feat: New admin setting for hiding user pages

apps/app/public/static/locales/en_US/admin.json

@@ -56,6 +56,11 @@
       "enable_force_delete_user_homepage_on_user_deletion": "When you delete a user, the user's homepage and all its sub pages will be completely deleted",
       "desc": "You will be able to delete a deleted user's homepage."
     },
+    "user_page_visibility": {
+      "user_page_visibility": "User page visibility",
+      "hide_user_pages": "Hide user pages",
+      "desc": "Hides all user related pages for general users"
+    },
     "session": "Session",
     "max_age": "Max age (msec)",
     "max_age_desc": "Specifies the number (in milliseconds) to expire users session.<br>Default: 2592000000 (30days)",

apps/app/public/static/locales/fr_FR/admin.json

@@ -56,6 +56,11 @@
       "enable_force_delete_user_homepage_on_user_deletion": "Supprimer la page d'accueil et ses pages enfants",
       "desc": "Les pages d'accueil utilisateurs pourront être supprimées."
     },
+    "user_page_visibility": {
+      "user_page_visibility": "Visibilité de la page utilisateur",
+      "hide_user_pages": "Masquer les pages utilisateur",
+      "desc": "Masque toutes les pages liées aux utilisateurs pour les utilisateurs généraux"
+    },
     "session": "Session",
     "max_age": "Âge maximal (ms)",
     "max_age_desc": "Spécifie (en milliseconde) l'âge maximal d'une session <br>Par défaut: 2592000000 (30 jours)",

apps/app/public/static/locales/ja_JP/admin.json

@@ -65,6 +65,11 @@
       "enable_force_delete_user_homepage_on_user_deletion": "ユーザーを削除したとき、ユーザーホームページとその配下のページを完全削除する",
       "desc": "削除済みユーザーのユーザーホームページを削除できるようになります。"
     },
+    "user_page_visibility": {
+      "user_page_visibility": "ユーザーページの表示/非表示",
+      "hide_user_pages": "ユーザーページを非表示にする",
+      "desc": "一般ユーザーに対して、すべてのユーザー関連ページを非表示にする"
+    },
     "session": "セッション",
     "max_age": "有効期間 (ミリ秒)",
     "max_age_desc": "ユーザーのセッション情報の有効期間をミリ秒で指定できます。<br>デフォルト値: 2592000000 (30日間)",

apps/app/public/static/locales/ko_KR/admin.json

@@ -56,6 +56,11 @@
       "enable_force_delete_user_homepage_on_user_deletion": "사용자를 삭제할 때, 사용자의 홈페이지와 모든 하위 페이지가 완전히 삭제됩니다.",
       "desc": "삭제된 사용자의 홈페이지를 삭제할 수 있습니다."
     },
+    "user_page_visibility": {
+      "user_page_visibility": "사용자 페이지 가시성",
+      "hide_user_pages": "사용자 페이지 숨기기",
+      "desc": "일반 사용자를 위해 모든 사용자 관련 페이지를 숨깁니다"
+    },
     "session": "세션",
     "max_age": "최대 수명 (밀리초)",
     "max_age_desc": "사용자 세션이 만료되는 시간(밀리초)을 지정합니다.<br>기본값: 2592000000 (30일)",

apps/app/public/static/locales/zh_CN/admin.json

@@ -65,6 +65,11 @@
       "enable_force_delete_user_homepage_on_user_deletion": "删除用户时，该用户的主页及其所有子页面将被完全删除",
       "desc": "您可以删除已删除用户的主页。"
     },
+    "user_page_visibility": {
+      "user_page_visibility": "用户页面可见性",
+      "hide_user_pages": "隐藏用户页面",
+      "desc": "对一般用户隐藏所有用户相关页面"
+    },
     "session": "会议",
     "max_age": "有效期间  (msec)",
     "max_age_desc": "指定使用户会话过期的数量(以毫秒为单位)。<br>默认值: 2592000000 (30天)",

apps/app/src/client/components/Admin/Security/SecuritySetting/UserPageVisibilitySettings.tsx

