github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-19 20:16:03 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
4a7ed8b9f8
discourse/app/controllers/categories_controller.rb
Bianca Nenciu 5b19e2ca0f
FIX: Filter out secured categories first (#29916) 
The hierarchical search for categories is composed of several complex
nested queries. This change ensures that the secured categories are
filtered out as soon as possible to ensure that the default limit of 5
categories is reached.

Without this fix, the search can return less than 5 categories if any
of the first 5 categories cannot be displayed due to permissions.
2024-11-28 17:09:16 +02:00

682 lines
21 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class CategoriesController < ApplicationController
include TopicQueryParams
requires_login except: %i[
index
categories_and_latest
categories_and_top
categories_and_hot
show
redirect
find_by_slug
visible_groups
find
search
]
before_action :fetch_category, only: %i[show update destroy visible_groups]
before_action :initialize_staff_action_logger, only: %i[create update destroy]
skip_before_action :check_xhr,
only: %i[
index
categories_and_latest
categories_and_top
categories_and_hot
redirect
]
skip_before_action :verify_authenticity_token, only: %i[search]
SYMMETRICAL_CATEGORIES_TO_TOPICS_FACTOR = 1.5
MIN_CATEGORIES_TOPICS = 5
MAX_CATEGORIES_LIMIT = 25
def redirect
return if handle_permalink("/category/#{params[:path]}")
redirect_to path("/c/#{params[:path]}")
end
def index
discourse_expires_in 1.minute
@category_list = fetch_category_list
respond_to do |format|
format.html do
@title =
if current_homepage == "categories" && SiteSetting.short_site_description.present?
"#{SiteSetting.title} - #{SiteSetting.short_site_description}"
elsif current_homepage != "categories"
"#{I18n.t("js.filters.categories.title")} - #{SiteSetting.title}"
end
@description = SiteSetting.site_description
store_preloaded(
@category_list.preload_key,
MultiJson.dump(CategoryListSerializer.new(@category_list, scope: guardian)),
)
@topic_list = fetch_topic_list
if @topic_list.present? && @topic_list.topics.present?
store_preloaded(
@topic_list.preload_key,
MultiJson.dump(TopicListSerializer.new(@topic_list, scope: guardian)),
)
end
render
end
format.json { render_serialized(@category_list, CategoryListSerializer) }
end
end
def categories_and_latest
categories_and_topics(:latest)
end
def categories_and_top
categories_and_topics(:top)
end
def categories_and_hot
categories_and_topics(:hot)
end
def move
guardian.ensure_can_create_category!
params.require("category_id")
params.require("position")
if category = Category.find(params["category_id"])
category.move_to(params["position"].to_i)
render json: success_json
else
render status: 500, json: failed_json
end
end
def reorder
guardian.ensure_can_create_category!
params.require(:mapping)
change_requests = MultiJson.load(params[:mapping])
by_category = Hash[change_requests.map { |cat, pos| [Category.find(cat.to_i), pos] }]
unless guardian.is_admin?
unless by_category.keys.all? { |c| guardian.can_see_category? c }
raise Discourse::InvalidAccess
end
end
by_category.each do |cat, pos|
cat.position = pos
cat.save! if cat.will_save_change_to_position?
end
render json: success_json
end
def show
guardian.ensure_can_see!(@category)
if Category.topic_create_allowed(guardian).where(id: @category.id).exists?
@category.permission = CategoryGroup.permission_types[:full]
end
render_serialized(@category, CategorySerializer)
end
def create
guardian.ensure_can_create!(Category)
position = category_params.delete(:position)
@category =
begin
Category.new(required_create_params.merge(user: current_user))
rescue ArgumentError => e
return render json: { errors: [e.message] }, status: 422
end
if @category.save
@category.move_to(position.to_i) if position
Scheduler::Defer.later "Log staff action create category" do
@staff_action_logger.log_category_creation(@category)
end
render_serialized(@category, CategorySerializer)
else
render_json_error(@category)
end
end
def update
guardian.ensure_can_edit!(@category)
json_result(@category, serializer: CategorySerializer) do |cat|
old_category_params = category_params.dup
cat.move_to(category_params[:position].to_i) if category_params[:position]
category_params.delete(:position)
old_custom_fields = cat.custom_fields.dup
if category_params[:custom_fields]
category_params[:custom_fields].each do |key, value|
if value.present?
cat.custom_fields[key] = value
else
cat.custom_fields.delete(key)
end
end
end
category_params.delete(:custom_fields)
# properly null the value so the database constraint doesn't catch us
category_params[:email_in] = nil if category_params[:email_in].blank?
category_params[:minimum_required_tags] = 0 if category_params[:minimum_required_tags].blank?
