AO3-6503 Allow superadmins to disable guest comments across the site

app/controllers/comments_controller.rb

@@ -19,6 +19,7 @@ class CommentsController < ApplicationController
   before_action :check_permission_to_edit, only: [:edit, :update ]
   before_action :check_permission_to_delete, only: [:delete_comment, :destroy]
   before_action :check_parent_comment_permissions, only: [:new, :create, :add_comment_reply]
+  before_action :check_guest_comment_permissions, only: [:new, :create, :add_comment_reply]
   before_action :check_unreviewed, only: [:add_comment_reply]
   before_action :check_frozen, only: [:new, :create, :add_comment_reply]
   before_action :check_hidden_by_admin, only: [:new, :create, :add_comment_reply]
@@ -130,6 +131,15 @@ def check_parent_comment_permissions
     end
   end
 
+  def check_guest_comment_permissions
+    admin_settings = AdminSetting.current
+
+    return unless admin_settings.guest_comments_off? && !logged_in?
+
+    flash[:error] = t("comments.commentable.guest_comments_disabled")
+    redirect_back(fallback_location: root_path)
+  end
+
   def check_unreviewed
     return unless @commentable.respond_to?(:unreviewed?) && @commentable.unreviewed?
 

app/helpers/comments_helper.rb

@@ -99,13 +99,16 @@ def show_hide_comments_link(commentable, options={})
   #### HELPERS FOR CHECKING WHICH BUTTONS/FORMS TO DISPLAY #####
 
   def can_reply_to_comment?(comment)
+    admin_settings = AdminSetting.current
+
     !(comment.unreviewed? ||
       comment.iced? ||
       comment.hidden_by_admin? ||
       parent_disallows_comments?(comment) ||
       comment_parent_hidden?(comment) ||
       blocked_by_comment?(comment) ||
-      blocked_by?(comment.ultimate_parent))
+      blocked_by?(comment.ultimate_parent) ||
+      !logged_in? && admin_settings.guest_comments_off?)
   end
 
   def can_edit_comment?(comment)

app/policies/admin_setting_policy.rb

@@ -19,6 +19,7 @@ class AdminSettingPolicy < ApplicationPolicy
       downloads_enabled
       enable_test_caching
       hide_spam
+      guest_comments_off
       invite_from_queue_enabled
       invite_from_queue_frequency
       invite_from_queue_number

app/views/admin/settings/index.html.erb

@@ -67,6 +67,9 @@
 
       <dt><%= admin_setting_checkbox(f, :hide_spam) %></dt>
       <dd><%= f.label :hide_spam, t(".fields.hide_spam") %></dd>
+
+      <dt><%= admin_setting_checkbox(f, :guest_comments_off) %></dt>
+      <dd><%= f.label :guest_comments_off, t(".fields.guest_comments_off") %></dd>
     </dl>
   </fieldset>
 

app/views/comments/_commentable.html.erb

@@ -75,7 +75,11 @@
   <%= flash_div :comment_error, :comment_notice %>
 
   <% commentable_parent = find_parent(commentable) %>
-  <% if commentable_parent.is_a?(AdminPost) && commentable_parent.disable_all_comments? %>
+  <% if @admin_settings.guest_comments_off? && !logged_in? %>
+    <p class="notice">
+      <%= t(".guest_comments_disabled") %>
+    </p>
+  <% elsif commentable_parent.is_a?(AdminPost) && commentable_parent.disable_all_comments? %>
     <p class="notice">
       <%= t(".permissions.admin_post.disable_all") %>
     </p>

config/locales/views/en.yml

@@ -148,6 +148,7 @@ en:
           disabled_support_form_text: Disabled support form text
           downloads_enabled: Allow downloads
           enable_test_caching: Turn on caching (currently experimental)
+          guest_comments_off: Turn off guest comments across the site
           hide_spam: Automatically hide spam works
           invite_from_queue_enabled: Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)
           invite_from_queue_frequency: How often (in days) should we invite people from the queue
@@ -277,6 +278,7 @@ en:
       actions:
         comment: Comment
       blocked: Sorry, you have been blocked by one or more of this work's creators.
+      guest_comments_disabled: Sorry, the Archive doesn't allow guests to comment right now.
       invite_to_collections_link: Invite To Collections
       permissions:
         admin_post:

db/migrate/20230408145819_add_guest_comment_off_to_admin_settings.rb

@@ -0,0 +1,5 @@
+class AddGuestCommentOffToAdminSettings < ActiveRecord::Migration[6.1]
+  def change
+    add_column :admin_settings, :guest_comments_off, :boolean, default: false, null: false
+  end
+end

features/admins/admin_settings.feature

@@ -36,3 +36,24 @@ Feature: Admin Settings Page
     When I am logged in as a random user
       And I go to the support page
     Then I should see "We can answer Support inquiries in"
+
+  Scenario: Turn on guest comments
+    Given guest comments are on
+      And I am logged out
+      And the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+      And I view the work "Generic Work" with comments
+    When I fill in "Comment" with "Guest comment"
+      And I post a guest comment
+    Then I should see "Comment created!"
+      And I should see "Reply"
+
+  Scenario: Turn off guest comments
+    Given guest comments are off
+      And I am logged out
+      And the work "Generic Work"
+      And a guest comment on the work "Generic Work"
+    When I view the work "Generic Work" with comments
+    Then I should see "Sorry, the Archive doesn't allow guests to comment right now."
+      And I should not see "Reply"
+

features/step_definitions/admin_steps.rb

@@ -88,6 +88,20 @@
   click_button("Update")
 end
 
+Given /^guest comments are on$/ do
+  step("I am logged in as a super admin")
+  visit(admin_settings_path)
+  uncheck("Turn off guest comments across the site")
+  click_button("Update")
+end
+
+Given /^guest comments are off$/ do
+  step("I am logged in as a super admin")
+  visit(admin_settings_path)
+  check("Turn off guest comments across the site")
+  click_button("Update")
+end
+
 Given /^I have posted known issues$/ do
   step %{I am logged in as an admin}
   step %{I follow "Admin Posts"}

spec/controllers/admin/settings_controller_spec.rb

@@ -64,7 +64,8 @@
               downloads_enabled: "1",
               enable_test_caching: "0",
               cache_expiration: "10",
-              hide_spam: "1"
+              hide_spam: "1",
+              guest_comments_off: "1"
             }
           }
 
@@ -107,6 +108,7 @@
         {
           downloads_enabled: false,
           hide_spam: true,
+          guest_comments_off: true,
           tag_wrangling_off: true
         }.each_pair do |field, value|
           it "prevents admins with support role from updating #{field}" do
@@ -137,7 +139,8 @@
         {
           disable_support_form: true,
           downloads_enabled: false,
-          hide_spam: true
+          hide_spam: true,
+          guest_comments_off: true
         }.each_pair do |field, value|
           it "prevents admins with tag_wrangling role from updating #{field}" do
             expect do

spec/controllers/comments_controller_spec.rb

@@ -446,6 +446,32 @@
         end
       end
     end
+
+    context "guest comments are turned on in admin settings" do
+      let(:work) { create(:work) }
+
+      it "allows guest comments" do
+        post :create, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        expect(flash[:error]).to be_nil
+      end
+    end
+
+    context "guest comments are turned off in admin settings" do
+      let(:work) { create(:work) }
+      let(:admin_setting) { AdminSetting.first || AdminSetting.create }
+
+      before do
+        admin_setting.update_attribute(:guest_comments_off, true)
+      end
+
+      it "does not allow guest comments" do
+        post :create, params: { work_id: work.id, comment: anon_comment_attributes }
+
+        it_redirects_to_with_error("/where_i_came_from", 
+                                   "Sorry, the Archive doesn't allow guests to comment right now.")
+      end
+    end
   end
 
   describe "PUT #review_all" do

test/fixtures/admin_settings.yml

@@ -19,3 +19,4 @@ admin_setting_3:
   creation_requires_invite: false
   downloads_enabled: true
   hide_spam: false
+  guest_comments_off: false