Skip to content

Spam: deny dashboard on spammy projects #8792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 5, 2022
Merged

Spam: deny dashboard on spammy projects #8792

merged 1 commit into from
Jan 5, 2022

Conversation

humitos
Copy link
Member

@humitos humitos commented Jan 4, 2022
edited
Loading

Quick/Initial implementation to deny showing a project's dashboard if spam score
is above the threshold.

  • the old and non-used ProjectSpamError that checked for an invalid
    description was removed together with all its logic
  • the mixin ProjectSpamMixin was re-purposed to check the spam score and deny
    serving the dashboard
  • move "disable banned user to import projects" inside the ImportWizardView

Note that currently we are only denying the dashboard for the project's
detail ("Overview" in our UI) view. If we want to deny other pages like
"Downloads", "Search", "Builds", "Versions" and "Admin" we need to adapt other
views as well (e.g. migrate them from function-based view to class-based view to
be able to re-use the mixin). This can be implemented in a future version.
Together with this, we could only deny the dashboard to non-maintainers of the
project itself, allowing them to make some changes in case of a mistake.

@humitos humitos requested a review from a team January 4, 2022 12:53
@humitos humitos force-pushed the humitos/spam-deny-dashboard branch 3 times, most recently from ac14ca6 to aff3673 Compare January 4, 2022 13:07
@humitos
Spam: deny dashboard on spammy projects
730b0fd 
Quick/Initial implementation to deny showing a project's dashboard if spam score
is above the threshold.

- the old and non-used `ProjectSpamError` that checked for an invalid
  description was removed together with all its logic
- the mixin `ProjectSpamMixin` was re-purposed to check the spam score and deny
  serving the dashboard
- move "disable banned user to import projects" inside the `ImportWizardView`

Note that currently we are only denying the dashboard for the project's
detail ("Overview" in our UI) view. If we want to deny other pages like
"Downloads", "Search", "Builds", "Versions" and "Admin" we need to adapt other
views as well (e.g. migrate them from function-based view to class-based view to
be able to re-use the mixin). This can be implemented in a future version.
Together with this, we could only deny the dashboard to non-maintainers of the
project itself, allowing them to make some changes in case of a mistake.
@humitos humitos force-pushed the humitos/spam-deny-dashboard branch from aff3673 to 730b0fd Compare January 4, 2022 13:50
ericholscher
ericholscher approved these changes Jan 4, 2022
View reviewed changes
requirements/pip.txt
# django-textclassifier doesn't have pinned versions
# if there is an update they could break our code
nltk==3.6.6
textblob==0.17.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are big dependencies, so 👍 on getting rid of them if we aren't using them.

readthedocs/projects/views/base.py
days=settings.USER_MATURITY_DAYS
)
if request.user.date_joined > date_maturity:
request.user.profile.banned = True
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we will only have banned users manually now, correct? That seems fine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I didn't know about this code and I was surprised when I saw it yesterday. I think it wasn't working, tho. We can get back to "auto ban" in the future if we find a reliable way of doing it.

@ericholscher
Copy link
Member

I would like to see us remove all the dashboard views, but the detail is definitely the big one for now. Let's see how this effects things.

@humitos humitos merged commit f8e325d into master Jan 5, 2022
@humitos humitos deleted the humitos/spam-deny-dashboard branch January 5, 2022 07:00
@humitos humitos mentioned this pull request Jan 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericholscher ericholscher ericholscher approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@humitos @ericholscher