Add trending statuses (#17431)

* Add trending statuses * Fix dangling items with stale scores in localized sets * Various fixes and improvements - Change approve_all/reject_all to approve_accounts/reject_accounts - Change Trends::Query methods to not mutate the original query - Change Trends::Query#skip to offset - Change follow recommendations to be refreshed in a transaction * Add tests for trending statuses filtering behaviour * Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
parent a29a982eaa
commit 27965ce5ed
71 changed files with 1074 additions and 307 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -7,7 +7,7 @@
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/models/status.rb",
-      "line": 104,
+      "line": 105,
      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")",
      "render_path": null,
@ -20,6 +20,26 @@
      "confidence": "Weak",
      "note": ""
    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "30dfe36e87fe1b8f239df9a33d576e44a9863f73b680198d4713be6540ae61d3",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/trends/query.rb",
+      "line": 60,
+      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "klass.joins(\"join unnest(array[#{ids.join(\",\")}]) with ordinality as x (id, ordering) on #{klass.table_name}.id = x.id\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Trends::Query",
+        "method": "to_arel"
+      },
+      "user_input": "ids.join(\",\")",
+      "confidence": "Weak",
+      "note": ""
+    },
    {
      "warning_type": "Redirect",
      "warning_code": 18,
@ -100,26 +120,6 @@
      "confidence": "High",
      "note": ""
    },
-    {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "8c1d8c4b76c1cd3960e90dff999f854a6ff742fcfd8de6c7184ac5a1b1a4d7dd",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/preview_card_filter.rb",
-      "line": 50,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "PreviewCard.joins(\"join unnest(array[#{(Trends.links.currently_trending_ids(true, -1) or Trends.links.currently_trending_ids(false, -1)).map(&:to_i).join(\",\")}]::integer[]) with ordinality as x (id, ordering) on preview_cards.id = x.id\")",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "PreviewCardFilter",
-        "method": "trending_scope"
-      },
-      "user_input": "(Trends.links.currently_trending_ids(true, -1) or Trends.links.currently_trending_ids(false, -1)).map(&:to_i).join(\",\")",
-      "confidence": "Medium",
-      "note": ""
-    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 2,
@ -134,7 +134,7 @@
        {
          "type": "template",
          "name": "admin/disputes/appeals/index",
-          "line": 16,
+          "line": 20,
          "file": "app/views/admin/disputes/appeals/index.html.haml",
          "rendered": {
            "name": "admin/disputes/appeals/_appeal",
@ -170,26 +170,6 @@
      "confidence": "High",
      "note": ""
    },
-    {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "c32a484ccd9da46abd3bc93d08b72029d7dbc0576ccf4e878a9627e9a83cad2e",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/tag_filter.rb",
-      "line": 50,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "Tag.joins(\"join unnest(array[#{Trends.tags.currently_trending_ids(false, -1).map(&:to_i).join(\",\")}]::integer[]) with ordinality as x (id, ordering) on tags.id = x.id\")",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "TagFilter",
-        "method": "trending_scope"
-      },
-      "user_input": "Trends.tags.currently_trending_ids(false, -1).map(&:to_i).join(\",\")",
-      "confidence": "Medium",
-      "note": ""
-    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,
@ -204,7 +184,7 @@
        {
          "type": "template",
          "name": "admin/trends/links/index",
-          "line": 39,
+          "line": 45,
          "file": "app/views/admin/trends/links/index.html.haml",
          "rendered": {
            "name": "admin/trends/links/_preview_card",
@ -241,6 +221,6 @@
      "note": ""
    }
  ],
-  "updated": "2022-02-13 02:24:12 +0100",
+  "updated": "2022-02-15 03:48:53 +0100",
  "brakeman_version": "5.2.1"
 }
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -787,6 +787,15 @@ en:
        rejected: Links from this publisher won't trend
        title: Publishers
      rejected: Rejected
+      statuses:
+        allow: Allow post
+        allow_account: Allow author
+        disallow: Disallow post
+        disallow_account: Disallow author
+        shared_by:
+          one: Shared or favourited one time
+          other: Shared and favourited %{friendly_count} times
+        title: Trending posts
      tags:
        current_score: Current score %{score}
        dashboard:
@ -835,16 +844,21 @@ en:
      body: "%{reporter} has reported %{target}"
      body_remote: Someone from %{domain} has reported %{target}
      subject: New report for %{instance} (#%{id})
-    new_trending_links:
-      body: The following links are trending today, but their publishers have not been previously reviewed. They will not be displayed publicly unless you approve them. Further notifications from the same publishers will not be generated.
-      no_approved_links: There are currently no approved trending links.
-      requirements: The lowest approved trending link is currently "%{lowest_link_title}" with a score of %{lowest_link_score}.
-      subject: New trending links up for review on %{instance}
-    new_trending_tags:
-      body: 'The following hashtags are trending today, but they have not been previously reviewed. They will not be displayed publicly unless you approve them:'
-      no_approved_tags: There are currently no approved trending hashtags.
-      requirements: 'The lowest approved trending hashtag is currently #%{lowest_tag_name} with a score of %{lowest_tag_score}.'
-      subject: New trending hashtags up for review on %{instance}
+    new_trends:
+      body: 'The following items need a review before they can be displayed publicly:'
+      new_trending_links:
+        no_approved_links: There are currently no approved trending links.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending link, which is currently "%{lowest_link_title}" with a score of %{lowest_link_score}.'
+        title: Trending links
+      new_trending_statuses:
+        no_approved_statuses: There are currently no approved trending posts.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending post, which is currently %{lowest_status_url} with a score of %{lowest_status_score}.'
+        title: Trending posts
+      new_trending_tags:
+        no_approved_tags: There are currently no approved trending hashtags.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending hashtag, which is currently #%{lowest_tag_name} with a score of %{lowest_tag_score}.'
+        title: Trending hashtags
+      subject: New trends up for review on %{instance}
  aliases:
    add_new: Create alias
    created_msg: Successfully created a new alias. You can now initiate the move from the old account.
--- a/config/navigation.rb
+++ b/config/navigation.rb
@ -34,6 +34,7 @@ SimpleNavigation::Configuration.run do |navigation|
    n.item :development, safe_join([fa_icon('code fw'), t('settings.development')]), settings_applications_url, if: -> { current_user.functional? }

