2025-07-23 00:20:15 +02:00
|
|
|
// Copyright 2025 The Forgejo Authors. All rights reserved.
|
|
|
|
|
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
|
|
|
|
|
|
package admin
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
|
|
"forgejo.org/models/issues"
|
|
|
|
|
"forgejo.org/models/moderation"
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
"forgejo.org/models/organization"
|
2025-07-23 00:20:15 +02:00
|
|
|
repo_model "forgejo.org/models/repo"
|
|
|
|
|
"forgejo.org/models/user"
|
|
|
|
|
"forgejo.org/modules/base"
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
"forgejo.org/modules/log"
|
|
|
|
|
"forgejo.org/modules/optional"
|
2025-07-23 00:20:15 +02:00
|
|
|
"forgejo.org/services/context"
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
issue_service "forgejo.org/services/issue"
|
2025-07-23 00:20:15 +02:00
|
|
|
moderation_service "forgejo.org/services/moderation"
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
org_service "forgejo.org/services/org"
|
|
|
|
|
repo_service "forgejo.org/services/repository"
|
|
|
|
|
user_service "forgejo.org/services/user"
|
2025-07-23 00:20:15 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
tplModerationReports base.TplName = "admin/moderation/reports"
|
|
|
|
|
tplModerationReportDetails base.TplName = "admin/moderation/report_details"
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
tplAlert base.TplName = "base/alert"
|
2025-07-23 00:20:15 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// AbuseReports renders the reports overview page from admin moderation section.
|
|
|
|
|
func AbuseReports(ctx *context.Context) {
|
|
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.moderation.reports")
|
|
|
|
|
ctx.Data["PageIsAdminModerationReports"] = true
|
|
|
|
|
|
|
|
|
|
reports, err := moderation.GetOpenReports(ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.ServerError("Failed to load abuse reports", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Data["Reports"] = reports
|
|
|
|
|
ctx.Data["AbuseCategories"] = moderation.AbuseCategoriesTranslationKeys
|
|
|
|
|
ctx.Data["GhostUserName"] = user.GhostUserName
|
|
|
|
|
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
// available actions that can be done for reports
|
|
|
|
|
ctx.Data["MarkAsHandled"] = int(moderation_service.ReportActionMarkAsHandled)
|
|
|
|
|
ctx.Data["MarkAsIgnored"] = int(moderation_service.ReportActionMarkAsIgnored)
|
|
|
|
|
|
|
|
|
|
// available actions that can be done for reported content
|
|
|
|
|
ctx.Data["ActionSuspendAccount"] = int(moderation_service.ContentActionSuspendAccount)
|
|
|
|
|
ctx.Data["ActionDeleteAccount"] = int(moderation_service.ContentActionDeleteAccount)
|
|
|
|
|
ctx.Data["ActionDeleteRepo"] = int(moderation_service.ContentActionDeleteRepo)
|
|
|
|
|
ctx.Data["ActionDeleteIssue"] = int(moderation_service.ContentActionDeleteIssue)
|
|
|
|
|
ctx.Data["ActionDeleteComment"] = int(moderation_service.ContentActionDeleteComment)
|
|
|
|
|
|
2025-07-23 00:20:15 +02:00
|
|
|
ctx.HTML(http.StatusOK, tplModerationReports)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AbuseReportDetails renders a report details page opened from the reports overview from admin moderation section.
