Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Restrict public content #718

Closed
geromegrignon opened this issue Sep 1, 2021 · 2 comments
Closed

[Feature Request] Restrict public content #718

geromegrignon opened this issue Sep 1, 2021 · 2 comments

Comments

@geromegrignon
Copy link
Contributor

The temporarily deployed API already faced NFSW content two days ago.
The API already includes a cron running on Sundays to delete articles/tags content on Sundays to limit such content but we have to go further.

Here is a solution proposed a few years ago to avoid public NSFW content :

here is what I propose:

* For the demo, we add the ability to flag accounts as "demo" accounts. This is a simple boolean on the user model that defaults to `false`. For demo accounts, we set `demo: true`. For user accounts, we do nothing.

* Logged out users see only posts made by accounts with `demo: true`.

* Logged in users see posts made by accounts with `demo: true` and posts made by their own account.

Specifically, this means that users (both logged in and logged out) should not see posts made by other users.

By allowing logged in users to see their own posts, we solve the above problem of hiding posts making the demo useless.

By not allowing users to see posts by other users, we also solve the problem of surfacing only good content that accurately reflects the abilities of Conduit.

Another benefit is that this solves the pagination problem we ran into in the past, where we were showing 100+ pages of content.

Originally posted by @lolripgg in #77 (comment)

For frontend implementations, no change would be required :

  • if no user is logged on, only the demo articles will be retrieved
  • if a user is logged on, the API will use the jwt token to retrieve the user's articles too

For backend implementations, it won't be part of the specs as the point of such a limitation is for the public API.
@geromegrignon
Copy link
Contributor Author

Since my last reset yesterday, NSFW content has already been published.
The API won't be available for the next 5 hours.

I'll update the current API to deploy the previously listed changes.
It won't introduce breaking changes to frontend implementations using it as it'll return a filtered list of articles and tags.

This was referenced Sep 1, 2021
Open
Closed
@geromegrignon
Copy link
Contributor Author

The hosted API is back.
The Readme of the specs has been updated with new limitations.

@adamerose adamerose mentioned this issue Oct 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@geromegrignon