    n.item :trends, safe_join([fa_icon('fire fw'), t('admin.trends.title')]), admin_trends_tags_path, if: proc { current_user.staff? } do |s|
+      s.item :statuses, safe_join([fa_icon('comments-o fw'), t('admin.trends.statuses.title')]), admin_trends_statuses_path, highlights_on: %r{/admin/trends/statuses}
      s.item :tags, safe_join([fa_icon('hashtag fw'), t('admin.trends.tags.title')]), admin_trends_tags_path, highlights_on: %r{/admin/tags|/admin/trends/tags}
      s.item :links, safe_join([fa_icon('newspaper-o fw'), t('admin.trends.links.title')]), admin_trends_links_path, highlights_on: %r{/admin/trends/links}
    end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -327,6 +327,12 @@ Rails.application.routes.draw do
        end
      end

+      resources :statuses, only: [:index] do
+        collection do
+          post :batch
+        end
+      end
+
      namespace :links do
        resources :preview_card_providers, only: [:index], path: :publishers do
          collection do
@ -448,6 +454,7 @@ Rails.application.routes.draw do
      namespace :trends do
        resources :links, only: [:index]
        resources :tags, only: [:index]
+        resources :statuses, only: [:index]
      end

      namespace :emails do
@ -554,6 +561,8 @@ Rails.application.routes.draw do

        namespace :trends do
          resources :tags, only: [:index]
+          resources :links, only: [:index]
+          resources :statuses, only: [:index]
        end

        post :measures, to: 'measures#create'