Add additional post flag validation preventing targeting

2018-06-15 17:11:06 -07:00
parent f4d5932a66
commit cdcd4d4014
5 changed files with 191 additions and 56 deletions
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -24,6 +24,13 @@ class ReportsController < ApplicationController
    @upload_reports = Reports::UploadTags.includes(versions: { post: :versions }).for_user(params[:user_id]).order("id desc").paginate(params[:page], :limit => params[:limit])
  end

+  def flag_targeting
+  end
+
+  def flag_targeting_create(user_id)
+
+  end
+
  def down_voting_post
  end

--- a/app/logical/danbooru_math.rb
+++ b/app/logical/danbooru_math.rb
@@ -0,0 +1,11 @@
+class DanbooruMath
+  def self.ci_lower_bound(pos, n, confidence = 0.95)
+    if n == 0
+      return 0
+    end
+
+    z = Statistics2.pnormaldist(1-(1-confidence)/2)
+    phat = 1.0*pos/n
+    100 * (phat + z*z/(2*n) - z * Math.sqrt((phat*(1-phat)+z*z/(4*n))/n))/(1+z*z/n)
+  end
+end
--- a/app/logical/reports/post_flags.rb
+++ b/app/logical/reports/post_flags.rb
@@ -0,0 +1,62 @@
+module Reports
+  class PostFlags
+    attr_reader :user_id, :date_range
+
+    def initialize(user_id:, date_range:)
+      @user_id = user_id
+      @date_range = date_range
+    end
+
+    def candidates
+      PostFlag.where("posts.uploader_id = ? and posts.created_at >= ? and post_flags.creator_id <> ?", user_id, date_range, User.system.id).joins(:post).pluck("post_flags.creator_id").uniq
+    end
+
+    def build_message(user_id, data)
+      user_name = User.id_to_name(user_id)
+
+      if data.empty?
+        return "There don't appear to be any users targeting #{user_name} for flags."
+      else
+        msg = "The following users may be targeting #{user_name} for flags. Over half of their flags are targeting the user, with 95\% confidence.\n\n"
+
+        data.each do |flagger_id, targets|
+          targets.each do |uploader_id, score|
+            if uploader_id == user_id && score > 50
+              msg += "* " + User.id_to_name(flagger_id)
+            end
+          end
+        end
+      end
+    end
+
+    def attackers
+      matches = []
+
+      build.each do |flagger, uploaders|
+        if uploaders[user_id].to_i > 50
+          matches << flagger
+        end
+      end
+
+      return matches
+    end
+
+    def build
+      flaggers = Hash.new {|h, k| h[k] = {}}
+
+      candidates.each do |candidate|
+        PostFlag.joins(:post).where("post_flags.creator_id = ? and posts.created_at >= ?", candidate, date_range).select("posts.uploader_id").group("posts.uploader_id").having("count(*) > 1").count.each do |uploader_id, count|
+          flaggers[candidate][uploader_id] = count
+        end
+
+        sum = flaggers[candidate].values.sum
+
+        flaggers[candidate].each_key do |user_id|
+          flaggers[candidate][user_id] = DanbooruMath.ci_lower_bound(flaggers[candidate][user_id], sum)
+        end
+      end
+
+      return flaggers
+    end
+  end
+end
--- a/app/models/post_flag.rb
+++ b/app/models/post_flag.rb
@@ -8,13 +8,13 @@ class PostFlag < ApplicationRecord
  end

  COOLDOWN_PERIOD = 3.days
+  CREATION_THRESHOLD = 10 # in 30 days

-  belongs_to :creator, :class_name => "User"
+  belongs_to_creator :class_name => "User"
  belongs_to :post
-  validates_presence_of :reason, :creator_id, :creator_ip_addr
-  validate :validate_creator_is_not_limited
+  validates_presence_of :reason
+  validate :validate_creator_is_not_limited, on: :create
  validate :validate_post
-  before_validation :initialize_creator, :on => :create
  validates_uniqueness_of :creator_id, :scope => :post_id, :on => :create, :unless => :is_deletion, :message => "have already flagged this post"
  before_save :update_post
  attr_accessor :is_deletion
@@ -156,6 +156,14 @@ class PostFlag < ApplicationRecord
  def validate_creator_is_not_limited
    return if is_deletion

+    if PostFlag.for_creator(creator_id).where("created_at > ?", 30.days.ago).count >= CREATION_THRESHOLD
+      report = Reports::PostFlags.new(user_id: post.uploader_id, date_range: 90.days.ago)
+
+      if report.attackers.include?(creator_id)
+        errors[:creator] << "cannot flag posts uploaded by this user"
+      end
+    end
+
    if CurrentUser.can_approve_posts?
      # do nothing
    elsif creator.created_at > 1.week.ago
@@ -178,11 +186,6 @@ class PostFlag < ApplicationRecord
    errors[:post] << "is deleted" if post.is_deleted?
  end

-  def initialize_creator
-    self.creator_id ||= CurrentUser.id
-    self.creator_ip_addr = CurrentUser.ip_addr if creator_ip_addr == "127.0.0.1" || creator_ip_addr.blank?
-  end
-
  def resolve!
    update_column(:is_resolved, true)
  end