Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop'

Server announcements (1st pass)

See merge request pleroma/pleroma!3643

10 files changed, 664 insertions, 0 deletions

diff --git a/lib/pleroma/announcement.ex b/lib/pleroma/announcement.ex
new file mode 100644
index 000000000..d97c5e728
--- /dev/null
+++ b/lib/pleroma/announcement.ex
@@ -0,0 +1,160 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Announcement do
+  use Ecto.Schema
+
+  import Ecto.Changeset, only: [cast: 3, validate_required: 2]
+  import Ecto.Query
+
+  alias Pleroma.AnnouncementReadRelationship
+  alias Pleroma.Repo
+
+  @type t :: %__MODULE__{}
+  @primary_key {:id, FlakeId.Ecto.CompatType, autogenerate: true}
+
+  schema "announcements" do
+    field(:data, :map)
+    field(:starts_at, :utc_datetime)
+    field(:ends_at, :utc_datetime)
+    field(:rendered, :map)
+
+    timestamps(type: :utc_datetime)
+  end
+
+  def change(struct, params \\ %{}) do
+    struct
+    |> cast(validate_params(struct, params), [:data, :starts_at, :ends_at, :rendered])
+    |> validate_required([:data])
+  end
+
+  defp validate_params(struct, params) do
+    base_data =
+      %{
+        "content" => "",
+        "all_day" => false
+      }
+      |> Map.merge((struct && struct.data) || %{})
+
+    merged_data =
+      Map.merge(base_data, params.data)
+      |> Map.take(["content", "all_day"])
+
+    params
+    |> Map.merge(%{data: merged_data})
+    |> add_rendered_properties()
+  end
+
+  def add_rendered_properties(params) do
+    {content_html, _, _} =
+      Pleroma.Web.CommonAPI.Utils.format_input(params.data["content"], "text/plain",
+        mentions_format: :full
+      )
+
+    rendered = %{
+      "content" => content_html
+    }
+
+    params
+    |> Map.put(:rendered, rendered)
+  end
+
+  def add(params) do
+    changeset = change(%__MODULE__{}, params)
+
+    Repo.insert(changeset)
+  end
+
+  def update(announcement, params) do
+    changeset = change(announcement, params)
+
+    Repo.update(changeset)
+  end
+
+  def list_all do
+    __MODULE__
+    |> Repo.all()
+  end
+
+  def list_paginated(%{limit: limited_number, offset: offset_number}) do
+    __MODULE__
+    |> limit(^limited_number)
+    |> offset(^offset_number)
+    |> Repo.all()
+  end
+
+  def get_by_id(id) do
+    Repo.get_by(__MODULE__, id: id)
+  end
+
+  def delete_by_id(id) do
+    with announcement when not is_nil(announcement) <- get_by_id(id),
+         {:ok, _} <- Repo.delete(announcement) do
+      :ok
+    else
+      _ ->
+        :error
+    end
+  end
+
+  def read_by?(announcement, user) do
+    AnnouncementReadRelationship.exists?(user, announcement)
+  end
+
+  def mark_read_by(announcement, user) do
+    AnnouncementReadRelationship.mark_read(user, announcement)
+  end
+
+  def render_json(announcement, opts \\ []) do
+    extra_params =
+      case Keyword.fetch(opts, :for) do
+        {:ok, user} when not is_nil(user) ->
+          %{read: read_by?(announcement, user)}
+
+        _ ->
+          %{}
+      end
+
+    admin_extra_params =
+      case Keyword.fetch(opts, :admin) do
+        {:ok, true} ->
+          %{pleroma: %{raw_content: announcement.data["content"]}}
+
+        _ ->
+          %{}
+      end
+
+    base = %{
+      id: announcement.id,
+      content: announcement.rendered["content"],
+      starts_at: announcement.starts_at,
+      ends_at: announcement.ends_at,
+      all_day: announcement.data["all_day"],
+      published_at: announcement.inserted_at,
+      updated_at: announcement.updated_at,
+      mentions: [],
+      statuses: [],
+      tags: [],
+      emojis: [],
+      reactions: []
+    }
+
+    base
+    |> Map.merge(extra_params)
+    |> Map.merge(admin_extra_params)
+  end
+
+  # "visible" means:
+  # starts_at < time < ends_at
+  def list_all_visible_when(time) do
+    __MODULE__
+    |> where([a], is_nil(a.starts_at) or a.starts_at < ^time)
+    |> where([a], is_nil(a.ends_at) or a.ends_at > ^time)
+    |> Repo.all()
+  end
+
+  def list_all_visible do
+    list_all_visible_when(DateTime.now("Etc/UTC") |> elem(1))
+  end
+end
diff --git a/lib/pleroma/announcement_read_relationship.ex b/lib/pleroma/announcement_read_relationship.ex
