Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Privelege to list & view unsafe posts #714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
Loading
from
Open

Privelege to list & view unsafe posts #714

wants to merge 5 commits into from

Conversation

Hunternif
Copy link
Contributor

@Hunternif Hunternif commented Feb 16, 2025
edited
Loading

Use case: I want to show off the awesome szurubooru to my friend, but I don't want them to see my nsfw posts XD

This PR adds 2 privileges:

'posts:list:unsafe':    regular
'posts:view:unsafe':    regular

The view privilege restricts viewing "unsafe" posts via post_api. (But you can still see thumbnails.)
The list privilege filters out any "unsafe" posts from your query, for all queries.
Adds unit tests too.

@bakedhorse bakedhorse mentioned this pull request Feb 17, 2025
Open
@hujle
Copy link
Contributor

hujle commented Mar 1, 2025

That's a good feature, but I wish it wasn't pinned to unsafe category and could be applied to any of them.

On that note, an extra "hidden" category with these permissions applied to it would be better solution.

@po5
server: prevent cache key collision
928f949 
Since search queries get cached, when a search performed by a
privileged user is repeated by an unprivileged user, they will receive
a listing that erroneously includes unsafe posts. The same is true the
other way around, a tag search that is first performed by an anonymous
user will cause any hidden posts for that query to not show up for the
logged in user. This is because the initial search claims the cache key.
@po5
Copy link
Collaborator

po5 commented Mar 25, 2025

The post listing change leads to cache collisions, I submitted a PR with a fix explaining the issue. Hunternif#2

@Hunternif
Merge pull request #2 from po5/priv-view-unsafe-posts
33a3807 
server: prevent cache key collision
@po5
Copy link
Collaborator

po5 commented Mar 27, 2025

Closes #430.

@po5 po5 mentioned this pull request Mar 27, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hunternif @hujle @po5
Morty Proxy This is a proxified and sanitized view of the page, visit original site.