From 2429d6c961f9723c94a3b769375d853a4a30b7ec Mon Sep 17 00:00:00 2001 From: evazion Date: Thu, 22 Sep 2022 19:39:12 -0500 Subject: [PATCH] comments: let users see their own name on their own deleted comments. * Let the user see their own username when viewing their own deleted comments. * Don't hide the creator_id field from the comment creator in the API. * Hide the score, do_not_bump_post, and is_sticky fields for deleted comments in the HTML and in the API, unless the user is a moderator. * Hide the "..." popup menu on deleted comments, unless the user is a moderator. This is so that when a user looks at their own comment history, their name isn't hidden from them on their own deleted comments. This may confuse users however into thinking their name is still visible to other users. --- app/components/comment_component.rb | 4 + .../comment_component.html.erb | 102 +++++++++--------- app/policies/comment_policy.rb | 5 +- test/components/comment_component_test.rb | 12 ++- 4 files changed, 69 insertions(+), 54 deletions(-) diff --git a/app/components/comment_component.rb b/app/components/comment_component.rb index 78edb9c83..1ed50ffc9 100644 --- a/app/components/comment_component.rb +++ b/app/components/comment_component.rb @@ -19,6 +19,10 @@ class CommentComponent < ApplicationComponent !comment.is_deleted? && !comment.is_sticky? && comment.score <= current_user.comment_threshold end + def can_see_creator? + policy(comment).can_see_creator? + end + def redact_deleted? comment.is_deleted? && !policy(comment).can_see_deleted? end diff --git a/app/components/comment_component/comment_component.html.erb b/app/components/comment_component/comment_component.html.erb index 7e685d88c..14f666e06 100644 --- a/app/components/comment_component/comment_component.html.erb +++ b/app/components/comment_component/comment_component.html.erb @@ -3,12 +3,12 @@ x-bind:data-show-thresholded="String(showThresholded)" data-id="<%= comment.id %>" data-post-id="<%= comment.post_id %>" - data-creator-id="<%= comment.creator_id unless redact_deleted? %>" + data-creator-id="<%= comment.creator_id if can_see_creator? %>" data-updater-id="<%= comment.updater_id unless redact_deleted? %>" - data-score="<%= comment.score %>" - data-do-not-bump-post="<%= comment.do_not_bump_post? %>" + data-score="<%= comment.score unless redact_deleted? %>" + data-do-not-bump-post="<%= comment.do_not_bump_post? unless redact_deleted? %>" data-is-deleted="<%= comment.is_deleted? %>" - data-is-sticky="<%= comment.is_sticky? %>" + data-is-sticky="<%= comment.is_sticky? unless redact_deleted? %>" data-is-dimmed="<%= dimmed? %>" data-is-thresholded="<%= thresholded? %>" data-is-reported="<%= reported? %>" @@ -18,12 +18,12 @@
- <% if redact_deleted? %> + <% if redact_deleted? && !can_see_creator? %> [deleted] <% else %> <%= link_to_user comment.creator %> <% if comment.is_deleted? %> - (deleted) + [deleted] <% end %> <% end %>
@@ -90,65 +90,67 @@ <% end %> - <%= render PopupMenuComponent.new do |menu| %> - <% if policy(comment).update? %> - <% menu.item do %> - <%= link_to edit_comment_path(comment.id), id: "edit_comment_link_#{comment.id}", class: "edit_comment_link" do %> - <%= edit_icon %> Edit + <% unless redact_deleted? %> + <%= render PopupMenuComponent.new do |menu| %> + <% if policy(comment).update? %> + <% menu.item do %> + <%= link_to edit_comment_path(comment.id), id: "edit_comment_link_#{comment.id}", class: "edit_comment_link" do %> + <%= edit_icon %> Edit + <% end %> + <% end %> + + <% menu.item do %> + <% if comment.is_deleted? %> + <%= link_to comment_path(comment.id), "data-params": "comment[is_deleted]=false", method: :put, remote: true do %> + <%= undelete_icon %> Undelete + <% end %> + <% else %> + <%= link_to comment_path(comment.id), "data-params": "comment[is_deleted]=true", "data-confirm": "Are you sure you want to delete this comment?", method: :put, remote: true do %> + <%= delete_icon %> Delete + <% end %> + <% end %> + <% end %> + <% end %> + + <% if policy(comment).can_sticky_comment? %> + <% menu.item do %> + <% if comment.is_sticky? %> + <%= link_to comment_path(comment.id), "data-params": "comment[is_sticky]=false", method: :put, remote: true do %> + <%= unsticky_icon %> Unsticky + <% end %> + <% else %> + <%= link_to