@@ -0,0 +1,46 @@
+/* eslint-disable react/no-danger */
+import type React from 'react';
+
+import type AdminGeneralSecurityContainer from '~/client/services/AdminGeneralSecurityContainer';
+
+type Props = {
+  adminGeneralSecurityContainer: AdminGeneralSecurityContainer;
+  t: (key: string) => string;
+};
+
+export const UserPageVisibilitySettings: React.FC<Props> = ({
+  adminGeneralSecurityContainer,
+  t,
+}) => {
+  return (
+    <>
+      <h4 className="mb-3">
+        {t('security_settings.user_page_visibility.user_page_visibility')}
+      </h4>
+      <div className="row mb-4">
+        <div className="col-md-10 offset-md-2">
+          <div className="form-check form-switch form-check-success">
+            <input
+              type="checkbox"
+              className="form-check-input"
+              id="is-user-pages-visible"
+              checked={adminGeneralSecurityContainer.state.isHidingUserPages}
+              onChange={() => {
+                adminGeneralSecurityContainer.changeUserPageVisibility();
+              }}
+            />
+            <label
+              className="form-label form-check-label"
+              htmlFor="is-user-pages-visible"
+            >
+              {t('security_settings.user_page_visibility.hide_user_pages')}
+            </label>
+          </div>
+          <p className="form-text text-muted small mt-2">
+            {t('security_settings.user_page_visibility.desc')}
+          </p>
+        </div>
+      </div>
+    </>
+  );
+};

apps/app/src/client/components/Admin/Security/SecuritySetting/index.tsx

@@ -13,6 +13,7 @@ import { PageDeleteRightsSettings } from './PageDeleteRightsSettings';
 import { PageListDisplaySettings } from './PageListDisplaySettings';
 import { SessionMaxAgeSettings } from './SessionMaxAgeSettings';
 import { UserHomepageDeletionSettings } from './UserHomepageDeletionSettings';
+import { UserPageVisibilitySettings } from './UserPageVisibilitySettings';
 
 type FormData = {
   sessionMaxAge: string;
@@ -63,6 +64,8 @@ const SecuritySettingComponent: React.FC<Props> = ({
           hideRestrictedByOwner:
             adminGeneralSecurityContainer.state
               .currentOwnerRestrictionDisplayMode === 'Hidden',
+          isHidingUserPages:
+            adminGeneralSecurityContainer.state.isHidingUserPages,
           isUsersHomepageDeletionEnabled:
             adminGeneralSecurityContainer.state.isUsersHomepageDeletionEnabled,
           isForceDeleteUserHomepageOnUserDeletion:
@@ -114,6 +117,10 @@ const SecuritySettingComponent: React.FC<Props> = ({
             adminGeneralSecurityContainer={adminGeneralSecurityContainer}
             t={t}
           />
+          <UserPageVisibilitySettings
+            adminGeneralSecurityContainer={adminGeneralSecurityContainer}
+            t={t}
+          />
           <CommentManageRightsSettings
             adminGeneralSecurityContainer={adminGeneralSecurityContainer}
             t={t}

apps/app/src/client/services/AdminGeneralSecurityContainer.js

@@ -45,6 +45,7 @@ export default class AdminGeneralSecurityContainer extends Container {
       expandOtherOptionsForCompleteDeletion: false,
       isShowRestrictedByOwner: false,
       isUsersHomepageDeletionEnabled: false,
+      isHidingUserPages: false,
       isForceDeleteUserHomepageOnUserDeletion: false,
       isRomUserAllowedToComment: false,
       isLocalEnabled: false,
@@ -67,6 +68,7 @@ export default class AdminGeneralSecurityContainer extends Container {
       this.changeGroupRestrictionDisplayMode.bind(this);
     this.changePageDeletionAuthority =
       this.changePageDeletionAuthority.bind(this);
+    this.changeUserPageVisibility = this.changeUserPageVisibility.bind(this);
     this.changePageCompleteDeletionAuthority =
       this.changePageCompleteDeletionAuthority.bind(this);
     this.changePageRecursiveDeletionAuthority =
@@ -105,6 +107,7 @@ export default class AdminGeneralSecurityContainer extends Container {
       isForceDeleteUserHomepageOnUserDeletion:
         generalSetting.isForceDeleteUserHomepageOnUserDeletion,
       isRomUserAllowedToComment: generalSetting.isRomUserAllowedToComment,
+      isHidingUserPages: generalSetting.isHidingUserPages,
       sessionMaxAge: generalSetting.sessionMaxAge,
       wikiMode: generalSetting.wikiMode,
       disableLinkSharing: shareLinkSetting.disableLinkSharing,
@@ -176,6 +179,10 @@ export default class AdminGeneralSecurityContainer extends Container {
     this.setState({ currentPageDeletionAuthority: val });
   }
 
