FIX: only hide posts detected explicitly as spam (#1070)

When enabling spam scanner it there may be old unscanned posts this can create a risky situation where spam scanner operates on legit posts during false positives To keep this a lot safer we no longer try to hide old stuff by the spammers.
2025-06-25 09:02:23 +00:00 · 2025-01-15 16:50:41 +11:00 · 2025-01-15 16:50:41 +11:00 · 81b952d56e
commit 81b952d56e
parent c881f8b361
2 changed files with 39 additions and 17 deletions
--- a/lib/ai_moderation/spam_scanner.rb
+++ b/lib/ai_moderation/spam_scanner.rb
@ -377,26 +377,18 @@ module DiscourseAi
        silencer.silence

        # silencer will not hide tl1 posts, so we do this here
-        hide_posts_and_topics(post.user)
+        hide_post(post)
      end

-      def self.hide_posts_and_topics(user)
-        Post
-          .where(user_id: user.id)
-          .where("created_at > ?", 24.hours.ago)
-          .update_all(
-            [
-              "hidden = true, hidden_reason_id = COALESCE(hidden_reason_id, ?)",
-              Post.hidden_reasons[:new_user_spam_threshold_reached],
-            ],
-          )
-        topic_ids =
-          Post
-            .where(user_id: user.id, post_number: 1)
-            .where("created_at > ?", 24.hours.ago)
-            .select(:topic_id)
+      def self.hide_post(post)
+        Post.where(id: post.id).update_all(
+          [
+            "hidden = true, hidden_reason_id = COALESCE(hidden_reason_id, ?)",
+            Post.hidden_reasons[:new_user_spam_threshold_reached],
+          ],
+        )

-        Topic.where(id: topic_ids).update_all(visible: false)
+        Topic.where(id: post.topic_id).update_all(visible: false) if post.post_number == 1
      end
    end
  end
--- a/spec/lib/modules/ai_moderation/spam_scanner_spec.rb
+++ b/spec/lib/modules/ai_moderation/spam_scanner_spec.rb
@ -3,6 +3,7 @@
 require "rails_helper"

 RSpec.describe DiscourseAi::AiModeration::SpamScanner do
+  fab!(:moderator)
  fab!(:user) { Fabricate(:user, trust_level: TrustLevel[0]) }
  fab!(:topic)
  fab!(:post) { Fabricate(:post, user: user, topic: topic) }
@ -183,6 +184,29 @@ RSpec.describe DiscourseAi::AiModeration::SpamScanner do
    end
  end

+  describe ".hide_post" do
+    fab!(:spam_post) { Fabricate(:post, user: user) }
+    fab!(:second_spam_post) { Fabricate(:post, topic: spam_post.topic, user: user) }
+
+    it "hides spam post and topic for first post" do
+      described_class.hide_post(spam_post)
+
+      expect(spam_post.reload.hidden).to eq(true)
+      expect(second_spam_post.reload.hidden).to eq(false)
+      expect(spam_post.reload.hidden_reason_id).to eq(
+        Post.hidden_reasons[:new_user_spam_threshold_reached],
+      )
+    end
+
+    it "doesn't hide the topic for non-first posts" do
+      described_class.hide_post(second_spam_post)
+
+      expect(spam_post.reload.hidden).to eq(false)
+      expect(second_spam_post.reload.hidden).to eq(true)
+      expect(spam_post.topic.reload.visible).to eq(true)
+    end
+  end
+
  describe "integration test" do
    fab!(:llm_model)
    let(:api_audit_log) { Fabricate(:api_audit_log) }
@ -257,6 +281,12 @@ RSpec.describe DiscourseAi::AiModeration::SpamScanner do

      expect(log.reviewable).to be_present
      expect(log.reviewable.created_by_id).to eq(described_class.flagging_user.id)
+
+      log.reviewable.perform(moderator, :disagree_and_restore)
+
+      expect(post.reload.hidden?).to eq(false)
+      expect(post.topic.reload.visible).to eq(true)
+      expect(post.user.reload.silenced?).to eq(false)
    end
  end
 end