new file mode 100644
index 000000000..9b64404ce
--- /dev/null
+++ b/lib/pleroma/announcement_read_relationship.ex
@@ -0,0 +1,55 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.AnnouncementReadRelationship do
+  use Ecto.Schema
+
+  import Ecto.Changeset
+
+  alias FlakeId.Ecto.CompatType
+  alias Pleroma.Announcement
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  @type t :: %__MODULE__{}
+
+  schema "announcement_read_relationships" do
+    belongs_to(:user, User, type: CompatType)
+    belongs_to(:announcement, Announcement, type: CompatType)
+
+    timestamps(updated_at: false)
+  end
+
+  def mark_read(user, announcement) do
+    %__MODULE__{}
+    |> cast(%{user_id: user.id, announcement_id: announcement.id}, [:user_id, :announcement_id])
+    |> validate_required([:user_id, :announcement_id])
+    |> foreign_key_constraint(:user_id)
+    |> foreign_key_constraint(:announcement_id)
+    |> unique_constraint([:user_id, :announcement_id])
+    |> Repo.insert()
+  end
+
+  def mark_unread(user, announcement) do
+    with relationship <- get(user, announcement),
+         {:exists, true} <- {:exists, not is_nil(relationship)},
+         {:ok, _} <- Repo.delete(relationship) do
+      :ok
+    else
+      {:exists, false} ->
+        :ok
+
+      _ ->
+        :error
+    end
+  end
+
+  def get(user, announcement) do
+    Repo.get_by(__MODULE__, user_id: user.id, announcement_id: announcement.id)
+  end
+
+  def exists?(user, announcement) do
+    not is_nil(get(user, announcement))
+  end
+end
diff --git a/lib/pleroma/web/admin_api/controllers/announcement_controller.ex b/lib/pleroma/web/admin_api/controllers/announcement_controller.ex
new file mode 100644
index 000000000..6ad5fc12c
--- /dev/null
+++ b/lib/pleroma/web/admin_api/controllers/announcement_controller.ex
@@ -0,0 +1,83 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.AnnouncementController do
+  use Pleroma.Web, :controller
+
+  alias Pleroma.Announcement
+  alias Pleroma.Web.ControllerHelper
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+
+  plug(Pleroma.Web.ApiSpec.CastAndValidate)
+  plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action in [:create, :delete, :change])
+  plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action in [:index, :show])
+  action_fallback(Pleroma.Web.AdminAPI.FallbackController)
+
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.AnnouncementOperation
+
+  defp default_limit, do: 20
+
+  def index(conn, params) do
+    limit = Map.get(params, :limit, default_limit())
+    offset = Map.get(params, :offset, 0)
+
+    announcements = Announcement.list_paginated(%{limit: limit, offset: offset})
+
+    render(conn, "index.json", announcements: announcements)
+  end
+
+  def show(conn, %{id: id} = _params) do
+    announcement = Announcement.get_by_id(id)
+
+    if is_nil(announcement) do
+      {:error, :not_found}
+    else
+      render(conn, "show.json", announcement: announcement)
+    end
+  end
+
+  def create(%{body_params: params} = conn, _params) do
+    with {:ok, announcement} <- Announcement.add(change_params(params)) do
+      render(conn, "show.json", announcement: announcement)
+    else
+      _ ->
+        {:error, 400}
+    end
+  end
+
+  def change_params(orig_params) do
+    data =
+      %{}
+      |> Pleroma.Maps.put_if_present("content", orig_params, &Map.fetch(&1, :content))
+      |> Pleroma.Maps.put_if_present("all_day", orig_params, &Map.fetch(&1, :all_day))
+
+    orig_params
+    |> Map.merge(%{data: data})
+  end
+
+  def change(%{body_params: params} = conn, %{id: id} = _params) do
+    with announcement <- Announcement.get_by_id(id),
+         {:exists, true} <- {:exists, not is_nil(announcement)},
+         {:ok, announcement} <- Announcement.update(announcement, change_params(params)) do
+      render(conn, "show.json", announcement: announcement)
+    else
+      {:exists, false} ->
+        {:error, :not_found}
+
+      _ ->
+        {:error, 400}
+    end
+  end
+
+  def delete(conn, %{id: id} = _params) do
+    case Announcement.delete_by_id(id) do
+      :ok ->
+        conn
