From f2b93eb3e16628df47da693a785b25482cff1d3b Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Fri, 31 Jan 2025 21:43:45 +0900
Subject: [PATCH 1/8] WIP

---
 packages/backend/src/core/DriveService.ts              |  8 +++++++-
 .../src/core/entities/DriveFileEntityService.ts        |  2 ++
 packages/backend/src/models/DriveFile.ts               |  6 ++++++
 packages/backend/src/models/json-schema/drive-file.ts  |  4 ++++
 packages/backend/src/postgres.ts                       |  2 +-
 .../src/server/api/endpoints/drive/files/update.ts     | 10 ++++++++++
 packages/frontend/src/pages/drive.file.info.vue        |  1 +
 7 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/core/DriveService.ts b/packages/backend/src/core/DriveService.ts
index a68fc25ab2e8..5a366cc26b78 100644
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -590,6 +590,7 @@ export class DriveService {
 		if (info.sensitive && profile!.autoSensitive) file.isSensitive = true;
 		if (info.sensitive && instance.setSensitiveFlagAutomatically) file.isSensitive = true;
 		if (userRoleNSFW) file.isSensitive = true;
+		if (file.isSensitiveByModerator) file.isSensitive = true;
 
 		if (url !== null) {
 			file.src = url;
@@ -660,6 +661,7 @@ export class DriveService {
 	@bindThis
 	public async updateFile(file: MiDriveFile, values: Partial<MiDriveFile>, updater: MiUser) {
 		const alwaysMarkNsfw = (await this.roleService.getUserPolicies(file.userId)).alwaysMarkNsfw;
+		const isModerator = await this.roleService.isModerator(updater);
 
 		if (values.name != null && !this.driveFileEntityService.validateFileName(values.name)) {
 			throw new DriveService.InvalidFileNameError();
@@ -680,6 +682,10 @@ export class DriveService {
 			}
 		}
 
+		if (isModerator && file.userId !== updater.id) {
+			values.isSensitiveByModerator = values.isSensitive;
+		}
+
 		await this.driveFilesRepository.update(file.id, values);
 
 		const fileObj = await this.driveFileEntityService.pack(file.id, updater, { self: true });
@@ -689,7 +695,7 @@ export class DriveService {
 			this.globalEventService.publishDriveStream(file.userId, 'fileUpdated', fileObj);
 		}
 
-		if (await this.roleService.isModerator(updater) && (file.userId !== updater.id)) {
+		if (isModerator && (file.userId !== updater.id)) {
 			if (values.isSensitive !== undefined && values.isSensitive !== file.isSensitive) {
 				const user = file.userId ? await this.usersRepository.findOneByOrFail({ id: file.userId }) : null;
 				if (values.isSensitive) {
diff --git a/packages/backend/src/core/entities/DriveFileEntityService.ts b/packages/backend/src/core/entities/DriveFileEntityService.ts
index 289f267c4b3a..4422573eb621 100644
--- a/packages/backend/src/core/entities/DriveFileEntityService.ts
+++ b/packages/backend/src/core/entities/DriveFileEntityService.ts
@@ -217,6 +217,7 @@ export class DriveFileEntityService {
 			thumbnailUrl: this.getThumbnailUrl(file),
 			comment: file.comment,
 			folderId: file.folderId,
+			isSensitiveByModerator: opts.detail ? file.isSensitiveByModerator : null,
 			folder: opts.detail && file.folderId ? this.driveFolderEntityService.pack(file.folderId, {
 				detail: true,
 			}) : null,
@@ -247,6 +248,7 @@ export class DriveFileEntityService {
 			md5: file.md5,
 			size: file.size,
 			isSensitive: file.isSensitive,
+			isSensitiveByModerator: opts.detail ? file.isSensitiveByModerator : null,
 			blurhash: file.blurhash,
 			properties: opts.self ? file.properties : this.getPublicProperties(file),
 			url: opts.self ? file.url : this.getPublicUrl(file),
diff --git a/packages/backend/src/models/DriveFile.ts b/packages/backend/src/models/DriveFile.ts
index 079e9cd9dc1a..6973e4d9d46a 100644
--- a/packages/backend/src/models/DriveFile.ts
+++ b/packages/backend/src/models/DriveFile.ts
@@ -162,6 +162,12 @@ export class MiDriveFile {
 	})
 	public isSensitive: boolean;
 
