Introduce backend for reports

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/mobilizon_web/api/events.ex

@@ -26,7 +26,7 @@ defmodule MobilizonWeb.API.Events do
            Actors.get_local_actor_with_everything(organizer_actor_id),
          title <- String.trim(title),
          mentions <- Formatter.parse_mentions(description),
-         visibility <- Map.get(args, :visibility, "public"),
+         visibility <- Map.get(args, :visibility, :public),
          {to, cc} <- to_for_actor_and_mentions(actor, mentions, nil, Atom.to_string(visibility)),
          tags <- Formatter.parse_tags(description),
          picture <- Map.get(args, :picture, nil),

lib/mobilizon_web/api/reports.ex

@@ -0,0 +1,128 @@
+defmodule MobilizonWeb.API.Reports do
+  @moduledoc """
+  API for Reports
+  """
+
+  alias Mobilizon.Actors
+  alias Mobilizon.Actors.Actor
+  alias Mobilizon.Events
+  alias Mobilizon.Activity
+  alias Mobilizon.Reports, as: ReportsAction
+  alias Mobilizon.Reports.{Report, Note}
+  alias Mobilizon.Service.ActivityPub
+  alias Mobilizon.Users
+  alias Mobilizon.Users.User
+  import MobilizonWeb.API.Utils
+  import Mobilizon.Service.Admin.ActionLogService
+
+  @doc """
+  Create a report/flag on an actor, and optionally on an event or on comments.
+  """
+  def report(
+        %{
+          reporter_actor_id: reporter_actor_id,
+          reported_actor_id: reported_actor_id,
+          event_id: event_id,
+          comments_ids: comments_ids,
+          report_content: report_content
+        } = args
+      ) do
+    with {:reporter, %Actor{url: reporter_url} = _reporter_actor} <-
+           {:reporter, Actors.get_actor!(reporter_actor_id)},
+         {:reported, %Actor{url: reported_actor_url} = reported_actor} <-
+           {:reported, Actors.get_actor!(reported_actor_id)},
+         {:ok, content} <- make_report_content_html(report_content),
+         {:ok, event} <-
+           if(event_id, do: Events.get_event(event_id), else: {:ok, nil}),
+         {:get_report_comments, comments_urls} <-
+           get_report_comments(reported_actor, comments_ids),
+         {:make_activity, {:ok, %Activity{} = activity, %Report{} = report}} <-
+           {:make_activity,
+            ActivityPub.flag(%{
+              reporter_url: reporter_url,
+              reported_actor_url: reported_actor_url,
+              event_url: (!is_nil(event) && event.url) || nil,
+              comments_url: comments_urls,
+              content: content,
+              forward: args[:forward] || false,
+              local: args[:local] || args[:forward] || false
+            })} do
+      {:ok, activity, report}
+    else
+      {:error, err} -> {:error, err}
+      {:actor_id, %{}} -> {:error, "Valid `actor_id` required"}
+      {:reporter, nil} -> {:error, "Reporter Actor not found"}
+      {:reported, nil} -> {:error, "Reported Actor not found"}
+    end
+  end
+
+  @doc """
+  Update the state of a report
+  """
+  def update_report_status(%Actor{} = actor, %Report{} = report, state) do
+    with {:valid_state, true} <-
+           {:valid_state, Mobilizon.Reports.ReportStateEnum.valid_value?(state)},
+         {:ok, report} <- ReportsAction.update_report(report, %{"status" => state}),
+         {:ok, _} <- log_action(actor, "update", report) do
+      {:ok, report}
+    else
+      {:valid_state, false} -> {:error, "Unsupported state"}
+    end
+  end
+
+  defp get_report_comments(%Actor{id: actor_id}, comment_ids) do
+    {:get_report_comments,
+     Events.get_all_comments_by_actor_and_ids(actor_id, comment_ids) |> Enum.map(& &1.url)}
+  end
+
+  defp get_report_comments(_, _), do: {:get_report_comments, nil}
+
+  @doc """
+  Create a note on a report
+  """
+  @spec create_report_note(Report.t(), Actor.t(), String.t()) :: {:ok, Note.t()}
+  def create_report_note(
+        %Report{id: report_id},
+        %Actor{id: moderator_id, user_id: user_id} = moderator,
+        content
+      ) do
+    with %User{role: role} <- Users.get_user!(user_id),
+         {:role, true} <- {:role, role in [:administrator, :moderator]},
+         {:ok, %Note{} = note} <-
+           Mobilizon.Reports.create_report_note(%{
+             "report_id" => report_id,
+             "moderator_id" => moderator_id,
+             "content" => content
+           }),
+         {:ok, _} <- log_action(moderator, "create", note) do
+      {:ok, note}
+    else
+      {:role, false} ->
+        {:error, "You need to be a moderator or an administrator to create a note on a report"}
+    end
+  end
+
+  @doc """
+  Delete a report note
+  """
+  @spec delete_report_note(Note.t(), Actor.t()) :: {:ok, Note.t()}
+  def delete_report_note(
+        %Note{moderator_id: note_moderator_id} = note,
+        %Actor{id: moderator_id, user_id: user_id} = moderator
+      ) do
+    with {:same_actor, true} <- {:same_actor, note_moderator_id == moderator_id},
+         %User{role: role} <- Users.get_user!(user_id),
+         {:role, true} <- {:role, role in [:administrator, :moderator]},
+         {:ok, %Note{} = note} <-
+           Mobilizon.Reports.delete_report_note(note),
+         {:ok, _} <- log_action(moderator, "delete", note) do
+      {:ok, note}
+    else
+      {:role, false} ->
+        {:error, "You need to be a moderator or an administrator to create a note on a report"}
+
+      {:same_actor, false} ->
+        {:error, "You can only remove your own notes"}
+    end
+  end
+end