+        |> ControllerHelper.json_response(:ok, %{})
+
+      _ ->
+        {:error, :not_found}
+    end
+  end
+end
diff --git a/lib/pleroma/web/admin_api/views/announcement_view.ex b/lib/pleroma/web/admin_api/views/announcement_view.ex
new file mode 100644
index 000000000..a35bd60cf
--- /dev/null
+++ b/lib/pleroma/web/admin_api/views/announcement_view.ex
@@ -0,0 +1,15 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.AnnouncementView do
+  use Pleroma.Web, :view
+
+  def render("index.json", %{announcements: announcements}) do
+    render_many(announcements, __MODULE__, "show.json")
+  end
+
+  def render("show.json", %{announcement: announcement}) do
+    Pleroma.Announcement.render_json(announcement, admin: true)
+  end
+end
diff --git a/lib/pleroma/web/api_spec/operations/admin/announcement_operation.ex b/lib/pleroma/web/api_spec/operations/admin/announcement_operation.ex
new file mode 100644
index 000000000..58a039e72
--- /dev/null
+++ b/lib/pleroma/web/api_spec/operations/admin/announcement_operation.ex
@@ -0,0 +1,165 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.Admin.AnnouncementOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.Announcement
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
+
+  import Pleroma.Web.ApiSpec.Helpers
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def index_operation do
+    %Operation{
+      tags: ["Announcement managment"],
+      summary: "Retrieve a list of announcements",
+      operationId: "AdminAPI.AnnouncementController.index",
+      security: [%{"oAuth" => ["admin:read"]}],
+      parameters: [
+        Operation.parameter(
+          :limit,
+          :query,
+          %Schema{type: :integer, minimum: 1},
+          "the maximum number of announcements to return"
+        ),
+        Operation.parameter(
+          :offset,
+          :query,
+          %Schema{type: :integer, minimum: 0},
+          "the offset of the first announcement to return"
+        )
+        | admin_api_params()
+      ],
+      responses: %{
+        200 => Operation.response("Response", "application/json", list_of_announcements()),
+        400 => Operation.response("Forbidden", "application/json", ApiError),
+        403 => Operation.response("Forbidden", "application/json", ApiError)
+      }
+    }
+  end
+
+  def show_operation do
+    %Operation{
+      tags: ["Announcement managment"],
+      summary: "Display one announcement",
+      operationId: "AdminAPI.AnnouncementController.show",
+      security: [%{"oAuth" => ["admin:read"]}],
+      parameters: [
+        Operation.parameter(
+          :id,
+          :path,
+          :string,
+          "announcement id"
+        )
+        | admin_api_params()
+      ],
+      responses: %{
+        200 => Operation.response("Response", "application/json", Announcement),
+        403 => Operation.response("Forbidden", "application/json", ApiError),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def delete_operation do
+    %Operation{
+      tags: ["Announcement managment"],
+      summary: "Delete one announcement",
+      operationId: "AdminAPI.AnnouncementController.delete",
+      security: [%{"oAuth" => ["admin:write"]}],
+      parameters: [
+        Operation.parameter(
+          :id,
+          :path,
+          :string,
+          "announcement id"
+        )
+        | admin_api_params()
+      ],
+      responses: %{
+        200 => Operation.response("Response", "application/json", %Schema{type: :object}),
+        403 => Operation.response("Forbidden", "application/json", ApiError),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def create_operation do
+    %Operation{
+      tags: ["Announcement managment"],
+      summary: "Create one announcement",
+      operationId: "AdminAPI.AnnouncementController.create",
+      security: [%{"oAuth" => ["admin:write"]}],
+      requestBody: request_body("Parameters", create_request(), required: true),
+      responses: %{
+        200 => Operation.response("Response", "application/json", Announcement),
+        400 => Operation.response("Bad Request", "application/json", ApiError),
+        403 => Operation.response("Forbidden", "application/json", ApiError)