|
|
|
|
|
func AbuseReportDetails(ctx *context.Context) {
|
|
|
|
|
ctx.Data["Title"] = ctx.Tr("admin.moderation.reports")
|
|
|
|
|
ctx.Data["PageIsAdminModerationReports"] = true
|
|
|
|
|
|
|
|
|
|
ctx.Data["Type"] = ctx.ParamsInt64(":type")
|
|
|
|
|
ctx.Data["ID"] = ctx.ParamsInt64(":id")
|
|
|
|
|
|
|
|
|
|
contentType := moderation.ReportedContentType(ctx.ParamsInt64(":type"))
|
|
|
|
|
|
|
|
|
|
if !contentType.IsValid() {
|
|
|
|
|
ctx.Flash.Error("Invalid content type")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reports, err := moderation.GetOpenReportsByTypeAndContentID(ctx, contentType, ctx.ParamsInt64(":id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.ServerError("Failed to load reports", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(reports) == 0 {
|
|
|
|
|
// something is wrong
|
|
|
|
|
ctx.HTML(http.StatusOK, tplModerationReportDetails)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Data["Reports"] = reports
|
|
|
|
|
ctx.Data["AbuseCategories"] = moderation.AbuseCategoriesTranslationKeys
|
|
|
|
|
ctx.Data["GhostUserName"] = user.GhostUserName
|
|
|
|
|
|
|
|
|
|
ctx.Data["GetShadowCopyMap"] = moderation_service.GetShadowCopyMap
|
|
|
|
|
|
|
|
|
|
if err = setReportedContentDetails(ctx, reports[0]); err != nil {
|
|
|
|
|
if user.IsErrUserNotExist(err) || issues.IsErrCommentNotExist(err) || issues.IsErrIssueNotExist(err) || repo_model.IsErrRepoNotExist(err) {
|
|
|
|
|
ctx.Data["ContentReference"] = ctx.Tr("admin.moderation.deleted_content_ref", reports[0].ContentType, reports[0].ContentID)
|
|
|
|
|
} else {
|
|
|
|
|
ctx.ServerError("Failed to load reported content details", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.HTML(http.StatusOK, tplModerationReportDetails)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setReportedContentDetails adds some values into context data for the given report
|
|
|
|
|
// (icon name, a reference, the URL and in case of issues and comments also the poster name).
|
|
|
|
|
func setReportedContentDetails(ctx *context.Context, report *moderation.AbuseReportDetailed) error {
|
|
|
|
|
contentReference := ""
|
|
|
|
|
var contentURL string
|
|
|
|
|
var poster string
|
|
|
|
|
contentType := report.ContentType
|
|
|
|
|
contentID := report.ContentID
|
|
|
|
|
|
|
|
|
|
ctx.Data["ContentTypeIconName"] = report.ContentTypeIconName()
|
|
|
|
|
|
|
|
|
|
switch contentType {
|
|
|
|
|
case moderation.ReportedContentTypeUser:
|
|
|
|
|
reportedUser, err := user.GetUserByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentReference = reportedUser.Name
|
|
|
|
|
contentURL = reportedUser.HomeLink()
|
|
|
|
|
case moderation.ReportedContentTypeRepository:
|
|
|
|
|
repo, err := repo_model.GetRepositoryByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentReference = repo.FullName()
|
|
|
|
|
contentURL = repo.Link()
|
|
|
|
|
case moderation.ReportedContentTypeIssue:
|
|
|
|
|
issue, err := issues.GetIssueByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err = issue.LoadRepo(ctx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err = issue.LoadPoster(ctx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if issue.Poster != nil {
|
|
|
|
|
poster = issue.Poster.Name
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentReference = fmt.Sprintf("%s#%d", issue.Repo.FullName(), issue.Index)
|
|
|
|
|
contentURL = issue.Link()
|
|
|
|
|
case moderation.ReportedContentTypeComment:
|
|
|
|
|
comment, err := issues.GetCommentByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err = comment.LoadIssue(ctx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err = comment.Issue.LoadRepo(ctx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2025-11-21 23:04:09 +01:00
|
|
|
if err = comment.LoadPoster(ctx); err != nil && !user.IsErrUserNotExist(err) {
|
2025-07-23 00:20:15 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if comment.Poster != nil {
|
|
|
|
|
poster = comment.Poster.Name
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentURL = comment.Link(ctx)
|
|
|
|
|
contentReference = contentURL
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Data["ContentReference"] = contentReference
|
|
|
|
|
ctx.Data["ContentURL"] = contentURL
|
|
|
|
|
ctx.Data["Poster"] = poster
|
|
|
|
|
return nil
|
|
|
|
|
}
|
feat: add admin moderation actions for abuse reports and for reported abusive content (#8716)
- Implementation of milestone 6. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`6. Forgejo admins can perform common actions on the listed reports (content deletion, locking of user account)`
---
Follow-up of !7905 (and !6977)
---
This adds some action buttons within the _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, so that administrators can:
- mark a report as Handled or as Ignored (without performing any action on the reported content);
- mark a user account as suspended (set `prohibit_login` = true);
- delete (and purge) a user / organization and mark the linked reports as Handled;
- delete a repository and mark the linked reports as Handled;
- delete an issue / pull request and mark the linked reports as Handled;
- delete a comment and mark the linked reports as Handled;
The buttons were added on the sight side of each report from the overview, below the existing counter (that show how many times the content was reported and opens the details page). Only the buttons for updating the status of the report are directly visible - as `✓` and `✗` icons with some tooltips - while the content actions are hidden under a `⋯` dropdown.
