Feature/granular member privacy (#174)

* Some reasons this needs to exist for it to run on my machine? I don't think it would hurt to have it in other machines so * Add options to member model * Add Privacy to member embed * Added member privacy display list * Update database settings * apparetnly this is nolonger needed? * Fix sql call * Fix more sql errors * Added in settings control * Add all subject to system privacy * Basic API Privacy * Name privacy in logs * update todo * remove CheckReadMemberPermission * Added name privacy to log embed * update todo * Update todo * Update api to handle privacy * update todo * Update systemlist full to respect privacy (as well as system list) * include colour as option for member privacy subject * move todo file (why was it there?) * Update TODO.md * Update TODO.md * Update TODO.md * Deleted to create pr * Update command usage and add to the command tree * Make api respect created privacy * Add editing privacy through the api * Fix pronoun privacy field in api * Fix info leak of display name in api * deprecate privacy field in api * Deprecate privacy diffrently * Update API * Update documentation * Update documentation * Remove comment in yml * Update userguide * Update migration (fix typo in 5.sql too) * Sanatize names * some full stops * Fix after merge * update migration * update schema version * update edit command * update privacy filter * fix a dumb mistake * clarify on what name privacy does * make it easier on someone else * Update docs * Comment out unused code * Add aliases for `member privacy all public` and `member privacy all private`
2020-06-18 05:31:39 +10:00
parent 627f544ee8
commit 721a4502bb
19 changed files with 389 additions and 95 deletions
--- a/docs/4-api-documentation.md
+++ b/docs/4-api-documentation.md
@@ -59,12 +59,20 @@ The following three models (usually represented in JSON format) represent the va
 |color|color?|Yes|6-char hex (eg. `ff7000`), sans `#`.|
 |avatar_url|url?|Yes|Not validated server-side.|
 |birthday|date?|Yes|ISO-8601 (`YYYY-MM-DD`) format, year of `0001` or `0004` means hidden year. Birthdays set after 2020-02-10 use `0004` as a sentinel year, but both options are recognized as valid.|
-|prefix|string?|Yes|Deprecated. Use `proxy_tags` instead.|
-|suffix|string?|Yes|Deprecated. Use `proxy_tags` instead.|
+|prefix|string?|Yes|**Deprecated.** Use `proxy_tags` instead.|
+|suffix|string?|Yes|**Deprecated.** Use `proxy_tags` instead.|
 |proxy_tags|ProxyTag[]|Yes (entire array)|An array of ProxyTag (see below) objects, each representing a single prefix/suffix pair.|
 |keep_proxy|bool|Yes|Whether to display a member's proxy tags in the proxied message.|
-|created|datetime|No||
-|privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|created|datetime|No|
+|privacy|string?|Yes|**Deprecated.** Use `<subject>_privacy` and `visibility` fields.|
+|visibility|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|name_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|description_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|birthday_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|pronoun_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|color_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|message_count_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|
+|created_timestamp_privacy|string?|Yes|Patching with `private` will set it to private; `public` or `null` will set it to public.|

 #### ProxyTag object

@@ -165,7 +173,14 @@ If the request is not authenticated with the system's token, members marked as p
        "proxy_tags": [{"prefix": "[", "suffix": "]"}],
        "keep_proxy": false,
        "created": "2019-01-01T15:00:00.654321Z",
-        "privacy": null
+        "visibility": null,
+        "name_privacy": null,
+        "description_privacy": null,
+        "birthday_privacy": null,
+        "pronoun_privacy": null,
+        "color_privacy": null,
+        "message_count_privacy": null,
+        "created_timestamp_privacy": null
    }
 ]
 ```
@@ -220,6 +235,14 @@ If the system has chosen to hide its current fronters, this will return `403 For
            "description": "I am Craig, example user extraordinaire.",
            "proxy_tags": [{"prefix": "[", "suffix": "]"}],
            "keep_proxy": false,
+            "visibility": null,
+            "name_privacy": null,
+            "description_privacy": null,
+            "birthday_privacy": null,
+            "pronoun_privacy": null,
+            "color_privacy": null,
+            "message_count_privacy": null,
+            "created_timestamp_privacy": null,
            "created": "2019-01-01T15:00:00.654321Z"
        }
    ]
@@ -302,7 +325,14 @@ If this member is marked private, and the request isn't authenticated with the m
    "proxy_tags": [{"prefix": "[", "suffix": "]"}],
    "keep_proxy": false,
    "created": "2019-01-01T15:00:00.654321Z",
-    "privacy": "public"
+    "visibility": "public",
+    "name_privacy": "public",
+    "description_privacy": "private",
+    "birthday_privacy": "private",
+    "pronoun_privacy": "public",
+    "color_privacy": "public",
+    "message_count_privacy": "private",
+    "created_timestamp_privacy": "public"
 }
 ```