+      }
+    }
+  end
+
+  def change_operation do
+    %Operation{
+      tags: ["Announcement managment"],
+      summary: "Change one announcement",
+      operationId: "AdminAPI.AnnouncementController.change",
+      security: [%{"oAuth" => ["admin:write"]}],
+      parameters: [
+        Operation.parameter(
+          :id,
+          :path,
+          :string,
+          "announcement id"
+        )
+        | admin_api_params()
+      ],
+      requestBody: request_body("Parameters", change_request(), required: true),
+      responses: %{
+        200 => Operation.response("Response", "application/json", Announcement),
+        400 => Operation.response("Bad Request", "application/json", ApiError),
+        403 => Operation.response("Forbidden", "application/json", ApiError),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  defp create_or_change_props do
+    %{
+      content: %Schema{type: :string},
+      starts_at: %Schema{type: :string, format: "date-time", nullable: true},
+      ends_at: %Schema{type: :string, format: "date-time", nullable: true},
+      all_day: %Schema{type: :boolean}
+    }
+  end
+
+  def create_request do
+    %Schema{
+      title: "AnnouncementCreateRequest",
+      type: :object,
+      required: [:content],
+      properties: create_or_change_props()
+    }
+  end
+
+  def change_request do
+    %Schema{
+      title: "AnnouncementChangeRequest",
+      type: :object,
+      properties: create_or_change_props()
+    }
+  end
+
+  def list_of_announcements do
+    %Schema{
+      type: :array,
+      items: Announcement
+    }
+  end
+end
diff --git a/lib/pleroma/web/api_spec/operations/announcement_operation.ex b/lib/pleroma/web/api_spec/operations/announcement_operation.ex
new file mode 100644
index 000000000..71be0002a
--- /dev/null
+++ b/lib/pleroma/web/api_spec/operations/announcement_operation.ex
@@ -0,0 +1,57 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.AnnouncementOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.Announcement
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def index_operation do
+    %Operation{
+      tags: ["Announcement"],
+      summary: "Retrieve a list of announcements",
+      operationId: "MastodonAPI.AnnouncementController.index",
+      security: [%{"oAuth" => []}],
+      responses: %{
+        200 => Operation.response("Response", "application/json", list_of_announcements()),
+        403 => Operation.response("Forbidden", "application/json", ApiError)
+      }
+    }
+  end
+
+  def mark_read_operation do
+    %Operation{
+      tags: ["Announcement"],
+      summary: "Mark one announcement as read",
+      operationId: "MastodonAPI.AnnouncementController.mark_read",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      parameters: [
+        Operation.parameter(
+          :id,
+          :path,
+          :string,
+          "announcement id"
+        )
+      ],
+      responses: %{
+        200 => Operation.response("Response", "application/json", %Schema{type: :object}),
+        403 => Operation.response("Forbidden", "application/json", ApiError),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def list_of_announcements do
+    %Schema{
+      type: :array,
+      items: Announcement
+    }
+  end
+end
diff --git a/lib/pleroma/web/api_spec/schemas/announcement.ex b/lib/pleroma/web/api_spec/schemas/announcement.ex
new file mode 100644
index 000000000..67d129ef6
--- /dev/null
+++ b/lib/pleroma/web/api_spec/schemas/announcement.ex
@@ -0,0 +1,45 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.Schemas.Announcement do
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.FlakeID
+
+  require OpenApiSpex
+
+  OpenApiSpex.schema(%{
+    title: "Announcement",
+    description: "Response schema for an announcement",
+    type: :object,
+    properties: %{
+      id: FlakeID,
+      content: %Schema{type: :string},
+      starts_at: %Schema{
+        type: :string,
+        format: "date-time",
+        nullable: true
+      },
+      ends_at: %Schema{
+        type: :string,
+        format: "date-time",
+        nullable: true
+      },
+      all_day: %Schema{type: :boolean},