The implementation was done using HTMX so that the page is not refreshed after each action.
Some discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-5958634
### Manual testing
- First make sure that moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
- Report multiple users, organizations, repositories, issues, pull requests and comments.
- Go to _Moderation reports_ overview section section and make sure the buttons are visible;
- The `✓` and `✗` should be available for each shown report;
- The horizontal dropdown menu (`⋯`) should not be visible for reports linked to already deleted content.
- The actions available within the dropdown menu should correspond to the reported content type (e.g. 'Suspend account' and 'Delete account' for users/organizations, 'Delete repository' for repositories, etc.).
- When an action is successful a flash message should be displayed above the overview.
- Warnings should be displayed (as flash messages) when trying to suspend or delete your account (in case someone reported you) or an organization.
- An info (flash message) should be displayed when trying to suspend a user that is already suspended.
- Mark a report as Handled / Ignored and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Refresh the page to make sure the report will not be loaded again (also check in the DB that the status was updated and the resolved timestamp is correctly set).
- Suspend a user account and make sure the report remains in the list (it is not resolved);
- Make sure the above user gets the 'Suspended account' notice after login.
- Delete a user account and observe that a success flash message confirms the action and the report is removed from the list without reloading the page;
- Make sure that all owned organizations and repositories as well as all the issues, PRs and comments posted in other repositories were deleted;
- Make sure the linked abuse reports are marked as Handled (and resolved timestamp is set).
- Delete an organization and make sure that owned repositories were also deleted.
- Similarly, delete a repository / issue / PR / comment and check that the contents are not available any more and the linked reports are resolved.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
2025-12-03 20:07:32 +01:00
|
|
|
|
|
|
|
|
func PerformAction(ctx *context.Context) {
|
|
|
|
|
var contentID int64
|
|
|
|
|
var contentType moderation.ReportedContentType
|
|
|
|
|
|
|
|
|
|
contentID = ctx.FormInt64("content_id")
|
|
|
|
|
if contentID <= 0 {
|
|
|
|
|
ctx.Error(http.StatusBadRequest, "Invalid parameter: content_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentType = moderation.ReportedContentType(ctx.FormInt64("content_type"))
|
|
|
|
|
if !contentType.IsValid() {
|
|
|
|
|
ctx.Error(http.StatusBadRequest, "Invalid parameter: content_type")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reportAction := moderation_service.ReportAction(ctx.FormInt64("report_action"))
|
|
|
|
|
if !reportAction.IsValid() {
|
|
|
|
|
ctx.Error(http.StatusBadRequest, "Invalid parameter: report_action")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
contentAction := moderation_service.ContentAction(ctx.FormInt64("content_action"))
|
|
|
|
|
if !contentAction.IsValid() {
|
|
|
|
|
ctx.Error(http.StatusBadRequest, "Invalid parameter: content_action")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if contentAction == moderation_service.ContentActionNone && reportAction == moderation_service.ReportActionNone {
|
|
|
|
|
ctx.Error(http.StatusBadRequest, "Invalid combination of content_action and report_action parameters")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch contentAction {
|
|
|
|
|
case moderation_service.ContentActionNone:
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction)
|
|
|
|
|
case moderation_service.ContentActionSuspendAccount:
|
|
|
|
|
suspendAccount(ctx, contentType, contentID, reportAction)
|
|
|
|
|
case moderation_service.ContentActionDeleteAccount:
|
|
|
|
|
deleteAccount(ctx, contentType, contentID, reportAction)
|
|
|
|
|
case moderation_service.ContentActionDeleteRepo:
|
|
|
|
|
deleteRepository(ctx, contentType, contentID, reportAction)
|
|
|
|
|
case moderation_service.ContentActionDeleteIssue:
|
|
|
|
|
deleteIssue(ctx, contentType, contentID, reportAction)
|
|
|
|
|
case moderation_service.ContentActionDeleteComment:
|
|
|
|
|
deleteComment(ctx, contentType, contentID, reportAction)
|
|
|
|
|
default:
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("moderation.unknown_action"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateReportStatus(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
switch reportAction {
|
|
|
|
|
case moderation_service.ReportActionMarkAsHandled:
|
|
|
|
|
err = moderation.MarkAsHandled(ctx, contentType, contentID)
|
|
|
|
|
case moderation_service.ReportActionMarkAsIgnored:
|
|
|
|
|
err = moderation.MarkAsIgnored(ctx, contentType, contentID)
|
|
|
|
|
default:
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to update the status of the report: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: translate and maybe use a more specific message (e.g. saying that the status was changed to 'Handled' or 'Ignored')?
