FEATURE: restrict public sharing on login required sites (#649)

Initial implementation allowed internet wide sharing of
AI conversations, on sites that require login.

This feature can be an anti feature for private sites cause they
can not share conversations internally.

For now we are removing support for public sharing on login required
sites, if the community need the feature we can consider adding a
setting.
This commit is contained in:
Sam 2024-05-29 11:04:47 +10:00 committed by GitHub
parent bd1490a536
commit 13840f68b3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 3 deletions

View File

@ -7,7 +7,7 @@ module DiscourseAi
requires_login only: %i[create update destroy] requires_login only: %i[create update destroy]
before_action :require_site_settings! before_action :require_site_settings!
skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required, only: %i[show] skip_before_action :preload_json, :check_xhr, only: %i[show]
def create def create
ensure_allowed_create! ensure_allowed_create!

View File

@ -99,7 +99,7 @@ en:
ai_bot_enable_chat_warning: "Display a warning when PM chat is initiated. Can be overriden by editing the translation string: discourse_ai.ai_bot.pm_warning" ai_bot_enable_chat_warning: "Display a warning when PM chat is initiated. Can be overriden by editing the translation string: discourse_ai.ai_bot.pm_warning"
ai_bot_allowed_groups: "When the GPT Bot has access to the PM, it will reply to members of these groups." ai_bot_allowed_groups: "When the GPT Bot has access to the PM, it will reply to members of these groups."
ai_bot_debugging_allowed_groups: "Allow these groups to see a debug button on posts which displays the raw AI request and response" ai_bot_debugging_allowed_groups: "Allow these groups to see a debug button on posts which displays the raw AI request and response"
ai_bot_public_sharing_allowed_groups: "Allow these groups to share AI personal messages with the public via a unique publicly available link" ai_bot_public_sharing_allowed_groups: "Allow these groups to share AI personal messages with the public via a unique publicly available link. Note: if your site requires login, shares will also require login."
ai_bot_enabled_chat_bots: "Available models to act as an AI Bot" ai_bot_enabled_chat_bots: "Available models to act as an AI Bot"
ai_bot_add_to_header: "Display a button in the header to start a PM with a AI Bot" ai_bot_add_to_header: "Display a button in the header to start a PM with a AI Bot"
ai_bot_github_access_token: "GitHub access token for use with GitHub AI tools (required for search support)" ai_bot_github_access_token: "GitHub access token for use with GitHub AI tools (required for search support)"
@ -319,7 +319,7 @@ en:
configuration_hint: configuration_hint:
one: "Make sure the `%{settings}` setting was configured." one: "Make sure the `%{settings}` setting was configured."
other: "Make sure these settings were configured: %{settings}" other: "Make sure these settings were configured: %{settings}"
delete_failed: delete_failed:
one: "We couldn't delete this model because %{settings} is using it. Update the setting and try again." one: "We couldn't delete this model because %{settings} is using it. Update the setting and try again."
other: "We couldn't delete this model because %{settings} are using it. Update the settings and try again." other: "We couldn't delete this model because %{settings} are using it. Update the settings and try again."

View File

@ -252,6 +252,12 @@ RSpec.describe DiscourseAi::AiBot::SharedAiConversationsController do
end end
describe "GET show" do describe "GET show" do
it "redirects to home page if site require login" do
SiteSetting.login_required = true
get "#{path}/#{shared_conversation.share_key}"
expect(response).to redirect_to("/login")
end
it "renders the shared conversation" do it "renders the shared conversation" do
get "#{path}/#{shared_conversation.share_key}" get "#{path}/#{shared_conversation.share_key}"
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)