votes: make upvotes visible to everyone by default.

Make upvotes public the same way favorites are public: * Rename the "Private favorites" account setting to "Private favorites and upvotes". * Make upvotes public, unless the user has private upvotes enabled. Note that private upvotes are still visible to admins. Downvotes are still hidden to everyone except for admins. * Make https://danbooru.donmai.us/post_votes visible to all users. This page shows all public upvotes. Private upvotes and downvotes are only visible on the page to admins and to the voter themselves. * Make votes searchable with the `upvote:username` and `downvote:username` metatags. These already existed before, but they were only usable by admins and by people searching for their own votes. Upvotes are public to discourage users from upvoting with multiple accounts. Upvote abuse is obvious to everyone when upvotes are public. The other reason is to make upvotes consistent with favorites, which are already public.
2021-11-16 02:12:49 -06:00
parent 43c2870664
commit 1a27b1d5eb
7 changed files with 220 additions and 35 deletions
--- a/app/models/post_vote.rb
+++ b/app/models/post_vote.rb
@@ -10,13 +10,15 @@ class PostVote < ApplicationRecord

  scope :positive, -> { where("post_votes.score > 0") }
  scope :negative, -> { where("post_votes.score < 0") }
+  scope :public_votes, -> { positive.where(user: User.has_public_favorites) }

  def self.visible(user)
-    user.is_admin? ? all : where(user: user)
+    user.is_admin? ? all : where(user: user).or(public_votes)
  end

  def self.search(params)
    q = search_attributes(params, :id, :created_at, :updated_at, :score, :user, :post)
+
    q.apply_default_order(params)
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -152,6 +152,8 @@ class User < ApplicationRecord
  scope :admins, -> { where(level: Levels::ADMIN) }

  scope :has_blacklisted_tag, ->(name) { where_regex(:blacklisted_tags, "(^| )[~-]?#{Regexp.escape(name)}( |$)", flags: "ni") }
+  scope :has_private_favorites, -> { bit_prefs_match(:enable_private_favorites, true) }
+  scope :has_public_favorites,  -> { bit_prefs_match(:enable_private_favorites, false) }

  module BanMethods
    def unban!
--- a/app/policies/post_vote_policy.rb
+++ b/app/policies/post_vote_policy.rb
@@ -8,6 +8,16 @@ class PostVotePolicy < ApplicationPolicy
  end

  def show?
-    user.is_admin? || record.user == user
+    user.is_admin? || record.user == user || (record.is_positive? && !record.user.enable_private_favorites?)
+  end
+
+  def can_see_voter?
+    show?
+  end
+
+  def api_attributes
+    attributes = super
+    attributes -= [:user_id] unless can_see_voter?
+    attributes
  end
 end
--- a/app/views/post_votes/index.html.erb
+++ b/app/views/post_votes/index.html.erb
@@ -24,8 +24,12 @@
        <div><%= time_ago_in_words_tagged(vote.post.created_at) %></div>
      <% end %>
      <% t.column "Voter" do |vote| %>
-        <%= link_to_user vote.user %>
-        <%= link_to "»", post_votes_path(search: { user_name: vote.user.name }) %>
+        <% if policy(vote).can_see_voter? %>
+          <%= link_to_user vote.user %>
+          <%= link_to "»", post_votes_path(search: { user_name: vote.user.name }) %>
+        <% else %>
+          <i>hidden</i>
+        <% end %>
        <div><%= time_ago_in_words_tagged(vote.created_at) %></div>
      <% end %>
      <% t.column column: "control" do |vote| %>
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -63,7 +63,7 @@
        <%= f.input :hide_deleted_posts, :as => :select, :label => "Deleted post filter", :hint => "Remove deleted posts from search results", :include_blank => false, :collection => [["Yes", "true"], ["No", "false"]] %>
        <%= f.input :show_deleted_children, :as => :select, :label => "Show deleted children", :hint => "Show thumbnail borders on parent posts even if the children are deleted", :include_blank => false, :collection => [["Yes", "true"], ["No", "false"]] %>
        <%= f.input :disable_categorized_saved_searches, :hint => "Don't show dialog box when creating a new saved search", :as => :select, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
-        <%= f.input :enable_private_favorites, :as => :select, :hint => "Make your favorites private", :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
+        <%= f.input :enable_private_favorites, :label => "Private favorites and votes", :as => :select, :hint => "Make your favorites and upvotes private", :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
        <%= f.input :disable_tagged_filenames, :as => :select, :hint => "Don't include tags in image filenames", :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
        <%= f.input :disable_mobile_gestures, :as => :select, :hint => "Disable swipe left / swipe right gestures on mobile", :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
        <%= f.input :disable_post_tooltips, :as => :select, :hint => "Disable advanced tooltips when hovering over thumbnails", :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>