Add user reports

app/controllers/reports_controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class ReportsController < ApplicationController
+  def create
+    retro_meet_client.reports.create(target_profile_id: params[:target_profile_id],
+                                     type: params[:type],
+                                     comment: params[:comment],
+                                     message_ids: params[:messages])
+  end
+
+  def wizard_step1
+    conversation = retro_meet_client.other_profile(other_profile_id: params[:target_profile_id])
+                                    .conversation
+    if conversation
+      @messages = retro_meet_client.conversation(conversation_id: conversation.id)
+                                   .messages
+                                   .value
+                                   .select { |v| v.sender == params[:target_profile_id] }
+    end
+
+    if @messages.present?
+      render "wizard_step1"
+    else
+      render "wizard_step2"
+    end
+  end
+end

app/javascript/application.js

@@ -1,4 +1,5 @@
 // Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails
 import "@hotwired/turbo-rails"
+import "stimulus-use"
 import "controllers"
 import "bulma"

app/javascript/controllers/bulma_modal_controller.js

@@ -0,0 +1,35 @@
+import { Controller } from "@hotwired/stimulus"
+import { useClickOutside } from 'stimulus-use'
+
+// Connects to data-controller="bulma-modal"
+export default class extends Controller {
+  static targets = ["root", "content"]
+  static outlets = ["bulma-modal"]
+  connect() {
+    if (this.hasBulmaModalOutlet) {
+      for (const bulmaModal of this.bulmaModalOutlets) {
+        if (bulmaModal == this) {
+          continue
+        }
+        bulmaModal.close()
+      }
+    }
+    useClickOutside(this, { element: this.contentTarget })
+  }
+  modalClose() {
+    this.rootTarget.classList.remove("is-active")
+  }
+  close() {
+    if (this.rootTarget.classList.contains("removable")) {
+      this.remove();
+    } else {
+      this.modalClose();
+    }
+  }
+  clickOutside(event) {
+    this.close()
+  }
+  remove() {
+    this.rootTarget.remove()
+  }
+}

app/javascript/controllers/bulma_modal_opener_controller.js

@@ -0,0 +1,9 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="bulma-modal-opener"
+export default class extends Controller {
+  static outlets = [ "bulma-modal" ]
+  open() {
+    this.bulmaModalOutletElement.classList.add("is-active")
+  }
+}

app/models/conversation.rb

@@ -5,8 +5,8 @@
                            :created_at,
                            :last_seen_at,
                            :new_messages_preview) do
-  def initialize(id:, other_profile:, created_at:, last_seen_at:, new_messages_preview: nil)
-    other_profile = OtherProfileInfo.new(**other_profile.slice(*OtherProfileInfo.members))
+  def initialize(id:, created_at:, last_seen_at: nil, other_profile: nil, new_messages_preview: nil)
+    other_profile = OtherProfileInfo.new(**other_profile.slice(*OtherProfileInfo.members)) if other_profile
     super
   end
 end

app/objects/retromeet/core/client.rb

@@ -34,8 +34,8 @@ def other_profile(other_profile_id:)
       end
 
       # @return [RetroMeet::Client::Listing]
-      def listing
-        Listing.new(with(path: "/api/listing"))
+      def listing(max_distance: Listing::DEFAULT_MAX_DISTANCE_IN_KM)
+        Listing.new(with(path: "/api/listing", parameters: { max_distance: }))
       end
 
       # @return [RetroMeet::Client::Conversation]
@@ -81,6 +81,11 @@ def address_search(query:)
       def profile_picture
         ProfilePicture.new(with(path: "/api/profile/picture"))
       end
+
+      # @return [Reports]
+      def reports
+        Reports.new(with(path: "/api/reports"))
+      end
     end
   end
 end

app/objects/retromeet/core/conversation.rb

@@ -4,7 +4,7 @@ module RetroMeet
   module Core
     # Sub-class for a single Conversation
     class Conversation < Representation
-      # @return [Array<::Conversation>] A list of conversations
+      # @return [::Conversation] A single conversation
       def value
         ::Conversation.new(**super.slice(*::Conversation.members))
       end

app/objects/retromeet/core/listing.rb

@@ -4,6 +4,9 @@ module RetroMeet
   module Core
     # Sub-class for the BasicProfileInfo
     class Listing < Representation
+      # This is the distance that nearby shows by default, the value should be in sync with retromeet-core
+      DEFAULT_MAX_DISTANCE_IN_KM = 5
+
       # @return [Array<OtherProfileInfo>]
       def nearby
         value[:profiles].map! do |result|

app/objects/retromeet/core/other_profile.rb

@@ -9,6 +9,15 @@ def profile_info
         OtherProfileInfo.new(@resource.with(path: "#{resource.path}/complete"))
       end
 
+      # @return (see Conversation#value)
+      def conversation
+        Conversation.new(@resource.with(path: "#{resource.path}/conversation")).value
+      rescue RetroMeet::Core::JsonResponseError => e
+        return nil if e.response.status == 404
+
+        raise
+      end
+
       # @return [Boolean]
       def block!
         OtherProfile.post(@resource.with(path: "#{resource.path}/block"))

app/objects/retromeet/core/reports.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module RetroMeet
+  module Core
+    # Reports representation
+    class Reports < Representation
+      # @param target_profile_id [String] a uuid of the profile to be reported
+      # @param type [String] one of the accepted report types.
+      #   Refer to retromeet-core documentation for a up-to-date list, or to the +reports.types+ keys in the I18n file
+      # @param comment [String,nil] Any comments the reporter has about this report. Can be empty
+      # @param message_ids [Array<Integer>,nil] An array of message_ids or nil if no message ids are included in the report
+      # @return [void]
+      def create(target_profile_id:, type:, comment: nil, message_ids: nil)
+        body = {
+          target_profile_id:,
+          type:,
+          comment:,
+          message_ids:
+        }
+        Reports.post(@resource, body)
+      end
+    end
+  end
+end