+      published_at: %Schema{type: :string, format: "date-time"},
+      updated_at: %Schema{type: :string, format: "date-time"},
+      read: %Schema{type: :boolean},
+      mentions: %Schema{type: :array},
+      statuses: %Schema{type: :array},
+      tags: %Schema{type: :array},
+      emojis: %Schema{type: :array},
+      reactions: %Schema{type: :array},
+      pleroma: %Schema{
+        type: :object,
+        properties: %{
+          raw_content: %Schema{type: :string}
+        }
+      }
+    }
+  })
+end
diff --git a/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex b/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex
new file mode 100644
index 000000000..080af96d5
--- /dev/null
+++ b/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex
@@ -0,0 +1,60 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.AnnouncementController do
+  use Pleroma.Web, :controller
+
+  import Pleroma.Web.ControllerHelper,
+    only: [
+      json_response: 3
+    ]
+
+  alias Pleroma.Announcement
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+
+  plug(Pleroma.Web.ApiSpec.CastAndValidate)
+
+  # Mastodon docs say this only requires a user token, no scopes needed
+  # As the op `|` requires at least one scope to be present, we use `&` here.
+  plug(
+    OAuthScopesPlug,
+    %{scopes: [], op: :&}
+    when action in [:index]
+  )
+
+  # Same as in MastodonAPI specs
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:accounts"]}
+    when action in [:mark_read]
+  )
+
+  action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
+
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AnnouncementOperation
+
+  @doc "GET /api/v1/announcements"
+  def index(%{assigns: %{user: user}} = conn, _params) do
+    render(conn, "index.json", announcements: all_visible(), user: user)
+  end
+
+  def index(conn, _params) do
+    render(conn, "index.json", announcements: all_visible(), user: nil)
+  end
+
+  defp all_visible do
+    Announcement.list_all_visible()
+  end
+
+  @doc "POST /api/v1/announcements/:id/dismiss"
+  def mark_read(%{assigns: %{user: user}} = conn, %{id: id} = _params) do
+    with announcement when not is_nil(announcement) <- Announcement.get_by_id(id),
+         {:ok, _} <- Announcement.mark_read_by(announcement, user) do
+      json_response(conn, :ok, %{})
+    else
+      _ ->
+        {:error, :not_found}
+    end
+  end
+end
diff --git a/lib/pleroma/web/mastodon_api/views/announcement_view.ex b/lib/pleroma/web/mastodon_api/views/announcement_view.ex
new file mode 100644
index 000000000..93fdfb1f1
--- /dev/null
+++ b/lib/pleroma/web/mastodon_api/views/announcement_view.ex
@@ -0,0 +1,15 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.AnnouncementView do
+  use Pleroma.Web, :view
+
+  def render("index.json", %{announcements: announcements, user: user}) do
+    render_many(announcements, __MODULE__, "show.json", user: user)
+  end
+
+  def render("show.json", %{announcement: announcement, user: user}) do
+    Pleroma.Announcement.render_json(announcement, for: user)
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index ceb6c3cfd..7bbc20275 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -229,6 +229,12 @@ defmodule Pleroma.Web.Router do
     post("/frontends/install", FrontendController, :install)
 
     post("/backups", AdminAPIController, :create_backup)
+
+    get("/announcements", AnnouncementController, :index)
+    post("/announcements", AnnouncementController, :create)
+    get("/announcements/:id", AnnouncementController, :show)
+    patch("/announcements/:id", AnnouncementController, :change)
+    delete("/announcements/:id", AnnouncementController, :delete)
   end
 
   # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
@@ -575,6 +581,9 @@ defmodule Pleroma.Web.Router do
     get("/timelines/home", TimelineController, :home)
     get("/timelines/direct", TimelineController, :direct)
     get("/timelines/list/:list_id", TimelineController, :list)
+
+    get("/announcements", AnnouncementController, :index)
+    post("/announcements/:id/dismiss", AnnouncementController, :mark_read)
   end
 
   scope "/api/v1", Pleroma.Web.MastodonAPI do