lib/mobilizon_web/api/utils.ex

@@ -120,4 +120,16 @@ defmodule MobilizonWeb.API.Utils do
   #   |> Formatter.add_hashtag_links(tags)
   #   |> Formatter.finalize()
   # end
+
+  def make_report_content_html(nil), do: {:ok, {nil, [], []}}
+
+  def make_report_content_html(comment) do
+    max_size = Mobilizon.CommonConfig.get([:instance, :max_report_comment_size], 1000)
+
+    if String.length(comment) <= max_size do
+      {:ok, Formatter.html_escape(comment, "text/plain")}
+    else
+      {:error, "Comment must be up to #{max_size} characters"}
+    end
+  end
 end

lib/mobilizon_web/resolvers/admin.ex

@@ -0,0 +1,72 @@
+defmodule MobilizonWeb.Resolvers.Admin do
+  @moduledoc """
+  Handles the report-related GraphQL calls
+  """
+  alias Mobilizon.Users.User
+  import Mobilizon.Users.Guards
+  alias Mobilizon.Admin.ActionLog
+  alias Mobilizon.Reports.{Report, Note}
+
+  def list_action_logs(_parent, %{page: page, limit: limit}, %{
+        context: %{current_user: %User{role: role}}
+      })
+      when is_moderator(role) do
+    with action_logs <- Mobilizon.Admin.list_action_logs(page, limit) do
+      action_logs =
+        Enum.map(action_logs, fn %ActionLog{
+                                   target_type: target_type,
+                                   action: action,
+                                   actor: actor,
+                                   id: id
+                                 } = action_log ->
+          transform_action_log(target_type, action, action_log)
+          |> Map.merge(%{
+            actor: actor,
+            id: id
+          })
+        end)
+
+      {:ok, action_logs}
+    end
+  end
+
+  def list_action_logs(_parent, _args, _resolution) do
+    {:error, "You need to be logged-in and a moderator to list action logs"}
+  end
+
+  defp transform_action_log(
+         "Elixir.Mobilizon.Reports.Report",
+         "update",
+         %ActionLog{} = action_log
+       ) do
+    with %Report{status: status} = report <- Mobilizon.Reports.get_report(action_log.target_id) do
+      %{
+        action: "report_update_" <> to_string(status),
+        object: report
+      }
+    end
+  end
+
+  defp transform_action_log("Elixir.Mobilizon.Reports.Note", "create", %ActionLog{
+         changes: changes
+       }) do
+    %{
+      action: "note_creation",
+      object: convert_changes_to_struct(Note, changes)
+    }
+  end
+
+  defp transform_action_log("Elixir.Mobilizon.Reports.Note", "delete", %ActionLog{
+         changes: changes
+       }) do
+    %{
+      action: "note_deletion",
+      object: convert_changes_to_struct(Note, changes)
+    }
+  end
+
+  # Changes are stored as %{"key" => "value"} so we need to convert them back as struct
+  defp convert_changes_to_struct(struct, changes) do
+    struct(struct, for({key, val} <- changes, into: %{}, do: {String.to_atom(key), val}))
+  end
+end