old_permissions = cat.permissions_params
old_permissions = { "everyone" => 1 } if old_permissions.empty?
if result = cat.update(category_params)
Scheduler::Defer.later "Log staff action change category settings" do
@staff_action_logger.log_category_settings_change(
@category,
old_category_params,
old_permissions: old_permissions,
old_custom_fields: old_custom_fields,
)
end
end
DiscourseEvent.trigger(:category_updated, cat) if result
result
end
end
def update_slug
@category = Category.find(params[:category_id].to_i)
guardian.ensure_can_edit!(@category)
custom_slug = params[:slug].to_s
if custom_slug.blank?
error = @category.errors.full_message(:slug, I18n.t("errors.messages.blank"))
render_json_error(error)
elsif @category.update(slug: custom_slug)
render json: success_json
else
render_json_error(@category)
end
end
def set_notifications
category_id = params[:category_id].to_i
notification_level = params[:notification_level].to_i
CategoryUser.set_notification_level_for_category(current_user, notification_level, category_id)
render json:
success_json.merge(
{
indirectly_muted_category_ids:
CategoryUser.indirectly_muted_category_ids(current_user),
},
)
end
def destroy
guardian.ensure_can_delete!(@category)
@category.destroy
Scheduler::Defer.later "Log staff action delete category" do
@staff_action_logger.log_category_deletion(@category)
end
render json: success_json
end
def find_by_slug
params.require(:category_slug)
@category =
Category.includes(:category_setting).find_by_slug_path(params[:category_slug].split("/"))
raise Discourse::NotFound if @category.blank?
if !guardian.can_see?(@category)
if SiteSetting.detailed_404 && group = @category.access_category_via_group
raise Discourse::InvalidAccess.new(
"not in group",
@category,
custom_message: "not_in_group.title_category",
custom_message_params: {
group: group.name,
},
group: group,
)
else
raise Discourse::NotFound
end
end
@category.permission = CategoryGroup.permission_types[:full] if Category
.topic_create_allowed(guardian)
.where(id: @category.id)
.exists?
render_serialized(@category, CategorySerializer)
end
def visible_groups
@guardian.ensure_can_see!(@category)
groups =
if !@category.groups.exists?(id: Group::AUTO_GROUPS[:everyone])
@category.groups.merge(Group.visible_groups(current_user)).pluck("name")
end
render json: success_json.merge(groups: groups || [])
end
def find
categories = []
serializer = params[:include_permissions] ? CategorySerializer : SiteCategorySerializer
if params[:ids].present?
categories = Category.secured(guardian).where(id: params[:ids])
elsif params[:slug_path].present?
category = Category.find_by_slug_path(params[:slug_path].split("/"))
raise Discourse::NotFound if category.blank?
guardian.ensure_can_see!(category)
ancestors = Category.secured(guardian).with_ancestors(category.id).where.not(id: category.id)
categories = [*ancestors, category]
elsif params[:slug_path_with_id].present?
category = Category.find_by_slug_path_with_id(params[:slug_path_with_id])
raise Discourse::NotFound if category.blank?
guardian.ensure_can_see!(category)
ancestors = Category.secured(guardian).with_ancestors(category.id).where.not(id: category.id)
categories = [*ancestors, category]
end
raise Discourse::NotFound if categories.blank?
Category.preload_user_fields!(guardian, categories)
render_serialized(categories, serializer, root: :categories, scope: guardian)
end
def hierarchical_search
term = params[:term].to_s.strip
page = [1, params[:page].to_i].max
offset = params[:offset].to_i
parent_category_id = params[:parent_category_id].to_i if params[:parent_category_id].present?
only =
if params[:only].present?
Category.secured(guardian).where(id: params[:only].to_a.map(&:to_i))
else
Category.secured(guardian)
end
except_ids = params[:except].to_a.map(&:to_i)
include_uncategorized =
(
if params[:include_uncategorized].present?
ActiveModel::Type::Boolean.new.cast(params[:include_uncategorized])
else
true
end
)
except_ids << SiteSetting.uncategorized_category_id unless include_uncategorized
except = Category.where(id: except_ids) if except_ids.present?
limit =
(
if params[:limit].present?
params[:limit].to_i.clamp(1, MAX_CATEGORIES_LIMIT)
else
MAX_CATEGORIES_LIMIT
end
)
categories =
Category
.secured(guardian)
.limited_categories_matching(only, except, parent_category_id, term)
.preload(
:uploaded_logo,
:uploaded_logo_dark,
:uploaded_background,
:uploaded_background_dark,
:tags,
:tag_groups,
:form_templates,
category_required_tag_groups: :tag_group,
)
.joins("LEFT JOIN topics t on t.id = categories.topic_id")
.select("categories.*, t.slug topic_slug")
.limit(limit)
.offset((page - 1) * limit + offset)
.to_a
if Site.preloaded_category_custom_fields.present?
