user.
if on, err := models.PaginateUserNotes(user, notePager); err != nil {
session.FlashError(w, r, "Paginating user notes: %s", err)
} else {
otherNotes = on
}
// Paginate feedback & reports.
if fb, err := models.PaginateFeedbackAboutUser(user, show, fbPager); err != nil {
session.FlashError(w, r, "Paginating feedback on this user: %s", err)
} else {
feedback = fb
}
// Map user IDs for the Feedback Reply-To line and the Note Givers for the paginated notes.
var userIDs = []uint64{}
for _, p := range feedback {
if p.UserID > 0 {
userIDs = append(userIDs, p.UserID)
}
}
for _, p := range otherNotes {
if p.UserID > 0 {
userIDs = append(userIDs, p.UserID)
}
}
if um, err := models.MapUsers(currentUser, userIDs); err != nil {
session.FlashError(w, r, "Couldn't map user IDs: %s", err)
} else {
userMap = um
}
}
vars := map[string]interface{}{
"User": user,
"PhotoCount": models.CountPhotosICanSee(user, currentUser),
"NoteCount": models.CountNotesAboutUser(currentUser, user),
"FriendCount": models.CountFriends(user.ID),
"MyNote": myNote,
// Admin concerns.
"Show": show,
"Feedback": feedback,
"FeedbackPager": fbPager,
"OtherNotes": otherNotes,
"NotePager": notePager,
"UserMap": userMap,
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}
// My user notes page (/notes/me)
func MyNotes() http.HandlerFunc {
tmpl := templates.Must("account/my_user_notes.html")
// Whitelist for ordering options.
var sortWhitelist = []string{
"updated_at desc",
"updated_at asc",
"username desc",
"username asc",
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Filter parameters.
var (
search = r.FormValue("search")
sort = r.FormValue("sort")
adminNotes = r.FormValue("admin_notes") == "true"
sortOK bool
)
// Sort options.
for _, v := range sortWhitelist {
if sort == v {
sortOK = true
break
}
}
if !sortOK {
sort = sortWhitelist[0]
}
// Get the current user.
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}
// Is the site under a Maintenance Mode restriction?
if middleware.MaintenanceMode(currentUser, w, r) {
return
}
// Admin notes?
if adminNotes && !currentUser.HasAdminScope(config.ScopeUserNotes) {
adminNotes = false
}
// Are we deleting a note?
if r.Method == http.MethodPost {
var (
intent = r.PostFormValue("intent")
idStr = r.PostFormValue("id")
)
noteID, err := strconv.Atoi(idStr)
if err != nil {
session.FlashError(w, r, "Invalid note ID.")
templates.Redirect(w, r.URL.Path)
return
}
note, err := models.GetNote(uint64(noteID))
if err != nil {
session.FlashError(w, r, "Couldn't find that note.")
templates.Redirect(w, r.URL.Path)
return
}
// Assert it is our note to edit.
if note.UserID != currentUser.ID {
session.FlashError(w, r, "That is not your note to edit.")
templates.Redirect(w, r.URL.Path)
return
}
if intent == "delete" {
// Delete it!
if err := note.Delete(); err != nil {
session.FlashError(w, r, "Error deleting the note: %s.", err)
templates.Redirect(w, r.URL.Path)
return
}
session.Flash(w, r, "That note has been deleted!")
}
templates.Redirect(w, r.URL.Path)
return
}
var (
pager = &models.Pagination{
Page: 1,
PerPage: config.PageSizeAdminUserNotes,
Sort: sort,
}
userIDs = []uint64{}
notes []*models.UserNote
adminUserMap models.UserMap
)
pager.ParsePage(r)
if adminNotes {
notes, err = models.PaginateAdminUserNotes(search, pager)
if userMap, err := models.MapAdminUsers(currentUser); err == nil {
adminUserMap = userMap
}
} else {
notes, err = models.PaginateMyUserNotes(currentUser, search, pager)
}
if err != nil {
session.FlashError(w, r, "Error getting your user notes: %s", err)
templates.Redirect(w, "/")
return
}
// Map user IDs to users.
for _, note := range notes {
userIDs = append(userIDs, note.AboutUserID)
}
userMap, err := models.MapUsers(currentUser, userIDs)
if err != nil {
log.Error("MyUserNotes: couldn't MapUsers: %s", err)
}
vars := map[string]interface{}{
"Notes": notes,
"Pager": pager,
"UserMap": userMap, // users talked about on this page
"AdminUserMap": adminUserMap, // other admin note authors for AdminNotes view
// Search filters
"Search": search,
"Sort": sort,
"AdminNotes": adminNotes,
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}