discourse/lib/post_creator.rb

# Responsible for creating posts and topics
#
require_dependency 'rate_limiter'

class PostCreator

  attr_reader :errors, :opts

  # Acceptable options:
  #
  #   raw                     - raw text of post
  #   image_sizes             - We can pass a list of the sizes of images in the post as a shortcut.
  #   invalidate_oneboxes     - Whether to force invalidation of oneboxes in this post
  #   acting_user             - The user performing the action might be different than the user
  #                             who is the post "author." For example when copying posts to a new
  #                             topic.
  #
  #   When replying to a topic:
  #     topic_id              - topic we're replying to
  #     reply_to_post_number  - post number we're replying to
  #
  #   When creating a topic:
  #     title                 - New topic title
  #     archetype             - Topic archetype
  #     category              - Category to assign to topic
  #     target_usernames      - comma delimited list of usernames for membership (private message)
  #     target_group_names    - comma delimited list of groups for membership (private message)
  #     meta_data             - Topic meta data hash
  def initialize(user, opts)
    # TODO: we should reload user in case it is tainted, should take in a user_id as opposed to user
    # If we don't do this we introduce a rather risky dependency
    @user = user
    @opts = opts
    @spam = false

    raise Discourse::InvalidParameters.new(:raw) if @opts[:raw].blank?
  end

  # True if the post was considered spam
  def spam?
    @spam
  end

  def guardian
    @guardian ||= Guardian.new(@user)
  end

  def create
    topic = nil
    post = nil
    new_topic = false

    Post.transaction do
      if @opts[:topic_id].blank?
        topic = create_topic
        new_topic = true
      else
        topic = Topic.where(id: @opts[:topic_id]).first
        guardian.ensure_can_create!(Post, topic)
      end

      post = topic.posts.new(raw: @opts[:raw],
                             user: @user,
                             reply_to_post_number: @opts[:reply_to_post_number])

      post.post_type = @opts[:post_type] if @opts[:post_type].present?
      post.no_bump = @opts[:no_bump] if @opts[:no_bump].present?
      post.extract_quoted_post_numbers
      post.acting_user = @opts[:acting_user] if @opts[:acting_user].present?
      post.created_at = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?

      post.image_sizes = @opts[:image_sizes] if @opts[:image_sizes].present?
      post.invalidate_oneboxes = @opts[:invalidate_oneboxes] if @opts[:invalidate_oneboxes].present?


      # If the post has host spam, roll it back.
      if post.has_host_spam?
        post.errors.add(:base, I18n.t(:spamming_host))
        @errors = post.errors
        @spam = true
        raise ActiveRecord::Rollback.new
      end

      unless post.save
        @errors = post.errors
        raise ActiveRecord::Rollback.new
      end

      # Extract links
      TopicLink.extract_from(post)

      # Store unique post key
      if SiteSetting.unique_posts_mins > 0
        $redis.setex(post.unique_post_key, SiteSetting.unique_posts_mins.minutes.to_i, "1")
      end

      # send a mail to notify users in case of a private message
      if topic.private_message?
        topic.allowed_users.where(["users.email_private_messages = true and users.id != ?", @user.id]).each do |u|
          Jobs.enqueue_in(SiteSetting.email_time_window_mins.minutes,
                            :user_email,
                            type: :private_message,
                            user_id: u.id,
                            post_id: post.id
                         )
        end

        clear_possible_flags(topic) if post.post_number > 1 && topic.user_id != post.user_id
      end

      # Track the topic
      TopicUser.auto_track(@user.id, topic.id, TopicUser.notification_reasons[:created_post])

      # We don't count replies to your own topics
      if @user.id != topic.user_id
        @user.update_topic_reply_count
      end

      @user.last_posted_at = post.created_at
      @user.save!

      if post.post_number > 1
        MessageBus.publish("/topic/#{post.topic_id}",{
                        id: post.id,
                        created_at: post.created_at,
                        user: BasicUserSerializer.new(post.user).as_json(root: false),
                        post_number: post.post_number
                      },
                      group_ids: secure_group_ids(topic)
        )
      end