lib/mobilizon_web/resolvers/report.ex

@@ -0,0 +1,118 @@
+defmodule MobilizonWeb.Resolvers.Report do
+  @moduledoc """
+  Handles the report-related GraphQL calls
+  """
+  alias Mobilizon.Reports
+  alias Mobilizon.Reports.{Report, Note}
+  alias Mobilizon.Actors.Actor
+  alias Mobilizon.Actors
+  alias Mobilizon.Users.User
+  alias MobilizonWeb.API.Reports, as: ReportsAPI
+  import Mobilizon.Users.Guards
+
+  def list_reports(_parent, %{page: page, limit: limit}, %{
+        context: %{current_user: %User{role: role}}
+      })
+      when is_moderator(role) do
+    {:ok, Mobilizon.Reports.list_reports(page, limit)}
+  end
+
+  def list_reports(_parent, _args, _resolution) do
+    {:error, "You need to be logged-in and a moderator to list reports"}
+  end
+
+  def get_report(_parent, %{id: id}, %{
+        context: %{current_user: %User{role: role}}
+      })
+      when is_moderator(role) do
+    {:ok, Mobilizon.Reports.get_report(id)}
+  end
+
+  def get_report(_parent, _args, _resolution) do
+    {:error, "You need to be logged-in and a moderator to view a report"}
+  end
+
+  @doc """
+  Create a report
+  """
+  def create_report(
+        _parent,
+        %{reporter_actor_id: reporter_actor_id} = args,
+        %{context: %{current_user: user}} = _resolution
+      ) do
+    with {:is_owned, true, _} <- User.owns_actor(user, reporter_actor_id),
+         {:ok, _, %Report{} = report} <- ReportsAPI.report(args) do
+      {:ok, report}
+    else
+      {:is_owned, false} ->
+        {:error, "Reporter actor id is not owned by authenticated user"}
+
+      _err ->
+        {:error, "Error while saving report"}
+    end
+  end
+
+  def create_report(_parent, _args, _resolution) do
+    {:error, "You need to be logged-in to create reports"}
+  end
+
+  @doc """
+  Update a report's status
+  """
+  def update_report(
+        _parent,
+        %{report_id: report_id, moderator_id: moderator_id, status: status},
+        %{
+          context: %{current_user: %User{role: role} = user}
+        }
+      )
+      when is_moderator(role) do
+    with {:is_owned, true, _} <- User.owns_actor(user, moderator_id),
+         %Actor{} = actor <- Actors.get_actor!(moderator_id),
+         %Report{} = report <- Mobilizon.Reports.get_report(report_id),
+         {:ok, %Report{} = report} <-
+           MobilizonWeb.API.Reports.update_report_status(actor, report, status) do
+      {:ok, report}
+    else
+      {:is_owned, false} ->
+        {:error, "Actor id is not owned by authenticated user"}
+
+      _err ->
+        {:error, "Error while updating report"}
+    end
+  end
+
+  def update_report(_parent, _args, _resolution) do
+    {:error, "You need to be logged-in and a moderator to update a report"}
+  end
+
+  def create_report_note(
+        _parent,
+        %{report_id: report_id, moderator_id: moderator_id, content: content},
+        %{
+          context: %{current_user: %User{role: role} = user}
+        }
+      )
+      when is_moderator(role) do
+    with {:is_owned, true, _} <- User.owns_actor(user, moderator_id),
+         %Report{} = report <- Reports.get_report(report_id),
+         %Actor{} = moderator <- Actors.get_local_actor_with_everything(moderator_id),
+         {:ok, %Note{} = note} <-
+           MobilizonWeb.API.Reports.create_report_note(report, moderator, content) do
+      {:ok, note}
+    end
+  end
+
+  def delete_report_note(_parent, %{note_id: note_id, moderator_id: moderator_id}, %{
+        context: %{current_user: %User{role: role} = user}
+      })
+      when is_moderator(role) do
+    with {:is_owned, true, _} <- User.owns_actor(user, moderator_id),
+         %Note{} = note <- Reports.get_note(note_id),
+         %Actor{} = moderator <- Actors.get_local_actor_with_everything(moderator_id),
+         {:ok, %Note{} = note} <-
+           MobilizonWeb.API.Reports.delete_report_note(note, moderator) do
+      {:ok, %{id: note.id}}
+    end
+  end
+end

