Block requests to add tags by first time poster from backend

[17sushmita]

Hi, this is a first-timers-only issue. This means we've worked to make it more legible to folks who either haven't contributed to our codebase before, or even folks who haven't contributed to open source before.

If that's you, we're interested in helping you take the first step and can answer questions and help you out as you do. Note that we're especially interested in contributions from people from groups underrepresented in free and open source software!

We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

If you have contributed before, consider leaving this one for someone new, and looking through our general help wanted issues. Thanks!

🤔 What you will need to know.

Nothing. This issue is meant to welcome you to Open Source :) We are happy to walk you through the process.

📋 Step by Step

• [ ] 🙋 Claim this issue: Comment below. If someone else has claimed it, ask if they've opened a pull request already and if they're stuck -- maybe you can help them solve a problem or move it along!

• [ ] 📝 Update the file app/models/node.rb in the plots2 repository (press the little pen Icon) and edit the line as shown below.

See this page for some help in taking your first steps!

Issue Description

This is part of #9768

After merging #9770, First-time posters won't be able to access add tag form from UI But, it will still be accessible from other methods to add tags by first-time posters since the requests are not blocked from the backend.

For example- If a GET request with all the request headers (user token etc) is sent at https://publiclab.org/tag/create/{node_id} with some parameters (refer below image), it is still accessible to create tags by first-time posters. Here, I have added a test tag on the node with nid: 100 i.e https://publiclab.org/wiki/balloon-mapping-materials. See the below image, tagtest tag is added to this node by sending request through POSTMAN

Solution

In this file: https://github.com/publiclab/plots2/blob/cfba9ef309198ca0731f9c0d54214816c8915278/app/models/node.rb#L1067-L1074

Make this change

Below is a "diff" showing in red (and a -) which lines to remove, and in green (and a +) which lines to add:

     elsif tagname == 'blog' && user.role != 'admin' && user.role != 'moderator'
       errors ? 'Only moderators or admins can use this tag.' : false
     elsif tagname.split(':')[0] == 'redirect' && Node.where(slug: one_split).size <= 0
       errors ? I18n.t('node.page_does_not_exist') : false
     elsif socials[one_split&.to_sym].present?
       errors ? "This tag is used for associating a #{socials[one_split.to_sym]} account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
+    elsif user.first_time_poster && !(user.username == self.author.username || (self.coauthors && self.coauthors.exists?(username: user.username)) || user.role == 'admin' || user.role == 'moderator')
+      errors ? 'Adding tags to other people’s posts is not available to you until your own first post has been approved by site moderators' : false
     else
       true

• [ ] 💾 Commit your changes

• [ ] 🔀 Start a Pull Request. There are two ways how you can start a pull request:

1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.

2. You can also edit files directly in your browser and open a pull request from there.

• [ ] 🏁 Done Ask in comments for a review :)

Please keep us updated

💬⏰ - We encourage contributors to be respectful to the community and provide an update within a week of claiming a first-timers-only issue. We're happy to keep it assigned to you as long as you need if you update us with a request for more time or help, but if we don't see any activity a week after you claim it we may reassign it to give someone else a chance. Thank you in advance!

If this happens to you, don't sweat it! Grab another open issue.

Is someone else already working on this?

🔗- We encourage contributors to link to the original issue in their pull request so all users can easily see if someone's already started on it.

👥- If someone seems stuck, offer them some help! Otherwise, take a look at some other issues you can help with. Thanks!

🤔❓ Questions?

Leave a comment below!

[17sushmita]

Hi @CaptainDrewBoy, Would you like to work on this?

[CaptainDrewBoy]

Sorry, I'm currently working on a first-timers issue I've been assigned (which will be finished later today). But thank you for offering!

[17sushmita]

Sorry, I'm currently working on a first-timers issue I've been assigned (which will be finished later today). But thank you for offering!

Okay, great! Let's leave this for other newcomers. Thank you :)

[nudelbrot0451]

I would like to claim this one if possible.

[afzal442]

I think no one took up this. @cgrkzlkn can work on it.

[17sushmita]

Hi all we are waiting for @lonwabo-mnyaiza to respond as he asked to be in the first-tmers list and this issue got assigned to him. If he doesn't respond in a while @BlogThe you can take this up.

And as @cgrkzlkn is already working on another issue and this is a first-timers only, let's leave this for a newcomer. Meanwhile, feel free to take a look at other issues here - https://github.com/publiclab/plots2/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22

Thank you everyone for showing such enthusiasm !!😄

[lonwabo-mnyaiza]

@17sushmita sorry to all for the delayed response, I can have a look at this, thanks for being patient :)

[saraswathy-krish]

Hello, I am a first-time contributor here and looking for a first-timers-only issue. I would like to take this up if it is still up for grabs. Thanks!

[17sushmita]

@lonwabo-mnyaiza, are you working on it?

[lonwabo-mnyaiza]

@17sushmita soz, I usually work on these issues on the weekend. I've made the changes and created a PR for this change which can be reviewed: https://github.com/publiclab/plots2/pull/9829

[17sushmita]

Great, thanks for working on it🎉️