      # Advance the draft sequence
      post.advance_draft_sequence

      # Save the quote relationships
      post.save_reply_relationships
    end

    # We need to enqueue jobs after the transaction. Otherwise they might begin before the data has
    # been comitted.
    topic_id = @opts[:topic_id] || topic.try(:id)
    Jobs.enqueue(:feature_topic_users, topic_id: topic.id) if topic_id.present?
    if post
      post.trigger_post_process
      after_topic_create(topic) if new_topic
    end

    post
  end


  # Shortcut
  def self.create(user, opts)
    PostCreator.new(user, opts).create
  end

  protected

  def secure_group_ids(topic)
    @secure_group_ids ||= if topic.category && topic.category.secure?
      topic.category.groups.select("groups.id").map{|g| g.id}
    end
  end

  def after_topic_create(topic)

    # Don't publish invisible topics
    return unless topic.visible?

    return if topic.private_message?

    topic.posters = topic.posters_summary
    topic.posts_count = 1
    topic_json = TopicListItemSerializer.new(topic).as_json

    group_ids = secure_group_ids(topic)

    MessageBus.publish("/latest", topic_json, group_ids: group_ids)

    # If it has a category, add it to the category views too
    if topic.category
      MessageBus.publish("/category/#{topic.category.slug}", topic_json, group_ids: group_ids)
    end
  end

  def create_topic
    topic_params = {title: @opts[:title], user_id: @user.id, last_post_user_id: @user.id}
    topic_params[:archetype] = @opts[:archetype] if @opts[:archetype].present?
    topic_params[:subtype] = @opts[:subtype] if @opts[:subtype].present?

    guardian.ensure_can_create!(Topic)

    category = Category.where(name: @opts[:category]).first
    topic_params[:category_id] = category.id if category.present?
    topic_params[:meta_data] = @opts[:meta_data] if @opts[:meta_data].present?
    topic_params[:created_at] = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?

    topic = Topic.new(topic_params)

    if @opts[:auto_close_days]
      guardian.ensure_can_moderate!(topic)
      topic.auto_close_days = @opts[:auto_close_days]
    end

    if @opts[:archetype] == Archetype.private_message

      topic.subtype = TopicSubtype.user_to_user unless topic.subtype

      unless @opts[:target_usernames].present? || @opts[:target_group_names].present?
        topic.errors.add(:archetype, :cant_send_pm)
        @errors = topic.errors
        raise ActiveRecord::Rollback.new
      end

      add_users(topic,@opts[:target_usernames])
      add_groups(topic,@opts[:target_group_names])
      topic.topic_allowed_users.build(user_id: @user.id)
    end

    unless topic.save
      @errors = topic.errors
      raise ActiveRecord::Rollback.new
    end

    topic
  end

  def clear_possible_flags(topic)
    # at this point we know the topic is a PM and has been replied to ... check if we need to clear any flags
    #
    first_post = Post.select(:id).where(topic_id: topic.id).where('post_number = 1').first
    post_action = nil

    if first_post
      post_action = PostAction.where(
        related_post_id: first_post.id,
        deleted_at: nil,
        post_action_type_id: PostActionType.types[:notify_moderators]
      ).first
    end

    if post_action
      post_action.remove_act!(@user)
    end
  end

  def add_users(topic, usernames)
    return unless usernames
    usernames = usernames.split(',')
    User.where(username: usernames).each do |u|

      unless guardian.can_send_private_message?(u)
        topic.errors.add(:archetype, :cant_send_pm)
        @errors = topic.errors
        raise ActiveRecord::Rollback.new
      end

      topic.topic_allowed_users.build(user_id: u.id)
    end
  end

  def add_groups(topic, groups)
    return unless groups
    groups = groups.split(',')
    Group.where(name: groups).each do |g|

      unless guardian.can_send_private_message?(g)
        topic.errors.add(:archetype, :cant_send_pm)
        @errors = topic.errors
        raise ActiveRecord::Rollback.new
      end

      topic.topic_allowed_groups.build(group_id: g.id)
    end
  end
end
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# Responsible for creating posts and topics`
			`#`
			`require_dependency 'rate_limiter'`