lib/mobilizon_web/schema.ex

@@ -21,6 +21,8 @@ defmodule MobilizonWeb.Schema do
   import_types(MobilizonWeb.Schema.CommentType)
   import_types(MobilizonWeb.Schema.SearchType)
   import_types(MobilizonWeb.Schema.ConfigType)
+  import_types(MobilizonWeb.Schema.ReportType)
+  import_types(MobilizonWeb.Schema.AdminType)
 
   @desc "A struct containing the id of the deleted object"
   object :deleted_object do
@@ -109,6 +111,8 @@ defmodule MobilizonWeb.Schema do
     import_fields(:address_queries)
     import_fields(:config_queries)
     import_fields(:picture_queries)
+    import_fields(:report_queries)
+    import_fields(:admin_queries)
   end
 
   @desc """
@@ -124,5 +128,6 @@ defmodule MobilizonWeb.Schema do
     import_fields(:member_mutations)
     import_fields(:feed_token_mutations)
     import_fields(:picture_mutations)
+    import_fields(:report_mutations)
   end
 end

lib/mobilizon_web/schema/admin.ex

@@ -0,0 +1,41 @@
+defmodule MobilizonWeb.Schema.AdminType do
+  @moduledoc """
+  Schema representation for ActionLog
+  """
+  use Absinthe.Schema.Notation
+  alias MobilizonWeb.Resolvers.Admin
+  alias Mobilizon.Reports.{Report, Note}
+
+  @desc "An action log"
+  object :action_log do
+    field(:id, :id, description: "Internal ID for this comment")
+    field(:actor, :actor, description: "The actor that acted")
+    field(:object, :action_log_object, description: "The object that was acted upon")
+    field(:action, :string, description: "The action that was done")
+  end
+
+  @desc "The objects that can be in an action log"
+  interface :action_log_object do
+    field(:id, :id, description: "Internal ID for this object")
+
+    resolve_type(fn
+      %Report{}, _ ->
+        :report
+
+      %Note{}, _ ->
+        :report_note
+
+      _, _ ->
+        nil
+    end)
+  end
+
+  object :admin_queries do
+    @desc "Get the list of action logs"
+    field :action_logs, type: list_of(:action_log) do
+      arg(:page, :integer, default_value: 1)
+      arg(:limit, :integer, default_value: 10)
+      resolve(&Admin.list_action_logs/3)
+    end
+  end
+end