Category.preload_custom_fields(categories, Site.preloaded_category_custom_fields)
end
Category.preload_user_fields!(guardian, categories)
response = { categories: serialize_data(categories, SiteCategorySerializer, scope: guardian) }
render_json_dump(response)
end
def search
term = params[:term].to_s.strip
parent_category_id = params[:parent_category_id].to_i if params[:parent_category_id].present?
include_uncategorized =
(
if params[:include_uncategorized].present?
ActiveModel::Type::Boolean.new.cast(params[:include_uncategorized])
else
true
end
)
if params[:select_category_ids].is_a?(Array)
select_category_ids = params[:select_category_ids].map(&:presence)
end
if params[:reject_category_ids].is_a?(Array)
reject_category_ids = params[:reject_category_ids].map(&:presence)
end
include_subcategories =
if params[:include_subcategories].present?
ActiveModel::Type::Boolean.new.cast(params[:include_subcategories])
else
true
end
include_ancestors =
if params[:include_ancestors].present?
ActiveModel::Type::Boolean.new.cast(params[:include_ancestors])
else
false
end
prioritized_category_id = params[:prioritized_category_id].to_i if params[
:prioritized_category_id
].present?
limit =
(
if params[:limit].present?
params[:limit].to_i.clamp(1, MAX_CATEGORIES_LIMIT)
else
MAX_CATEGORIES_LIMIT
end
)
page = [1, params[:page].to_i].max
categories = Category.secured(guardian)
if term.present? && words = term.split
words.each { |word| categories = categories.where("name ILIKE ?", "%#{word}%") }
end
categories =
(
if parent_category_id != -1
categories.where(parent_category_id: parent_category_id)
else
categories.where(parent_category_id: nil)
end
) if parent_category_id.present?
categories =
categories.where.not(id: SiteSetting.uncategorized_category_id) if !include_uncategorized
categories = categories.where(id: select_category_ids) if select_category_ids
categories = categories.where.not(id: reject_category_ids) if reject_category_ids
categories = categories.where(parent_category_id: nil) if !include_subcategories
categories_count = categories.count
categories =
categories
.includes(
:uploaded_logo,
:uploaded_logo_dark,
:uploaded_background,
:uploaded_background_dark,
:tags,
:tag_groups,
:form_templates,
category_required_tag_groups: :tag_group,
)
.joins("LEFT JOIN topics t on t.id = categories.topic_id")
.select("categories.*, t.slug topic_slug")
.order(
"starts_with(lower(categories.name), #{ActiveRecord::Base.connection.quote(term)}) DESC",
"categories.parent_category_id IS NULL DESC",
"categories.id IS NOT DISTINCT FROM #{ActiveRecord::Base.connection.quote(prioritized_category_id)} DESC",
"categories.parent_category_id IS NOT DISTINCT FROM #{ActiveRecord::Base.connection.quote(prioritized_category_id)} DESC",
"categories.id ASC",
)
.limit(limit)
.offset((page - 1) * limit)
if Site.preloaded_category_custom_fields.present?
Category.preload_custom_fields(categories, Site.preloaded_category_custom_fields)
end
Category.preload_user_fields!(guardian, categories)
response = {
categories_count: categories_count,
categories: serialize_data(categories, SiteCategorySerializer, scope: guardian),
}
if include_ancestors
ancestors = Category.secured(guardian).ancestors_of(categories.map(&:id))
Category.preload_user_fields!(guardian, ancestors)
response[:ancestors] = serialize_data(ancestors, SiteCategorySerializer, scope: guardian)
end
render_json_dump(response)
end
private
def self.topics_per_page
return SiteSetting.categories_topics if SiteSetting.categories_topics > 0
count = Category.where(parent_category: nil).count
count = (SYMMETRICAL_CATEGORIES_TO_TOPICS_FACTOR * count).to_i
count > MIN_CATEGORIES_TOPICS ? count : MIN_CATEGORIES_TOPICS
end
def categories_and_topics(topics_filter)
discourse_expires_in 1.minute
result = CategoryAndTopicLists.new
result.category_list = fetch_category_list
result.topic_list = fetch_topic_list(topics_filter:)
render_serialized(result, CategoryAndTopicListsSerializer, root: false)
end
def required_param_keys
[:name]
end
def required_create_params
required_param_keys.each { |key| params.require(key) }
category_params
end
def category_params
@category_params ||=
begin
if p = params[:permissions]
p.each { |k, v| p[k] = v.to_i }
end
if SiteSetting.tagging_enabled
params[:allowed_tags] = params[:allowed_tags].presence || [] if params[:allowed_tags]
params[:allowed_tag_groups] = params[:allowed_tag_groups].presence || [] if params[
:allowed_tag_groups
]
params[:required_tag_groups] = params[:required_tag_groups].presence || [] if params[
:required_tag_groups
]
end
conditional_param_keys = []
if SiteSetting.enable_category_group_moderation?
