posts: show takedown page for banned artists and posts.

Show a "This page has been removed because of a takedown request" error when an unauthorized user searches for a banned tag, or tries to view a banned post.
2022-05-03 05:23:41 -05:00
parent 48b8daa397
commit 2219a64f47
8 changed files with 19 additions and 7 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true

 class ApplicationController < ActionController::Base
+  class PageRemovedError < StandardError; end
+
  include Pundit::Authorization
  helper_method :search_params, :permitted_attributes

@@ -136,6 +138,8 @@ class ApplicationController < ActionController::Base
      render_error_page(422, exception, message: exception.message)
    when RateLimiter::RateLimitError
      render_error_page(429, exception, message: "Rate limit exceeded. You're doing that too fast")
+    when PageRemovedError
+      render_error_page(451, exception, template: "static/page_removed_error", message: "This page has been removed because of a takedown request")
    when Rack::Timeout::RequestTimeoutException
      render_error_page(500, exception, message: "Your request took too long to complete and was canceled.")
    when NotImplementedError
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -40,6 +40,7 @@ class ArtistsController < ApplicationController

  def show
    @artist = authorize Artist.find(params[:id])
+    raise PageRemovedError if request.format.html? && @artist.is_banned? && !policy(@artist).can_view_banned?
    respond_with(@artist)
  end

--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -18,6 +18,8 @@ class PostsController < ApplicationController
      query = "#{post_set.normalized_query.to_s} random:#{post_set.per_page}".strip
      redirect_to posts_path(tags: query, page: params[:page], limit: params[:limit], format: request.format.symbol)
    else
+      raise PageRemovedError if request.format.html? && post_set.banned_artist?
+
      @preview_size = params[:size].presence || cookies[:post_preview_size].presence || PostGalleryComponent::DEFAULT_SIZE
      @posts = authorize post_set.posts, policy_class: PostPolicy
      respond_with(@posts) do |format|
@@ -28,6 +30,7 @@ class PostsController < ApplicationController

  def show
    @post = authorize Post.eager_load(:uploader, :media_asset).find(params[:id])
+    raise PageRemovedError if request.format.html? && @post.banblocked?(CurrentUser.user)

    if request.format.html?
      include_deleted = @post.is_deleted? || (@post.parent_id.present? && @post.parent.is_deleted?) || CurrentUser.user.show_deleted_children?
--- a/app/controllers/wiki_pages_controller.rb
+++ b/app/controllers/wiki_pages_controller.rb
@@ -31,6 +31,7 @@ class WikiPagesController < ApplicationController

  def show
    @wiki_page, found_by = WikiPage.find_by_id_or_title(params[:id])
+    raise PageRemovedError if request.format.html? && @wiki_page&.artist.present? && @wiki_page.artist.is_banned? && !policy(@wiki_page.artist).can_view_banned?

    if request.format.html? && @wiki_page.blank? && found_by == :title
      @wiki_page = WikiPage.new(title: params[:id])
--- a/app/logical/post_sets/post.rb
+++ b/app/logical/post_sets/post.rb
@@ -146,6 +146,10 @@ module PostSets
      end
    end

+    def banned_artist?
+      artist.present? && artist.is_banned? && !artist.policy(current_user).can_view_banned?
+    end
+
    def includes
      if show_votes?
        [:media_asset, :vote_by_current_user]
--- a/app/views/static/page_removed_error.html.erb
+++ b/app/views/static/page_removed_error.html.erb
@@ -0,0 +1,3 @@
+<% page_title "Page Removed" %>
+
+<p>This page has been removed because of a takedown request.</p>
--- a/test/functional/posts_controller_test.rb
+++ b/test/functional/posts_controller_test.rb
@@ -104,8 +104,7 @@ class PostsControllerTest < ActionDispatch::IntegrationTest

          artist.update(is_banned: true)
          get posts_path, params: { tags: "bkub" }
-          assert_response :success
-          assert_select "#show-excerpt-link", count: 1, text: "Artist"
+          assert_response 451

          artist.update(is_banned: false, is_deleted: true)
          get posts_path, params: { tags: "bkub" }
@@ -125,9 +124,7 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
          create(:post, tag_string: artist.name)
          get posts_path, params: { tags: artist.name }

-          assert_response :success
-          assert_select "#show-excerpt-link", count: 1, text: "Artist"
-          assert_select "meta[name=robots][content=noindex]"
+          assert_response 451
        end

        should "render for a tag with a wiki page" do
--- a/test/functional/wiki_pages_controller_test.rb
+++ b/test/functional/wiki_pages_controller_test.rb
@@ -162,8 +162,7 @@ class WikiPagesControllerTest < ActionDispatch::IntegrationTest
        @artist = create(:artist, name: @wiki_page.title, is_banned: true)
        get wiki_page_path(@wiki_page.title)

-        assert_response :success
-        assert_select "meta[name=robots][content=noindex]"
+        assert_response 451
      end
    end