			`class PostCreator`

Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00			`attr_reader :errors, :opts`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`# Acceptable options:`
			`#`
			`# raw - raw text of post`
remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`# image_sizes - We can pass a list of the sizes of images in the post as a shortcut.`
Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00			`# invalidate_oneboxes - Whether to force invalidation of oneboxes in this post`
You can now 'move' the first post of a topic to another topic as a merge. In that case, the first post is cloned instead of being deleted from the original topic. 2013-05-13 14:06:16 -04:00			`# acting_user - The user performing the action might be different than the user`
			`# who is the post "author." For example when copying posts to a new`
			`# topic.`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`#`
			`# When replying to a topic:`
			`# topic_id - topic we're replying to`
			`# reply_to_post_number - post number we're replying to`
			`#`
			`# When creating a topic:`
			`# title - New topic title`
			`# archetype - Topic archetype`
			`# category - Category to assign to topic`
			`# target_usernames - comma delimited list of usernames for membership (private message)`
more group progress, UI getting there, controller mostly done changed it so notify moderators goes to the moderators group allow admins to grant self moderation and revoke self moderation 2013-05-09 17:37:34 +10:00			`# target_group_names - comma delimited list of groups for membership (private message)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# meta_data - Topic meta data hash`
			`def initialize(user, opts)`
get regular trust level going, self heal inconsistent topic timings 2013-04-05 15:29:46 +11:00			`# TODO: we should reload user in case it is tainted, should take in a user_id as opposed to user`
			`# If we don't do this we introduce a rather risky dependency`
remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`@user = user`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`@opts = opts`
Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link to the same host enough tiles, they will not be able to post the same link again. Additionally, the site will flag all their previous posts with links as spam and they will be instantly hidden via the auto hide workflow. 2013-05-10 16:58:23 -04:00			`@spam = false`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`raise Discourse::InvalidParameters.new(:raw) if @opts[:raw].blank?`
			`end`

Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link to the same host enough tiles, they will not be able to post the same link again. Additionally, the site will flag all their previous posts with links as spam and they will be instantly hidden via the auto hide workflow. 2013-05-10 16:58:23 -04:00			`# True if the post was considered spam`
			`def spam?`
			`@spam`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`def guardian`
			`@guardian \|\|= Guardian.new(@user)`
			`end`

			`def create`
			`topic = nil`
			`post = nil`
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`new_topic = false`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`Post.transaction do`
			`if @opts[:topic_id].blank?`
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`topic = create_topic`
			`new_topic = true`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`else`
			`topic = Topic.where(id: @opts[:topic_id]).first`
			`guardian.ensure_can_create!(Post, topic)`
			`end`

remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`post = topic.posts.new(raw: @opts[:raw],`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`user: @user,`
			`reply_to_post_number: @opts[:reply_to_post_number])`
BUGFIX: New status posts weren't using PostCreator 2013-03-28 16:40:54 -04:00
			`post.post_type = @opts[:post_type] if @opts[:post_type].present?`
			`post.no_bump = @opts[:no_bump] if @opts[:no_bump].present?`
Moved more `Post` callbacks into service classes 2013-03-18 15:54:08 -04:00			`post.extract_quoted_post_numbers`
You can now 'move' the first post of a topic to another topic as a merge. In that case, the first post is cloned instead of being deleted from the original topic. 2013-05-13 14:06:16 -04:00			`post.acting_user = @opts[:acting_user] if @opts[:acting_user].present?`
Set created_at manually through PostCreator 2013-05-18 21:24:29 +02:00			`post.created_at = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?`
Moved more `Post` callbacks into service classes 2013-03-18 15:54:08 -04:00
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`post.image_sizes = @opts[:image_sizes] if @opts[:image_sizes].present?`
Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00			`post.invalidate_oneboxes = @opts[:invalidate_oneboxes] if @opts[:invalidate_oneboxes].present?`
Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link to the same host enough tiles, they will not be able to post the same link again. Additionally, the site will flag all their previous posts with links as spam and they will be instantly hidden via the auto hide workflow. 2013-05-10 16:58:23 -04:00