@@ -324,7 +354,14 @@ Creates a new member with the information given. Missing fields (except for name
    "pronouns": "they/them",
    "description": "I am Craig, cooler example user extraordinaire.",
    "keep_proxy": false,
-    "privacy": "public"
+    "visibility": "public",
+    "name_privacy": "public",
+    "description_privacy": "private",
+    "birthday_privacy": "private",
+    "pronoun_privacy": "public",
+    "color_privacy": "public",
+    "message_count_privacy": "private",
+    "created_timestamp_privacy": "public"
 }
 ```
 (note the absence of a `proxy_tags` field, which is cleared in the response)
@@ -343,7 +380,14 @@ Creates a new member with the information given. Missing fields (except for name
    "proxy_tags": [],
    "keep_proxy": false,
    "created": "2019-01-01T15:00:00.654321Z",
-    "privacy": "public"
+    "visibility": "public",
+    "name_privacy": "public",
+    "description_privacy": "private",
+    "birthday_privacy": "private",
+    "pronoun_privacy": "public",
+    "color_privacy": "public",
+    "message_count_privacy": "private",
+    "created_timestamp_privacy": "public"
 }
 ```

@@ -365,7 +409,14 @@ Edits a member's information. Missing fields will keep their current values. Wil
    "pronouns": "they/them",
    "description": "I am Craig, cooler example user extraordinaire.",
    "keep_proxy": false,
-    "privacy": "public"
+    "visibility": "public",
+    "name_privacy": "public",
+    "description_privacy": "private",
+    "birthday_privacy": "private",
+    "pronoun_privacy": "public",
+    "color_privacy": "public",
+    "message_count_privacy": "private",
+    "created_timestamp_privacy": "public"
 }
 ```
 (note the absence of a `proxy_tags` field, which keeps its old value in the response)
@@ -384,7 +435,14 @@ Edits a member's information. Missing fields will keep their current values. Wil
    "proxy_tags": [{"prefix": "[", "suffix": "]"}],
    "keep_proxy": false,
    "created": "2019-01-01T15:00:00.654321Z",
-    "privacy": "public"
+    "visibility": "public",
+    "name_privacy": "public",
+    "description_privacy": "private",
+    "birthday_privacy": "private",
+    "pronoun_privacy": "public",
+    "color_privacy": "public",
+    "message_count_privacy": "private",
+    "created_timestamp_privacy": "public"
 }
 ```

@@ -459,12 +517,24 @@ The returned system and member's privacy settings will be respected, and as such
        "description": "I am Craig, example user extraordinaire.",
        "proxy_tags": [{"prefix": "[", "suffix": "]"}],
        "keep_proxy": false,
-        "created": "2019-01-01T15:00:00.654321Z"
+        "created": "2019-01-01T15:00:00.654321Z",
+        "visibility": "public",
+        "name_privacy": "public",
+        "description_privacy": "private",
+        "birthday_privacy": "private",
+        "pronoun_privacy": "public",
+        "color_privacy": "public",
+        "message_count_privacy": "private",
+        "created_timestamp_privacy": "public"
    }
 }
 ```

 ## Version history
+<!-- (Update this on official release) -->
+* 2020-05-14
+  * The API now has values for granular member privacy. The new fields are as follows: `visibility`, `name_privacy`, `description_privacy`, `birthday_privacy`, `pronoun_privacy`, `color_privacy`, `message_count_privacy`, and `created_timestamp_privacy`. All are strings and accept the values of `public`, `private` and `null`
+  * The `privacy` field has now been deprecated and should not be used. It is a reflection of visibility.
 * 2020-05-07
  * The API (v1) is now formally(ish) defined with OpenAPI v3.0. [The definition file can be found here.](https://github.com/xSke/PluralKit/blob/master/PluralKit.API/openapi.yaml)
 * 2020-02-10