AO3-6503 Allow superadmins to disable guest comments across the site

app/controllers/comments_controller.rb

@@ -18,6 +18,7 @@ class CommentsController < ApplicationController
   before_action :check_ownership, only: [:edit, :update, :cancel_comment_edit]
   before_action :check_permission_to_edit, only: [:edit, :update ]
   before_action :check_permission_to_delete, only: [:delete_comment, :destroy]
+  before_action :check_guest_comment_admin_setting, only: [:new, :create, :add_comment_reply]
   before_action :check_parent_comment_permissions, only: [:new, :create, :add_comment_reply]
   before_action :check_unreviewed, only: [:add_comment_reply]
   before_action :check_frozen, only: [:new, :create, :add_comment_reply]
@@ -130,6 +131,15 @@ def check_parent_comment_permissions
     end
   end
 
+  def check_guest_comment_admin_setting
+    admin_settings = AdminSetting.current
+
+    return unless admin_settings.guest_comments_off? && !logged_in? && !logged_in_as_admin?
+
+    flash[:error] = t("comments.commentable.guest_comments_disabled")
+    redirect_back(fallback_location: root_path)
+  end
+
   def check_unreviewed
     return unless @commentable.respond_to?(:unreviewed?) && @commentable.unreviewed?
 

app/helpers/comments_helper.rb

@@ -99,13 +99,16 @@ def show_hide_comments_link(commentable, options={})
   #### HELPERS FOR CHECKING WHICH BUTTONS/FORMS TO DISPLAY #####
 
   def can_reply_to_comment?(comment)
+    admin_settings = AdminSetting.current
+
     !(comment.unreviewed? ||
       comment.iced? ||
       comment.hidden_by_admin? ||
       parent_disallows_comments?(comment) ||
       comment_parent_hidden?(comment) ||
       blocked_by_comment?(comment) ||
-      blocked_by?(comment.ultimate_parent))
+      blocked_by?(comment.ultimate_parent) ||
+      !logged_in? && !logged_in_as_admin? && admin_settings.guest_comments_off?)
   end
 
   def can_edit_comment?(comment)

app/models/admin_setting.rb

@@ -45,7 +45,7 @@ def self.default
   end
 
   def self.current
-    Rails.cache.fetch("admin_settings", race_condition_ttl: 10.seconds) { AdminSetting.first } || OpenStruct.new(DEFAULT_SETTINGS)
+    Rails.cache.fetch("admin_settings_1", race_condition_ttl: 10.seconds) { AdminSetting.first } || OpenStruct.new(DEFAULT_SETTINGS)
   end
 
   class << self
@@ -79,7 +79,7 @@ def recache_settings
     self.reload
 
     # However, we only cache it if the transaction is successful.
-    after_commit { Rails.cache.write("admin_settings", self) }
+    after_commit { Rails.cache.write("admin_settings_1", self) }
   end
 
   private

app/policies/admin_setting_policy.rb

@@ -19,6 +19,7 @@ class AdminSettingPolicy < ApplicationPolicy
       downloads_enabled
       enable_test_caching
       hide_spam
+      guest_comments_off
       invite_from_queue_enabled
       invite_from_queue_frequency
       invite_from_queue_number

app/views/admin/settings/index.html.erb

@@ -67,6 +67,9 @@
 
       <dt><%= admin_setting_checkbox(f, :hide_spam) %></dt>
       <dd><%= f.label :hide_spam, t(".fields.hide_spam") %></dd>
+
+      <dt><%= admin_setting_checkbox(f, :guest_comments_off) %></dt>
+      <dd><%= f.label :guest_comments_off, t(".fields.guest_comments_off") %></dd>
     </dl>
   </fieldset>
 

app/views/comments/_commentable.html.erb

@@ -75,7 +75,11 @@
   <%= flash_div :comment_error, :comment_notice %>
 
   <% commentable_parent = find_parent(commentable) %>
-  <% if commentable_parent.is_a?(AdminPost) && commentable_parent.disable_all_comments? %>
+  <% if @admin_settings.guest_comments_off? && !logged_in? && !logged_in_as_admin? %>
+    <p class="notice">
+      <%= t(".guest_comments_disabled") %>
+    </p>
+  <% elsif commentable_parent.is_a?(AdminPost) && commentable_parent.disable_all_comments? %>
     <p class="notice">
       <%= t(".permissions.admin_post.disable_all") %>
     </p>

config/locales/views/en.yml

@@ -148,6 +148,7 @@ en:
           disabled_support_form_text: Disabled support form text
           downloads_enabled: Allow downloads
           enable_test_caching: Turn on caching (currently experimental)
+          guest_comments_off: Turn off guest comments across the site
           hide_spam: Automatically hide spam works
           invite_from_queue_enabled: Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)
           invite_from_queue_frequency: How often (in days) should we invite people from the queue
@@ -277,6 +278,7 @@ en:
       actions:
         comment: Comment
       blocked: Sorry, you have been blocked by one or more of this work's creators.
+      guest_comments_disabled: Sorry, the Archive doesn't allow guests to comment right now.
       invite_to_collections_link: Invite To Collections
       permissions:
         admin_post:

db/migrate/20230408145819_add_guest_comment_off_to_admin_settings.rb

@@ -0,0 +1,5 @@
+class AddGuestCommentOffToAdminSettings < ActiveRecord::Migration[6.1]
+  def change
+    add_column :admin_settings, :guest_comments_off, :boolean, default: false, null: false
+  end
+end

features/admins/admin_settings.feature

@@ -36,3 +36,117 @@ Feature: Admin Settings Page
     When I am logged in as a random user
       And I go to the support page
     Then I should see "We can answer Support inquiries in"
+
+  Scenario: Turn on guest comments (on works)
+    Given guest comments are on
+      And I am logged out
+      And the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+      And I view the work "Generic Work" with comments
+    When I fill in "Comment" with "Guest comment"
+      And I post a guest comment
+    Then I should see "Comment created!"
+      And I should see "Reply"
+
+  Scenario: Turn on guest comments (on admin posts)
+    Given guest comments are on
+      And I am logged out
+      And the admin post "Generic Post"
+      And a guest comment on the admin post "Generic Post"
+      And I view the admin post "Generic Post" with comments
+    When I fill in "Comment" with "Guest comment"
+      And I post a guest comment
+    Then I should see "Comment created!"
+      And I should see "Reply"
+
+  Scenario: Turn off guest comments (when the work itself allows guest comments)
+    Given guest comments are off
+      And I am logged out
+      And the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+    When I view the work "Generic Work" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Turn off guest comments (when the admin post itself allows guest comments)
+    Given guest comments are off
+      And I am logged out
+      And the admin post "Generic Post"
+      And a guest comment on the admin post "Generic Post"
+    When I view the admin post "Generic Post" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Turn off guest comments (when the work itself does not allow guest comments)
+    Given guest comments are off
+      And I am logged in as "author"
+      And I post the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+      And I edit the work "Generic Work"
+      And I choose "Only registered users can comment"
+      And I press "Post"
+    When I am logged out
+      And I view the work "Generic Work" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Turn off guest comments (when the admin post itself does not allow guest comments)
+    Given guest comments are off
+      And I have posted an admin post
+      And a guest comment on the admin post "Default Admin Post"
+      And I am logged in as a super admin
+      And I go to the admin-posts page
+      And I follow "Default Admin Post"
+      And I follow "Edit Post"
+      And I choose "Only registered users can comment"
+      And I press "Post"
+    When I am logged out
+      And I view the admin post "Default Admin Post" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Turn off guest comments (when work itself does not allow any comments)
+    Given guest comments are off
+      And I am logged in as "author"
+      And I post the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+      And I edit the work "Generic Work"
+      And I choose "No one can comment"
+      And I press "Post"
+    When I am logged out
+      And I view the work "Generic Work" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Turn off guest comments (when the admin post itself does not allow any comments)
+    Given guest comments are off
+      And I have posted an admin post
+      And a guest comment on the admin post "Default Admin Post"
+      And I am logged in as a super admin
+      And I go to the admin-posts page
+      And I follow "Default Admin Post"
+      And I follow "Edit Post"
+      And I choose "No one can comment"
+      And I press "Post"
+    When I am logged out
+      And I view the admin post "Default Admin Post" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+
+  Scenario: Logged in users should not be affected when guest comments are turned off
+    Given guest comments are off
+      And I am logged out
+      And the work "Generic Work"
+      And I am logged in
+      And a guest comment on the work "Generic Work"
+    When I view the work "Generic Work" with comments
+    Then I should see "Reply"
+      And I should not see "Sorry, the Archive doesn't allow guests to comment right now."
+
+  Scenario: Admins should not be affected when guest comments are turned off
+    Given guest comments are off
+      And I am logged in as a super admin
+      And a fandom exists with name: "Stargate SG-1", canonical: true
+    When I post the comment "Important policy decision" on the tag "Stargate SG-1" via web
+      And I view the tag "Stargate SG-1"
+    Then I should see "1 comment"

features/step_definitions/admin_steps.rb

@@ -88,6 +88,20 @@
   click_button("Update")
 end
 
+Given "guest comments are on" do
+  step("I am logged in as a super admin")
+  visit(admin_settings_path)
+  uncheck("Turn off guest comments across the site")
+  click_button("Update")
+end
+
+Given "guest comments are off" do
+  step("I am logged in as a super admin")
+  visit(admin_settings_path)
+  check("Turn off guest comments across the site")
+  click_button("Update")
+end
+
 Given /^I have posted known issues$/ do
   step %{I am logged in as an admin}
   step %{I follow "Admin Posts"}

features/step_definitions/comment_steps.rb

@@ -14,11 +14,6 @@
   user.preference.save
 end
 
-Given "a guest comment on the work {string}" do |title|
-  work = Work.find_by(title: title)
-  FactoryBot.create(:comment, :by_guest, commentable: work.first_chapter)
-end
-
 ParameterType(
   name: "commentable",
   regexp: /the (work|admin post|tag) "([^"]*)"/,
@@ -35,6 +30,11 @@
   }
 )
 