conditional_param_keys << { moderating_group_ids: [] }
end
result =
params.permit(
*required_param_keys,
:position,
:name,
:color,
:text_color,
:email_in,
:email_in_allow_strangers,
:mailinglist_mirror,
:all_topics_wiki,
:allow_unlimited_owner_edits_on_first_post,
:default_slow_mode_seconds,
:parent_category_id,
:auto_close_hours,
:auto_close_based_on_last_post,
:uploaded_logo_id,
:uploaded_logo_dark_id,
:uploaded_background_id,
:uploaded_background_dark_id,
:slug,
:allow_badges,
:topic_template,
:sort_order,
:sort_ascending,
:topic_featured_link_allowed,
:show_subcategory_list,
:num_featured_topics,
:default_view,
:subcategory_list_style,
:default_top_period,
:minimum_required_tags,
:navigate_to_first_post_after_read,
:search_priority,
:allow_global_tags,
:read_only_banner,
:default_list_filter,
*conditional_param_keys,
category_setting_attributes: %i[
auto_bump_cooldown_days
num_auto_bump_daily
require_reply_approval
require_topic_approval
],
custom_fields: [custom_field_params],
permissions: [*p.try(:keys)],
allowed_tags: [],
allowed_tag_groups: [],
required_tag_groups: %i[name min_count],
form_template_ids: [],
)
if result[:required_tag_groups] && !result[:required_tag_groups].is_a?(Array)
raise Discourse::InvalidParameters.new(:required_tag_groups)
end
result
end
end
def custom_field_params
keys = params[:custom_fields].try(:keys)
return if keys.blank?
keys.map { |key| params[:custom_fields][key].is_a?(Array) ? { key => [] } : key }
end
def fetch_category
@category = Category.find_by_slug(params[:id]) || Category.find_by(id: params[:id].to_i)
raise Discourse::NotFound if @category.blank?
end
def fetch_category_list
parent_category =
if params[:parent_category_id].present?
Category.find_by_slug(params[:parent_category_id]) ||
Category.find_by(id: params[:parent_category_id].to_i)
elsif params[:category_slug_path_with_id].present?
Category.find_by_slug_path_with_id(params[:category_slug_path_with_id])
end
include_topics =
view_context.mobile_view? || params[:include_topics] ||
(parent_category && parent_category.subcategory_list_includes_topics?) ||
SiteSetting.desktop_category_page_style == "categories_with_featured_topics" ||
SiteSetting.desktop_category_page_style == "subcategories_with_featured_topics" ||
SiteSetting.desktop_category_page_style == "categories_boxes_with_topics" ||
SiteSetting.desktop_category_page_style == "categories_with_top_topics"
include_subcategories =
SiteSetting.desktop_category_page_style == "subcategories_with_featured_topics" ||
params[:include_subcategories] == "true"
category_options = {
is_homepage: current_homepage == "categories",
parent_category_id: parent_category&.id,
include_topics: include_topics,
include_subcategories: include_subcategories,
tag: params[:tag],
page: params[:page].try(:to_i) || 1,
}
@category_list = CategoryList.new(guardian, category_options)
end
def fetch_topic_list(topics_filter: nil)
style =
if topics_filter
"categories_and_#{topics_filter}_topics"
else
SiteSetting.desktop_category_page_style
end
topic_options = { per_page: CategoriesController.topics_per_page, no_definitions: true }
topic_options.merge!(build_topic_list_options)
topic_options[:order] = "created" if SiteSetting.desktop_category_page_style ==
"categories_and_latest_topics_created_date"
case style
when "categories_and_latest_topics", "categories_and_latest_topics_created_date"
@topic_list = TopicQuery.new(current_user, topic_options).list_latest
@topic_list.more_topics_url = url_for(latest_path(sort: topic_options[:order]))
when "categories_and_top_topics"
@topic_list =
TopicQuery.new(current_user, topic_options).list_top_for(
SiteSetting.top_page_default_timeframe.to_sym,
)
@topic_list.more_topics_url = url_for(top_path)
when "categories_and_hot_topics"
@topic_list = TopicQuery.new(current_user, topic_options).list_hot
@topic_list.more_topics_url = url_for(hot_path)
end
@topic_list
end
def initialize_staff_action_logger
@staff_action_logger = StaffActionLogger.new(current_user)
end
end
Reference in New Issue View Git Blame Copy Permalink