app/views/conversations/_list_show.html.haml

@@ -6,7 +6,7 @@
           .media-left
             %figure.image.is-48x48.is-32x32-mobile
               %img.is-rounded{:alt => "Image", src: conversation.other_profile.picture}/
-          .media-content.is-hidden-mobile
+          .media-content
             .content
               %p
                 %strong= conversation.other_profile.display_name

app/views/home/privacy.html.haml

@@ -1,71 +1,72 @@
-.container
-  %h1.title.has-text-centered Our privacy policy
-  .content
-    %p
-      %strong> Last updated
-      \: November 12, 2024
-    %p
-      This privacy policy describes how [SITE ADDRESS HERE!] ("[SITE ADDRESS HERE!]", "we", "us") collects, protects and uses the personally identifiable information you may provide through the [SITE ADDRESS HERE!] website or its API. The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that [SITE ADDRESS HERE!] does not own or control, or to individuals that [SITE ADDRESS HERE!] does not employ or manage.
+.section
+  .container
+    %h1.title.has-text-centered Our privacy policy
+    .content
+      %p
+        %strong> Last updated
+        \: January 31, 2025
+      %p
+        This privacy policy describes how #{Rails.configuration.x.retromeet_core_host} ("#{Rails.configuration.x.retromeet_core_host}", "we", "us") collects, protects and uses the personally identifiable information you may provide through the #{Rails.configuration.x.retromeet_core_host} website or its API. The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that #{Rails.configuration.x.retromeet_core_host} does not own or control, or to individuals that #{Rails.configuration.x.retromeet_core_host} does not employ or manage.
 
-    %h2 What information do we collect?
-    %p
-      %ul
-        %li
-          %strong> Basic account information
-          \: If you register on this server, you may be asked to enter your birth date, an e-mail address and a password. You may also enter additional profile information such as a display name and about you information, and upload a profile picture and other information about yourself. Any additional profile information may be made public depending on your settings.
-        %li
-          %strong> IPs and other metadata
-          \: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server.
-    %h2 What do we use your information for?
-    %p
-      Any of the information we collect from you may be used in the following ways:
+      %h2 What information do we collect?
+      %p
+        %ul
+          %li
+            %strong> Basic account information
+            \: If you register on this server, you may be asked to enter your birth date, an e-mail address and a password. You may also enter additional profile information such as a display name and about you information, and upload a profile picture and other information about yourself. Any additional profile information may be made public depending on your settings.
+          %li
+            %strong> IPs and other metadata
+            \: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server.
+      %h2 What do we use your information for?
+      %p
+        Any of the information we collect from you may be used in the following ways:
 
-      %ul
-        %li
-          Your birth date is used to check if you are old enough to use our services. It will not be displayed to other users, but you might make your age available if you wish.
-        %li
-          To provide the core functionality of RetroMeet. You can only interact with other people's content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
-        %li
-          To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
-        %li
-          The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
+        %ul
+          %li
+            Your birth date is used to check if you are old enough to use our services. It will not be displayed to other users, but you might make your age available if you wish.
+          %li
+            To provide the core functionality of RetroMeet. You can only interact with other people's content and post your own content when you are logged in. For example, you may message other people or view their profiles.
+          %li
+            To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
+          %li
+            The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
 
-    %h2 How do we protect your information?
-    %p
-      We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account.
+      %h2 How do we protect your information?
+      %p
+        We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account.
 
-    %h2 What is our data retention policy?
-    %p
-      We will make a good faith effort to:
+      %h2 What is our data retention policy?
+      %p
+        We will make a good faith effort to:
 
-    %ul
-      %li
-        Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days.
-      %li
-        Retain the IP addresses associated with registered users no more than 12 months.
+      %ul
+        %li
+          Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days.
+        %li
+          Retain the IP addresses associated with registered users no more than 12 months.
 
-    %p
-      You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image.
+      %p
+        You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image.
 
-    %p
-      You may irreversibly delete your account at any time.
+      %p
+        You may irreversibly delete your account at any time.
 
-    %h2 Do we use cookies?
-    %p
-      Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
-    %p
-      We use cookies to understand and save your preferences for future visits.
+      %h2 Do we use cookies?
+      %p
+        Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
+      %p
+        We use cookies to understand and save your preferences for future visits.
 
-    %h2 Do we disclose any information to outside parties?
-    %p
-      We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
-    %p
-      When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information. Applications can never access your e-mail address or password.
+      %h2 Do we disclose any information to outside parties?
+      %p
+        We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
+      %p
+        When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information. Applications can never access your e-mail address or password.
 
-    %h2 Site usage by children
-    %p
-      Our service is restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform. If you suspect that a memeber is under the age of 18, please use the reporting mechanism available on the service.
+      %h2 Site usage by children
+      %p
+        Our service is restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform. If you suspect that a memeber is under the age of 18, please use the reporting mechanism available on the service.
 
-    %hr
-    %p
-      This document is CC-BY-SA. Originally adapted from the <a href="https://github.com/mastodon/mastodon" target="_blank">Mastodon privacy policy</a>.
+      %hr
+      %p
+        This document is CC-BY-SA. Originally adapted from the <a href="https://github.com/mastodon/mastodon" target="_blank">Mastodon privacy policy</a>.