+  changeUserPageVisibility() {
+    this.setState({ isHidingUserPages: !this.state.isHidingUserPages });
+  }
+
   /**
    * Change pageCompleteDeletionAuthority
    */
@@ -284,6 +291,7 @@ export default class AdminGeneralSecurityContainer extends Container {
               formData.isAllGroupMembershipRequiredForPageCompleteDeletion,
             hideRestrictedByGroup: formData.hideRestrictedByGroup,
             hideRestrictedByOwner: formData.hideRestrictedByOwner,
+            isHidingUserPages: formData.isHidingUserPages,
             isUsersHomepageDeletionEnabled:
               formData.isUsersHomepageDeletionEnabled,
             isForceDeleteUserHomepageOnUserDeletion:
@@ -306,6 +314,7 @@ export default class AdminGeneralSecurityContainer extends Container {
               this.state.currentGroupRestrictionDisplayMode === 'Hidden',
             hideRestrictedByOwner:
               this.state.currentOwnerRestrictionDisplayMode === 'Hidden',
+            isUserPagesVisible: this.state.isUserPagesVisible,
             isUsersHomepageDeletionEnabled:
               this.state.isUsersHomepageDeletionEnabled,
             isForceDeleteUserHomepageOnUserDeletion:

apps/app/src/server/models/page.ts

@@ -89,6 +89,7 @@ export type FindRecentUpdatedPagesOption = {
   desc: number;
   hideRestrictedByOwner: boolean;
   hideRestrictedByGroup: boolean;
+  hideUserPages: boolean;
 };
 
 export type CreateMethod = (
@@ -430,6 +431,22 @@ export class PageQueryBuilder {
     return this;
   }
 
+  addConditionToListByNotMatchPathAndChildren(str: string): PageQueryBuilder {
+    const path = normalizePath(str);
+
+    if (isTopPage(path)) {
+      return this;
+    }
+
+    const startsPattern = escapeStringRegexp(path);
+
+    this.query = this.query.and({
+      path: { $not: new RegExp(`^${startsPattern}(/|$)`) },
+    });
+
+    return this;
+  }
+
   addConditionToListByMatch(str: string): PageQueryBuilder {
     // No request is set for "/"
     if (str === '/') {
@@ -920,6 +937,10 @@ schema.statics.findRecentUpdatedPages = async function (
   const baseQuery = this.find({});
   const queryBuilder = new PageQueryBuilder(baseQuery, includeEmpty);
 
+  if (options.hideUserPages) {
+    queryBuilder.addConditionToListByNotMatchPathAndChildren('/user');
+  }
+
   if (!options.includeTrashed) {
     queryBuilder.addConditionToExcludeTrashed();
   }

apps/app/src/server/routes/apiv3/page-listing.ts

@@ -155,15 +155,24 @@ const routerFactory = (crowi: Crowi): Router => {
       const hideRestrictedByGroup = await configManager.getConfig(
         'security:list-policy:hideRestrictedByGroup',
       );
+      const hideUserPages = await configManager.getConfig(
+        'security:isHidingUserPages',
+      );
 
       try {
-        const pages =
+        let pages =
           await pageListingService.findChildrenByParentPathOrIdAndViewer(
             (id || path) as string,
             req.user,
             !hideRestrictedByOwner,
             !hideRestrictedByGroup,
           );
+
+        if (hideUserPages === true) {
+          const isUserPagePath = /^\/user(\/|$)/;
+          pages = pages.filter((page) => !isUserPagePath.test(page.path));
+        }
+
         return res.apiv3({ children: pages });
       } catch (err) {
         logger.error('Error occurred while finding children.', err);

apps/app/src/server/routes/apiv3/pages/index.js

@@ -193,6 +193,9 @@ module.exports = (crowi) => {
       const hideRestrictedByGroup = configManager.getConfig(
         'security:list-policy:hideRestrictedByGroup',
       );
+      const hideUserPages = configManager.getConfig(
+        'security:isHidingUserPages',
+      );
 
       /**
        * @type {import('~/server/models/page').FindRecentUpdatedPagesOption}
@@ -207,6 +210,7 @@ module.exports = (crowi) => {
         desc: -1,
         hideRestrictedByOwner,
         hideRestrictedByGroup,
+        hideUserPages,
       };
 