+Given "a guest comment on {commentable}" do |commentable|
+  commentable = Comment.commentable_object(commentable)
+  FactoryBot.create(:comment, :by_guest, commentable: commentable)
+end
+
 Given "a comment {string} by {string} on {commentable}" do |text, user, commentable|
   user = ensure_user(user)
   commentable = Comment.commentable_object(commentable)

spec/controllers/admin/settings_controller_spec.rb

@@ -64,7 +64,8 @@
               downloads_enabled: "1",
               enable_test_caching: "0",
               cache_expiration: "10",
-              hide_spam: "1"
+              hide_spam: "1",
+              guest_comments_off: "1"
             }
           }
 
@@ -107,6 +108,7 @@
         {
           downloads_enabled: false,
           hide_spam: true,
+          guest_comments_off: true,
           tag_wrangling_off: true
         }.each_pair do |field, value|
           it "prevents admins with support role from updating #{field}" do
@@ -137,7 +139,8 @@
         {
           disable_support_form: true,
           downloads_enabled: false,
-          hide_spam: true
+          hide_spam: true,
+          guest_comments_off: true
         }.each_pair do |field, value|
           it "prevents admins with tag_wrangling role from updating #{field}" do
             expect do

spec/controllers/comments_controller_spec.rb

@@ -446,6 +446,88 @@
         end
       end
     end
+
+    context "guest comments are turned on in admin settings" do
+      let(:work) { create(:work) }
+      let(:work_with_guest_comment_off) { create(:work, comment_permissions: :disable_anon) }
+      let(:comment) { create(:comment) }
+      let(:admin_setting) { AdminSetting.first || AdminSetting.create }
+
+      before do
+        admin_setting.update_attribute(:guest_comments_off, false)
+      end
+
+      it "allows guest comments for new" do
+        post :new, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        expect(flash[:error]).to be_nil
+      end
+
+      it "allows guest comments for create" do
+        post :create, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        expect(flash[:error]).to be_nil
+      end
+
+      it "allows guests to reply to comments" do
+        post :add_comment_reply, params: { comment_id: comment.id, comment: anon_comment_attributes }
+
+        expect(flash[:error]).to be_nil
+      end
+
+      it "does not allow guest comments when work has guest comments disabled" do
+        post :new, params: { work_id: work_with_guest_comment_off.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error(work_path(work_with_guest_comment_off), 
+                                   "Sorry, this work doesn't allow non-Archive users to comment.")
+      end
+    end
+
+    context "guest comments are turned off in admin settings" do
+      let(:work) { create(:work) }
+      let(:work_with_guest_comment_off) { create(:work, comment_permissions: :disable_anon) }
+      let(:comment) { create(:comment) }
+      let(:admin_setting) { AdminSetting.first || AdminSetting.create }
+
+      before do
+        admin_setting.update_attribute(:guest_comments_off, true)
+      end
+
+      it "does not allow guest comments for new" do
+        post :new, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error("/where_i_came_from", 
+                                   "Sorry, the Archive doesn't allow guests to comment right now.")
+      end
+
+      it "does not allow guest comments for create" do
+        post :create, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error("/where_i_came_from", 
+                                   "Sorry, the Archive doesn't allow guests to comment right now.")
+      end
+
+      it "does not allow guests to reply to comments" do
+        post :add_comment_reply, params: { comment_id: comment.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error("/where_i_came_from", 
+                                   "Sorry, the Archive doesn't allow guests to comment right now.")
+      end
+
+      it "does not allow guest comments when work has guest comments disabled" do
+        post :new, params: { work_id: work_with_guest_comment_off.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error("/where_i_came_from", 
+                                   "Sorry, the Archive doesn't allow guests to comment right now.")
+      end
+
+      it "allows logged in users to comment" do
+        fake_login
+        post :new, params: { work_id: work.id }
+
+        expect(flash[:error]).to be_nil
+      end
+    end
   end
 
   describe "PUT #review_all" do

test/fixtures/admin_settings.yml

@@ -19,3 +19,4 @@ admin_setting_3:
   creation_requires_invite: false
   downloads_enabled: true
   hide_spam: false
+  guest_comments_off: false