|
|
|
|
|
ctx.Flash.Success(fmt.Sprintf("Status updated for report(s) with type #%d and id #%d", contentType, contentID), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func suspendAccount(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
if contentID == ctx.Doer.ID {
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("moderation.users.cannot_suspend_self"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reportedUser, err := user.GetUserByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to retrieve the user: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportedUser.IsAdmin {
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("moderation.users.cannot_suspend_admins"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportedUser.IsOrganization() {
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("moderation.users.cannot_suspend_org"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportedUser.ProhibitLogin {
|
|
|
|
|
ctx.Flash.Info(ctx.Tr("moderation.users.already_suspended"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
authOpts := &user_service.UpdateAuthOptions{ProhibitLogin: optional.Some(true)}
|
|
|
|
|
// TODO: should we implement a new, simpler, SuspendAccount() method?!
|
|
|
|
|
if err = user_service.UpdateAuth(ctx, reportedUser, authOpts); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to suspend the user: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportAction != moderation_service.ReportActionNone {
|
|
|
|
|
// TODO: currently not implemented
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("moderation.users.suspend_success"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteAccount(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
if contentID == ctx.Doer.ID {
|
|
|
|
|
ctx.Resp.Header().Add("HX-Reswap", "none") // prevent removing the report from the list
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("admin.users.cannot_delete_self"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reportedUser, err := user.GetUserByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to retrieve the user: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportedUser.IsAdmin {
|
|
|
|
|
ctx.Resp.Header().Add("HX-Reswap", "none") // prevent removing the report from the list
|
|
|
|
|
ctx.Flash.Warning(ctx.Tr("moderation.users.cannot_delete_admins"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if reportedUser.IsOrganization() {
|
|
|
|
|
reportedOrg := organization.OrgFromUser(reportedUser)
|
|
|
|
|
if err = org_service.DeleteOrganization(ctx, reportedOrg, true); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to delete the organization: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Trace("Organization deleted by admin (%s): %s", ctx.Doer.Name, reportedOrg.Name)
|
|
|
|
|
} else {
|
|
|
|
|
if err = user_service.DeleteUser(ctx, reportedUser, true); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to delete the user: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Trace("Account deleted by admin (%s): %s", ctx.Doer.Name, reportedUser.Name)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: when deleting content maybe we should always mark the reports as handled (does it makes sense to keep them open?!)
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction) // TODO: combine success messages
|
|
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteRepository(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
repo, err := repo_model.GetRepositoryByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to retrieve the repository: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err = repo_service.DeleteRepository(ctx, ctx.Doer, repo, true); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to delete the repository: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Trace("Repository deleted: %s", repo.FullName())
|
|
|
|
|
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction)
|
|
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("repo.settings.deletion_success"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteIssue(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
issue, err := issues.GetIssueByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to retrieve the issue: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err = issue_service.DeleteIssue(ctx, ctx.Doer, nil, issue); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to delete the issue: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction)
|
|
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("moderation.issue.deletion_success"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteComment(ctx *context.Context, contentType moderation.ReportedContentType, contentID int64, reportAction moderation_service.ReportAction) {
|
|
|
|
|
comment, err := issues.GetCommentByID(ctx, contentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to retrieve the comment: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err = issue_service.DeleteComment(ctx, ctx.Doer, comment); err != nil {
|
|
|
|
|
ctx.Error(http.StatusInternalServerError, fmt.Sprintf("Failed to delete the comment: %s", err.Error()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateReportStatus(ctx, contentType, contentID, reportAction)
|
|
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("moderation.comment.deletion_success"), true)
|
|
|
|
|
ctx.HTML(http.StatusOK, tplAlert)
|
|
|
|
|
}
|