+	@Index()
+	@Column('boolean', {
+		default: false,
+	})
+	public isSensitiveByModerator: boolean;
+
 	@Index()
 	@Column('boolean', {
 		default: false,
diff --git a/packages/backend/src/models/json-schema/drive-file.ts b/packages/backend/src/models/json-schema/drive-file.ts
index ca88cc0e3975..0f8ad44f33d5 100644
--- a/packages/backend/src/models/json-schema/drive-file.ts
+++ b/packages/backend/src/models/json-schema/drive-file.ts
@@ -42,6 +42,10 @@ export const packedDriveFileSchema = {
 			type: 'boolean',
 			optional: false, nullable: false,
 		},
+		isSensitiveByModerator: {
+			type: 'boolean',
+			optional: false, nullable: true,
+		},
 		blurhash: {
 			type: 'string',
 			optional: false, nullable: true,
diff --git a/packages/backend/src/postgres.ts b/packages/backend/src/postgres.ts
index b272f7d6523e..05c2748be4f9 100644
--- a/packages/backend/src/postgres.ts
+++ b/packages/backend/src/postgres.ts
@@ -212,7 +212,7 @@ export const entities = [
 	...charts,
 ];
 
-const log = process.env.NODE_ENV !== 'production';
+const log = false;
 const timeoutFinalizationRegistry = new FinalizationRegistry((reference: { name: string; timeout: NodeJS.Timeout }) => {
 	dbLogger.info(`Finalizing timeout: ${reference.name}`);
 	clearInterval(reference.timeout);
diff --git a/packages/backend/src/server/api/endpoints/drive/files/update.ts b/packages/backend/src/server/api/endpoints/drive/files/update.ts
index 42c03204a420..88afdba642d6 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/update.ts
@@ -51,6 +51,12 @@ export const meta = {
 			code: 'RESTRICTED_BY_ROLE',
 			id: '7f59dccb-f465-75ab-5cf4-3ce44e3282f7',
 		},
+
+		restrictedByModerator: {
+			message: 'The isSensitive specified by the moderator cannot be deleted.',
+			code: 'RESTRICTED_BY_MODERATOR',
+			id: '20e6c501-e579-400d-97e4-1c7efc286f35',
+		},
 	},
 	res: {
 		type: 'object',
@@ -90,6 +96,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new ApiError(meta.errors.accessDenied);
 			}
 
+			if (!await this.roleService.isModerator(me) && !ps.isSensitive && file.isSensitiveByModerator) {
+				throw new ApiError(meta.errors.restrictedByModerator);
+			}
+
 			let packedFile;
 
 			try {
diff --git a/packages/frontend/src/pages/drive.file.info.vue b/packages/frontend/src/pages/drive.file.info.vue
index 8077edff5f44..74cbd82d720b 100644
--- a/packages/frontend/src/pages/drive.file.info.vue
+++ b/packages/frontend/src/pages/drive.file.info.vue
@@ -6,6 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 <template>
 <div class="_gaps">
 	<MkInfo>{{ i18n.ts._fileViewer.thisPageCanBeSeenFromTheAuthor }}</MkInfo>
+	<MkInfo v-if="file && file.isSensitiveByModerator" :warn="true">{{ i18n.ts._fileViewer. }}</MkInfo>
 	<MkLoading v-if="fetching"/>
 	<div v-else-if="file" class="_gaps">
 		<div :class="$style.filePreviewRoot">