       try {

apps/app/src/server/routes/apiv3/security-settings/index.js

@@ -47,6 +47,9 @@ const validator = {
     body('hideRestrictedByGroup')
       .if((value) => value != null)
       .isBoolean(),
+    body('isHidingUserPages')
+      .if((value) => value != null)
+      .isBoolean(),
     body('isUsersHomepageDeletionEnabled')
       .if((value) => value != null)
       .isBoolean(),
@@ -217,6 +220,9 @@ const validator = {
  *          pageCompleteDeletionAuthority:
  *            type: string
  *            description: type of pageDeletionAuthority
+ *          isHidingUserPages:
+ *            type: boolean
+ *            description: hide all user pages from general users
  *          hideRestrictedByOwner:
  *            type: boolean
  *            description: enable hide by owner
@@ -505,6 +511,9 @@ module.exports = (crowi) => {
           hideRestrictedByGroup: await configManager.getConfig(
             'security:list-policy:hideRestrictedByGroup',
           ),
+          isHidingUserPages: await configManager.getConfig(
+            'security:isHidingUserPages',
+          ),
           isUsersHomepageDeletionEnabled: await configManager.getConfig(
             'security:user-homepage-deletion:isEnabled',
           ),
@@ -995,6 +1004,7 @@ module.exports = (crowi) => {
           req.body.hideRestrictedByOwner,
         'security:list-policy:hideRestrictedByGroup':
           req.body.hideRestrictedByGroup,
+        'security:isHidingUserPages': req.body.isHidingUserPages,
         'security:user-homepage-deletion:isEnabled':
           req.body.isUsersHomepageDeletionEnabled,
         // Validate user-homepage-deletion config
@@ -1067,6 +1077,9 @@ module.exports = (crowi) => {
           hideRestrictedByGroup: await configManager.getConfig(
             'security:list-policy:hideRestrictedByGroup',
           ),
+          isHidingUserPages: await configManager.getConfig(
+            'security:isHidingUserPages',
+          ),
           isUsersHomepageDeletionEnabled: await configManager.getConfig(
             'security:user-homepage-deletion:isEnabled',
           ),

apps/app/src/server/service/config-manager/config-definition.ts

@@ -115,6 +115,7 @@ export const CONFIG_KEYS = [
   'security:pageRecursiveDeletionAuthority',
   'security:pageRecursiveCompleteDeletionAuthority',
   'security:isAllGroupMembershipRequiredForPageCompleteDeletion',
+  'security:isHidingUserPages',
   'security:user-homepage-deletion:isEnabled',
   'security:user-homepage-deletion:isForceDeleteUserHomepageOnUserDeletion',
   'security:isRomUserAllowedToComment',
@@ -678,6 +679,9 @@ export const CONFIG_DEFINITIONS = {
     defineConfig<boolean>({
       defaultValue: true,
     }),
+  'security:isHidingUserPages': defineConfig<boolean>({
+    defaultValue: false,
+  }),
   'security:user-homepage-deletion:isEnabled': defineConfig<boolean>({
     defaultValue: false,
   }),

apps/app/src/server/service/page-listing/page-listing.ts

@@ -60,6 +60,7 @@ class PageListingService implements IPageListingService {
     user?: IUser,
     showPagesRestrictedByOwner = false,
     showPagesRestrictedByGroup = false,
+    hideUserPages = false,
   ): Promise<IPageForTreeItem[]> {
     const Page = mongoose.model<HydratedDocument<PageDocument>, PageModel>(
       'Page',

apps/app/src/server/service/page/index.ts

@@ -796,6 +796,16 @@ class PageService implements IPageService {
     return renamedPage;
   }
 
+  getExcludedPathsBySystem(): string[] {
+    const excludedPaths: string[] = [];
+
+    if (configManager.getConfig('security:isHidingUserPages')) {
+      excludedPaths.push('/user');
+    }
+
+    return excludedPaths;
+  }
+
   async renameSubOperation(
     page,
     newPagePathSanitized: string,

packages/remark-lsx/src/client/stores/lsx/lsx.spec.ts

@@ -84,6 +84,12 @@ describe('useSWRxLsx integration tests', () => {
     const mockCrowi = {
       require: () => () => (req: any, res: any, next: any) => next(),
       accessTokenParser: () => (req: any, res: any, next: any) => next(),
+      pageService: {
+        getExcludedPathsBySystem: vi.fn().mockReturnValue(['/user']),
+      },
+      configManager: {
+        getConfig: vi.fn().mockReturnValue(false),
+      },
     };
 
     // Import and setup the LSX middleware

packages/remark-lsx/src/server/index.ts

@@ -57,14 +57,15 @@ const middleware = (crowi: any, app: any): void => {
     loginRequiredFallback,
   );
   const accessTokenParser = crowi.accessTokenParser;
+  const excludedPaths = crowi.pageService.getExcludedPathsBySystem();
 
   app.get(
     '/_api/lsx',
     accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }),
     loginRequired,
     lsxValidator,
     paramValidator,
-    listPages,
+    listPages({ excludedPaths }),
   );
 };