			`# If the post has host spam, roll it back.`
			`if post.has_host_spam?`
			`post.errors.add(:base, I18n.t(:spamming_host))`
			`@errors = post.errors`
			`@spam = true`
			`raise ActiveRecord::Rollback.new`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`unless post.save`
			`@errors = post.errors`
remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`raise ActiveRecord::Rollback.new`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`# Extract links`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`TopicLink.extract_from(post)`
Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00
			`# Store unique post key`
			`if SiteSetting.unique_posts_mins > 0`
			`$redis.setex(post.unique_post_key, SiteSetting.unique_posts_mins.minutes.to_i, "1")`
			`end`

			`# send a mail to notify users in case of a private message`
			`if topic.private_message?`
			`topic.allowed_users.where(["users.email_private_messages = true and users.id != ?", @user.id]).each do \|u\|`
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`Jobs.enqueue_in(SiteSetting.email_time_window_mins.minutes,`
			`:user_email,`
			`type: :private_message,`
			`user_id: u.id,`
			`post_id: post.id`
			`)`
Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00			`end`
clear flags on reply to notify moderators 2013-05-13 11:48:01 +10:00
			`clear_possible_flags(topic) if post.post_number > 1 && topic.user_id != post.user_id`
Move a bunch of callbacks into PostCreator 2013-03-18 13:55:34 -04:00			`end`

			`# Track the topic`
			`TopicUser.auto_track(@user.id, topic.id, TopicUser.notification_reasons[:created_post])`

Don't show new user education when editing a reply. 2013-05-15 15:16:42 -04:00			`# We don't count replies to your own topics`
get regular trust level going, self heal inconsistent topic timings 2013-04-05 15:29:46 +11:00			`if @user.id != topic.user_id`
topic reply count resync for each new post 2013-04-05 16:48:38 +11:00			`@user.update_topic_reply_count`
get regular trust level going, self heal inconsistent topic timings 2013-04-05 15:29:46 +11:00			`end`

			`@user.last_posted_at = post.created_at`
			`@user.save!`
Move MessageBus observer into PostCreator 2013-03-18 14:45:05 -04:00
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`if post.post_number > 1`
			`MessageBus.publish("/topic/#{post.topic_id}",{`
			`id: post.id,`
			`created_at: post.created_at,`
			`user: BasicUserSerializer.new(post.user).as_json(root: false),`
			`post_number: post.post_number`
			`},`
			`group_ids: secure_group_ids(topic)`
			`)`
			`end`
Move draft sequence incrementing out of `after_save` 2013-03-18 15:12:31 -04:00
			`# Advance the draft sequence`
			`post.advance_draft_sequence`
Moved more `Post` callbacks into service classes 2013-03-18 15:54:08 -04:00
			`# Save the quote relationships`
			`post.save_reply_relationships`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Fixes issue with featuring topic users 2013-04-08 10:51:01 -04:00			`# We need to enqueue jobs after the transaction. Otherwise they might begin before the data has`
			`# been comitted.`
Okay, THIS time the specs should pass. Geez. 2013-04-08 11:23:03 -04:00			`topic_id = @opts[:topic_id] \|\| topic.try(:id)`
			`Jobs.enqueue(:feature_topic_users, topic_id: topic.id) if topic_id.present?`
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`if post`
			`post.trigger_post_process`
			`after_topic_create(topic) if new_topic`
			`end`
Fixes issue with featuring topic users 2013-04-08 10:51:01 -04:00
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`post`
			`end`

Fixes issue with featuring topic users 2013-04-08 10:51:01 -04:00
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# Shortcut`
			`def self.create(user, opts)`
remove trailing whitespaces :heart: 2013-02-25 19:42:20 +03:00			`PostCreator.new(user, opts).create`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5 allow pms to be targetted at groups 2013-05-02 15:15:17 +10:00			`protected`

Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00			`def secure_group_ids(topic)`
			`@secure_group_ids \|\|= if topic.category && topic.category.secure?`
			`topic.category.groups.select("groups.id").map{\|g\| g.id}`
			`end`
			`end`