From a5b67b0e7b84f63a6e5add33a24e918f0cfd4141 Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Wed, 12 Feb 2025 20:43:54 +0900
Subject: [PATCH 2/8] =?UTF-8?q?=E5=8B=95=E3=81=8F=E3=82=88=E3=81=86?=
 =?UTF-8?q?=E3=81=AB=E3=81=AA=E3=81=A3=E3=81=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 locales/index.d.ts                            | 13 ++++
 locales/ja-JP.yml                             |  3 +
 package.json                                  |  2 +-
 .../migration/1739335129758-sensitiveFlag.js  | 13 ++++
 packages/backend/src/core/DriveService.ts     |  7 ++
 .../core/entities/DriveFileEntityService.ts   |  8 ++-
 .../entities/NotificationEntityService.ts     |  3 +
 packages/backend/src/models/Notification.ts   |  5 ++
 .../src/models/json-schema/drive-file.ts      |  2 +-
 .../src/models/json-schema/notification.ts    | 25 +++++--
 .../api/endpoints/drive/files/update.ts       |  6 +-
 packages/backend/src/types.ts                 |  2 +
 .../src/components/MkNotification.vue         | 72 ++++++++++++++++++-
 packages/frontend/src/const.ts                |  1 +
 .../frontend/src/pages/drive.file.info.vue    | 18 +++--
 packages/frontend/src/pages/note.vue          | 15 ++++
 packages/misskey-js/src/autogen/types.ts      | 17 +++--
 17 files changed, 187 insertions(+), 25 deletions(-)
 create mode 100644 packages/backend/migration/1739335129758-sensitiveFlag.js

diff --git a/locales/index.d.ts b/locales/index.d.ts
index dce1d15b8015..b0fbb1b90cc3 100644
--- a/locales/index.d.ts
+++ b/locales/index.d.ts
@@ -5362,6 +5362,15 @@ export interface Locale extends ILocale {
      * {x}に投稿されます
      */
     "willBePostedAt": ParameterizedString<"x">;
+    /**
+     * 管理者によって、ドライブのファイルがセンシティブとして設定されました。
+     * 詳細については[NSFWガイドライン](https://go.misskey.io/media-guideline)を確認してください
+     */
+    "sensitiveByModerator": string;
+    /**
+     * この情報は他のユーザーには公開されません。
+     */
+    "thisInfoIsNotVisibleOtherUser": string;
     "_bubbleGame": {
         /**
          * 遊び方
@@ -9739,6 +9748,10 @@ export interface Locale extends ILocale {
          * 通知の履歴をリセットする
          */
         "flushNotification": string;
+        /**
+         * ドライブのファイルがセンシティブとして設定されました
+         */
+        "sensitiveFlagAssigned": string;
         "_types": {
             /**
              * すべて
diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml
index e5038ead054b..f3e6c0a6ce38 100644
--- a/locales/ja-JP.yml
+++ b/locales/ja-JP.yml
@@ -1334,6 +1334,8 @@ scheduled: "予約済み"
 unschedule: "予約を解除"
 setScheduledTime: "予約日時を設定"
 willBePostedAt: "{x}に投稿されます"
+sensitiveByModerator: "管理者によって、ドライブのファイルがセンシティブとして設定されました。\n詳細については[NSFWガイドライン](https://go.misskey.io/media-guideline)を確認してください"
+thisInfoIsNotVisibleOtherUser: "この情報は他のユーザーには公開されません。"
 
 _bubbleGame:
   howToPlay: "遊び方"
@@ -2560,6 +2562,7 @@ _notification:
   renotedBySomeUsers: "{n}人がリノートしました"
   followedBySomeUsers: "{n}人にフォローされました"
   flushNotification: "通知の履歴をリセットする"
+  sensitiveFlagAssigned: "ドライブのファイルがセンシティブとして設定されました"
 