lib/mobilizon_web/schema/report.ex

@@ -0,0 +1,86 @@
+defmodule MobilizonWeb.Schema.ReportType do
+  @moduledoc """
+  Schema representation for User
+  """
+  use Absinthe.Schema.Notation
+
+  alias MobilizonWeb.Resolvers.Report
+
+  @desc "A report object"
+  object :report do
+    interfaces([:action_log_object])
+    field(:id, :id, description: "The internal ID of the report")
+    field(:content, :string, description: "The comment the reporter added about this report")
+    field(:status, :report_status, description: "Whether the report is still active")
+    field(:uri, :string, description: "The URI of the report")
+    field(:reported, :actor, description: "The actor that is being reported")
+    field(:reporter, :actor, description: "The actor that created the report")
+    field(:event, :event, description: "The event that is being reported")
+    field(:comments, list_of(:comment), description: "The comments that are reported")
+  end
+
+  @desc "A report note object"
+  object :report_note do
+    interfaces([:action_log_object])
+    field(:id, :id, description: "The internal ID of the report note")
+    field(:content, :string, description: "The content of the note")
+    field(:moderator, :actor, description: "The moderator who added the note")
+    field(:report, :report, description: "The report on which this note is added")
+  end
+
+  @desc "The list of possible statuses for a report object"
+  enum :report_status do
+    value(:open, description: "The report has been opened")
+    value(:closed, description: "The report has been closed")
+    value(:resolved, description: "The report has been marked as resolved")
+  end
+
+  object :report_queries do
+    @desc "Get all reports"
+    field :reports, list_of(:report) do
+      arg(:page, :integer, default_value: 1)
+      arg(:limit, :integer, default_value: 10)
+      resolve(&Report.list_reports/3)
+    end
+
+    @desc "Get a report by id"
+    field :report, :report do
+      arg(:id, non_null(:id))
+      resolve(&Report.get_report/3)
+    end
+  end
+
+  object :report_mutations do
+    @desc "Create a report"
+    field :create_report, type: :report do
+      arg(:report_content, :string)
+      arg(:reporter_actor_id, non_null(:id))
+      arg(:reported_actor_id, non_null(:id))
+      arg(:event_id, :id, default_value: nil)
+      arg(:comments_ids, list_of(:id), default_value: [])
+      resolve(&Report.create_report/3)
+    end
+
+    @desc "Update a report"
+    field :update_report_status, type: :report do
+      arg(:report_id, non_null(:id))
+      arg(:moderator_id, non_null(:id))
+      arg(:status, non_null(:report_status))
+      resolve(&Report.update_report/3)
+    end
+
+    @desc "Create a note on a report"
+    field :create_report_note, type: :report_note do
+      arg(:content, :string)
+      arg(:moderator_id, non_null(:id))
+      arg(:report_id, non_null(:id))
+      resolve(&Report.create_report_note/3)
+    end
+
+    field :delete_report_note, type: :deleted_object do
+      arg(:note_id, non_null(:id))
+      arg(:moderator_id, non_null(:id))
+      resolve(&Report.delete_report_note/3)
+    end
+  end
+end

lib/mobilizon_web/templates/email/report.html.eex

@@ -0,0 +1,15 @@
+<h1><%= gettext "New report from %{reporter} on %{instance}", reporter: @report.reporter, instance: @instance %></h1>
+
+<% if @report.event do %>
+<p><%= gettext "Event: %{event}", event: @report.event %></p>
+<% end %>
+
+<%= for comment <- @report.comments do %>
+<p><%= gettext "Comment: %{comment}", comment: comment %></p>
+<% end %>
+
+<% if @content do %>
+<p><%= gettext "Reason: %{content}", event: @report.content %></p>
+<% end %>
+
+<p><%= link "View the report", to: MobilizonWeb.Endpoint.url() <> "/reports/#{@report.id}", target: "_blank" %></p>

lib/mobilizon_web/templates/email/report.text.eex

@@ -0,0 +1,19 @@
+<%= gettext "New report from %{reporter} on %{instance}", reporter: @report.reporter, instance: @instance %>
+
+--
+
+<% if @report.event do %>
+    <%= gettext "Event: %{event}", event: @report.event %>
+<% end %>
+
+<%= for comment <- @report.comments do %>
+<%= gettext "Comment: %{comment}", comment: comment %>
+<% end %>
+
+<% if @content do %>
+<%= gettext "Reason: %{content}", event: @report.content %>
+<% end %>
+
+<%= link "View the report", to: MobilizonWeb.Endpoint.url() <> "/reports/#{@report.id}", target: "_blank" %>
+
+