			`def after_topic_create(topic)`

			`# Don't publish invisible topics`
			`return unless topic.visible?`

			`return if topic.private_message?`

			`topic.posters = topic.posters_summary`
			`topic.posts_count = 1`
			`topic_json = TopicListItemSerializer.new(topic).as_json`

			`group_ids = secure_group_ids(topic)`

			`MessageBus.publish("/latest", topic_json, group_ids: group_ids)`

			`# If it has a category, add it to the category views too`
			`if topic.category`
			`MessageBus.publish("/category/#{topic.category.slug}", topic_json, group_ids: group_ids)`
			`end`
			`end`

			`def create_topic`
			`topic_params = {title: @opts[:title], user_id: @user.id, last_post_user_id: @user.id}`
			`topic_params[:archetype] = @opts[:archetype] if @opts[:archetype].present?`
			`topic_params[:subtype] = @opts[:subtype] if @opts[:subtype].present?`

			`guardian.ensure_can_create!(Topic)`

			`category = Category.where(name: @opts[:category]).first`
			`topic_params[:category_id] = category.id if category.present?`
			`topic_params[:meta_data] = @opts[:meta_data] if @opts[:meta_data].present?`
Set created_at manually through PostCreator 2013-05-18 21:24:29 +02:00			`topic_params[:created_at] = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?`
Nuke message_bus_observer move to service class and classes Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them) 2013-05-16 15:03:03 +10:00
			`topic = Topic.new(topic_params)`

			`if @opts[:auto_close_days]`
			`guardian.ensure_can_moderate!(topic)`
			`topic.auto_close_days = @opts[:auto_close_days]`
			`end`

			`if @opts[:archetype] == Archetype.private_message`

			`topic.subtype = TopicSubtype.user_to_user unless topic.subtype`

			`unless @opts[:target_usernames].present? \|\| @opts[:target_group_names].present?`
			`topic.errors.add(:archetype, :cant_send_pm)`
			`@errors = topic.errors`
			`raise ActiveRecord::Rollback.new`
			`end`

			`add_users(topic,@opts[:target_usernames])`
			`add_groups(topic,@opts[:target_group_names])`
			`topic.topic_allowed_users.build(user_id: @user.id)`
			`end`

			`unless topic.save`
			`@errors = topic.errors`
			`raise ActiveRecord::Rollback.new`
			`end`

			`topic`
			`end`

clear flags on reply to notify moderators 2013-05-13 11:48:01 +10:00			`def clear_possible_flags(topic)`
			`# at this point we know the topic is a PM and has been replied to ... check if we need to clear any flags`
			`#`
			`first_post = Post.select(:id).where(topic_id: topic.id).where('post_number = 1').first`
			`post_action = nil`

			`if first_post`
			`post_action = PostAction.where(`
			`related_post_id: first_post.id,`
			`deleted_at: nil,`
			`post_action_type_id: PostActionType.types[:notify_moderators]`
			`).first`
			`end`

			`if post_action`
			`post_action.remove_act!(@user)`
			`end`
			`end`

moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5 allow pms to be targetted at groups 2013-05-02 15:15:17 +10:00			`def add_users(topic, usernames)`
			`return unless usernames`
			`usernames = usernames.split(',')`
			`User.where(username: usernames).each do \|u\|`

			`unless guardian.can_send_private_message?(u)`
			`topic.errors.add(:archetype, :cant_send_pm)`
			`@errors = topic.errors`
			`raise ActiveRecord::Rollback.new`
			`end`

			`topic.topic_allowed_users.build(user_id: u.id)`
			`end`
			`end`

			`def add_groups(topic, groups)`
			`return unless groups`
			`groups = groups.split(',')`
			`Group.where(name: groups).each do \|g\|`

			`unless guardian.can_send_private_message?(g)`
			`topic.errors.add(:archetype, :cant_send_pm)`
			`@errors = topic.errors`
			`raise ActiveRecord::Rollback.new`
			`end`

			`topic.topic_allowed_groups.build(group_id: g.id)`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
No results found.