   _types:
     all: "すべて"
diff --git a/package.json b/package.json
index c45ed11317a0..34d61b1804d5 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "2024.5.0-io.7c",
+	"version": "2024.5.0-io.123131",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",
diff --git a/packages/backend/migration/1739335129758-sensitiveFlag.js b/packages/backend/migration/1739335129758-sensitiveFlag.js
new file mode 100644
index 000000000000..b3ca6df6cd3d
--- /dev/null
+++ b/packages/backend/migration/1739335129758-sensitiveFlag.js
@@ -0,0 +1,13 @@
+export class SensitiveFlag1739335129758 {
+    name = 'SensitiveFlag1739335129758'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "drive_file" ADD "isSensitiveByModerator" boolean NOT NULL DEFAULT false`);
+        await queryRunner.query(`CREATE INDEX "IDX_e779d1afdfa44dc3d64213cd2e" ON "drive_file" ("isSensitiveByModerator") `);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`DROP INDEX "public"."IDX_e779d1afdfa44dc3d64213cd2e"`);
+        await queryRunner.query(`ALTER TABLE "drive_file" DROP COLUMN "isSensitiveByModerator"`);
+    }
+}
diff --git a/packages/backend/src/core/DriveService.ts b/packages/backend/src/core/DriveService.ts
index 5a366cc26b78..9cfefe601055 100644
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -44,6 +44,7 @@ import { correctFilename } from '@/misc/correct-filename.js';
 import { isMimeImage } from '@/misc/is-mime-image.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { LoggerService } from '@/core/LoggerService.js';
+import { NotificationService } from '@/core/NotificationService.js';
 
 type AddFileArgs = {
 	/** User who wish to add file */
@@ -129,6 +130,7 @@ export class DriveService {
 		private driveChart: DriveChart,
 		private perUserDriveChart: PerUserDriveChart,
 		private instanceChart: InstanceChart,
+		private notificationService: NotificationService,
 	) {
 		const logger = this.loggerService.getLogger('drive', 'blue');
 		this.registerLogger = logger.createSubLogger('register', 'yellow');
@@ -705,6 +707,11 @@ export class DriveService {
 						fileUserUsername: user?.username ?? null,
 						fileUserHost: user?.host ?? null,
 					});
+					if (file.userId) {
+						this.notificationService.createNotification(file.userId, 'sensitiveFlagAssigned', {
+							fileId: file.id,
+						});
+					}
 				} else {
 					this.moderationLogService.log(updater, 'unmarkSensitiveDriveFile', {
 						fileId: file.id,
diff --git a/packages/backend/src/core/entities/DriveFileEntityService.ts b/packages/backend/src/core/entities/DriveFileEntityService.ts
index 4422573eb621..3a261113de66 100644
--- a/packages/backend/src/core/entities/DriveFileEntityService.ts
+++ b/packages/backend/src/core/entities/DriveFileEntityService.ts
@@ -211,13 +211,15 @@ export class DriveFileEntityService {
 			md5: file.md5,
 			size: file.size,
 			isSensitive: file.isSensitive,
+			...(opts.detail ? {
+				isSensitiveByModerator: file.isSensitiveByModerator,
+			} : {}),
 			blurhash: file.blurhash,
 			properties: opts.self ? file.properties : this.getPublicProperties(file),
 			url: opts.self ? file.url : this.getPublicUrl(file),
 			thumbnailUrl: this.getThumbnailUrl(file),
 			comment: file.comment,
 			folderId: file.folderId,
-			isSensitiveByModerator: opts.detail ? file.isSensitiveByModerator : null,
 			folder: opts.detail && file.folderId ? this.driveFolderEntityService.pack(file.folderId, {
 				detail: true,
 			}) : null,
@@ -248,7 +250,9 @@ export class DriveFileEntityService {
 			md5: file.md5,
 			size: file.size,
 			isSensitive: file.isSensitive,
-			isSensitiveByModerator: opts.detail ? file.isSensitiveByModerator : null,
+			...(opts.detail ? {
+				isSensitiveByModerator: file.isSensitiveByModerator,
+			} : {}),
 			blurhash: file.blurhash,
 			properties: opts.self ? file.properties : this.getPublicProperties(file),
 			url: opts.self ? file.url : this.getPublicUrl(file),
diff --git a/packages/backend/src/core/entities/NotificationEntityService.ts b/packages/backend/src/core/entities/NotificationEntityService.ts
index bd8f9a1cf7bd..b793d515c640 100644
--- a/packages/backend/src/core/entities/NotificationEntityService.ts
+++ b/packages/backend/src/core/entities/NotificationEntityService.ts
@@ -183,6 +183,9 @@ export class NotificationEntityService implements OnModuleInit {
 				header: notification.customHeader,
 				icon: notification.customIcon,
 			} : {}),
+			...(notification.type === 'sensitiveFlagAssigned' ? {
+				fileId: notification.fileId,
+			} : {}),
 		});
 	}
 