comment_path(comment.id), "data-params": "comment[is_sticky]=true", method: :put, remote: true do %> + <%= sticky_icon %> Sticky + <% end %> + <% end %> + <% end %> + <% end %> + + <% if policy(comment).reportable? %> + <% menu.item do %> + <%= link_to new_moderation_report_path(moderation_report: { model_type: "Comment", model_id: comment.id }), remote: true do %> + <%= flag_icon %> Report + <% end %> <% end %> <% end %> <% menu.item do %> - <% if comment.is_deleted? %> - <%= link_to comment_path(comment.id), "data-params": "comment[is_deleted]=false", method: :put, remote: true do %> - <%= undelete_icon %> Undelete - <% end %> - <% else %> - <%= link_to comment_path(comment.id), "data-params": "comment[is_deleted]=true", "data-confirm": "Are you sure you want to delete this comment?", method: :put, remote: true do %> - <%= delete_icon %> Delete - <% end %> + <%= link_to comment_path(comment.id), class: "comment-copy-id" do %> + <%= hashtag_icon %> Copy ID <% end %> <% end %> - <% end %> - <% if policy(comment).can_sticky_comment? %> <% menu.item do %> - <% if comment.is_sticky? %> - <%= link_to comment_path(comment.id), "data-params": "comment[is_sticky]=false", method: :put, remote: true do %> - <%= unsticky_icon %> Unsticky - <% end %> - <% else %> - <%= link_to comment_path(comment.id), "data-params": "comment[is_sticky]=true", method: :put, remote: true do %> - <%= sticky_icon %> Sticky - <% end %> + <%= link_to comment_path(comment.id), class: "comment-copy-link" do %> + <%= link_icon %> Copy Link <% end %> <% end %> - <% end %> - <% if policy(comment).reportable? %> - <% menu.item do %> - <%= link_to new_moderation_report_path(moderation_report: { model_type: "Comment", model_id: comment.id }), remote: true do %> - <%= flag_icon %> Report - <% end %> - <% end %> <% end %> - - <% menu.item do %> - <%= link_to comment_path(comment.id), class: "comment-copy-id" do %> - <%= hashtag_icon %> Copy ID - <% end %> - <% end %> - - <% menu.item do %> - <%= link_to comment_path(comment.id), class: "comment-copy-link" do %> - <%= link_icon %> Copy Link - <% end %> - <% end %> - <% end %> - <% if policy(comment).update? %> + <% if policy(comment).update? && !redact_deleted? %> <%= render "comments/form", comment: comment, hidden: true %> <% end %>
diff --git a/app/policies/comment_policy.rb b/app/policies/comment_policy.rb index 6557fc456..41391e137 100644 --- a/app/policies/comment_policy.rb +++ b/app/policies/comment_policy.rb @@ -22,7 +22,7 @@ class CommentPolicy < ApplicationPolicy end def can_see_creator? - !record.is_deleted? || can_see_deleted? + !record.is_deleted? || can_see_deleted? || record.creator_id == user.id end def reply? @@ -39,7 +39,8 @@ class CommentPolicy < ApplicationPolicy def api_attributes attributes = super - attributes -= [:creator_id, :updater_id, :body] if record.is_deleted? && !can_see_deleted? + attributes -= [:creator_id] unless can_see_creator? + attributes -= [:updater_id, :body, :score, :do_not_bump_post, :is_sticky] if record.is_deleted? && !can_see_deleted? attributes end diff --git a/test/components/comment_component_test.rb b/test/components/comment_component_test.rb index 30ca2c866..403d916fe 100644 --- a/test/components/comment_component_test.rb +++ b/test/components/comment_component_test.rb @@ -31,14 +31,22 @@ class CommentComponentTest < ViewComponent::TestCase @deleted_comment = as(create(:user)) { create(:comment, is_deleted: true) } end - should "have the creator and body hidden for a Member" do - render_comment(@deleted_comment, current_user: @deleted_comment.creator) + should "hide the creator and body for a Member" do + render_comment(@deleted_comment, current_user: User.anonymous) assert_css("article[data-is-dimmed=true]") assert_css("article .author-name", text: "[deleted]") assert_css("article .body p", text: "[deleted]") end + should "show the creator to the commenter themselves" do + render_comment(@deleted_comment, current_user: @deleted_comment.creator) + + assert_css("article[data-is-dimmed=true]") + assert_css("article .author-name", text: @deleted_comment.creator.name) + assert_css("article .body p", text: "[deleted]") + end + should "be visible for a Moderator" do render_comment(@deleted_comment, current_user: create(:moderator_user))