diff --git a/packages/backend/src/models/Notification.ts b/packages/backend/src/models/Notification.ts
index 4747b51b5fc7..ef783d2112af 100644
--- a/packages/backend/src/models/Notification.ts
+++ b/packages/backend/src/models/Notification.ts
@@ -93,6 +93,11 @@ export type MiNotification = {
 	id: string;
 	createdAt: string;
 	draftId: MiScheduledNote['id'];
+} | {
+	type: 'sensitiveFlagAssigned'
+	id: string;
+	fileId: string;
+	createdAt: string;
 } | {
 	type: 'app';
 	id: string;
diff --git a/packages/backend/src/models/json-schema/drive-file.ts b/packages/backend/src/models/json-schema/drive-file.ts
index 0f8ad44f33d5..3cc98058a29a 100644
--- a/packages/backend/src/models/json-schema/drive-file.ts
+++ b/packages/backend/src/models/json-schema/drive-file.ts
@@ -44,7 +44,7 @@ export const packedDriveFileSchema = {
 		},
 		isSensitiveByModerator: {
 			type: 'boolean',
-			optional: false, nullable: true,
+			optional: true, nullable: true,
 		},
 		blurhash: {
 			type: 'string',
diff --git a/packages/backend/src/models/json-schema/notification.ts b/packages/backend/src/models/json-schema/notification.ts
index e682408977d1..160fcae42180 100644
--- a/packages/backend/src/models/json-schema/notification.ts
+++ b/packages/backend/src/models/json-schema/notification.ts
@@ -309,8 +309,8 @@ export const packedNotificationSchema = {
 				type: 'object',
 				ref: 'NoteDraft',
 				optional: false, nullable: false,
-			}
-		}
+			},
+		},
 	}, {
 		type: 'object',
 		properties: {
@@ -324,8 +324,8 @@ export const packedNotificationSchema = {
 				type: 'object',
 				ref: 'Note',
 				optional: false, nullable: false,
-			}
-		}
+			},
+		},
 	}, {
 		type: 'object',
 		properties: {
@@ -339,8 +339,21 @@ export const packedNotificationSchema = {
 				type: 'object',
 				ref: 'NoteDraft',
 				optional: false, nullable: false,
-			}
-		}
+			},
+		},
+	}, {
+		type: 'object',
+		properties: {
+			...baseSchema.properties,
+			type: {
+				type: 'string',
+				optional: false, nullable: false,
+				enum: ['sensitiveFlagAssigned'],
+			},
+			fileId: {
+				optional: false, nullable: false,
+			},
+		},
 	}, {
 		type: 'object',
 		properties: {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/update.ts b/packages/backend/src/server/api/endpoints/drive/files/update.ts
index 88afdba642d6..099888922e94 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/update.ts
@@ -53,8 +53,8 @@ export const meta = {
 		},
 
 		restrictedByModerator: {
-			message: 'The isSensitive specified by the moderator cannot be deleted.',
-			code: 'RESTRICTED_BY_MODERATOR',
+			message: 'The isSensitive specified by the administrator cannot be changed.',
+			code: 'RESTRICTED_BY_ADMINISTRATOR',
 			id: '20e6c501-e579-400d-97e4-1c7efc286f35',
 		},
 	},
@@ -96,7 +96,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new ApiError(meta.errors.accessDenied);
 			}
 
-			if (!await this.roleService.isModerator(me) && !ps.isSensitive && file.isSensitiveByModerator) {
+			if (!await this.roleService.isModerator(me) && file.isSensitiveByModerator) {
 				throw new ApiError(meta.errors.restrictedByModerator);
 			}
 
diff --git a/packages/backend/src/types.ts b/packages/backend/src/types.ts
index 945eb27b54c9..f6f8db812458 100644
--- a/packages/backend/src/types.ts
+++ b/packages/backend/src/types.ts
@@ -26,6 +26,7 @@ import type { MiNote } from '@/models/Note.js';
  * noteScheduled - 予約投稿が予約された
  * scheduledNotePosted - 予約投稿が投稿された
  * scheduledNoteError - 予約投稿がエラーになった
+ * sensitiveFlagAssigned - センシティブフラグが付与された
  * app - アプリ通知
  * test - テスト通知（サーバー側）
  */
@@ -45,6 +46,7 @@ export const notificationTypes = [
 	'noteScheduled',
 	'scheduledNotePosted',
 	'scheduledNoteError',
+	'sensitiveFlagAssigned',
 	'app',
 	'test',
 ] as const;
diff --git a/packages/frontend/src/components/MkNotification.vue b/packages/frontend/src/components/MkNotification.vue
index 87418961b7e2..219f350e743d 100644
--- a/packages/frontend/src/components/MkNotification.vue
+++ b/packages/frontend/src/components/MkNotification.vue
@@ -8,6 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-only
 	<div :class="$style.head">
 		<MkAvatar v-if="['pollEnded', 'note'].includes(notification.type) && notification.note" :class="$style.icon" :user="notification.note.user" link preview/>
 		<MkAvatar v-else-if="['roleAssigned', 'achievementEarned', 'noteScheduled', 'scheduledNotePosted', 'scheduledNoteError'].includes(notification.type)" :class="$style.icon" :user="$i" link preview/>
+		<div
+			v-else-if="notification.type === 'sensitiveFlagAssigned'"
+			:class="$style.iconFrame"
+		>
+			<div :class="[$style.iconInner]" >
+				<img :class="$style.iconImg" src="/fluent-emoji/1f6a9.png">
+			</div>
+		</div>
 		<div v-else-if="notification.type === 'reaction:grouped' && notification.note.reactionAcceptance === 'likeOnly'" :class="[$style.icon, $style.icon_reactionGroupHeart]"><i class="ti ti-heart" style="line-height: 1;"></i></div>
 		<div v-else-if="notification.type === 'reaction:grouped'" :class="[$style.icon, $style.icon_reactionGroup]"><i class="ti ti-plus" style="line-height: 1;"></i></div>
 		<div v-else-if="notification.type === 'renote:grouped'" :class="[$style.icon, $style.icon_renoteGroup]"><i class="ti ti-repeat" style="line-height: 1;"></i></div>
@@ -71,6 +79,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 			<span v-else-if="notification.type === 'reaction:grouped'" :class="$style.headerName">{{ i18n.tsx._notification.reactedBySomeUsers({ n: getActualReactedUsersCount(notification) }) }}</span>
 			<span v-else-if="notification.type === 'renote:grouped'" :class="$style.headerName">{{ i18n.tsx._notification.renotedBySomeUsers({ n: notification.users.length }) }}</span>
 			<span v-else-if="notification.type === 'app'" :class="$style.headerName">{{ notification.header }}</span>
+			<MkA v-else-if="notification.type === 'sensitiveFlagAssigned'" :to="'/my/drive/file/'+notification.fileId" :class="$style.headerName">{{ i18n.ts._notification.sensitiveFlagAssigned }}</MkA>
 			<MkTime v-if="withTime" :time="notification.createdAt" :class="$style.headerTime"/>
 		</header>
 		<div>
@@ -159,6 +168,10 @@ SPDX-License-Identifier: AGPL-3.0-only
 					<MkAvatar :class="$style.reactionsItemAvatar" :user="user" link preview/>
 				</div>
 			</div>
+				<Mfm v-else-if="notification.type === 'sensitiveFlagAssigned'" :text="i18n.ts.sensitiveByModerator"/>
+			<span :class="$style.text" style="opacity: 0.6;" v-if="['sensitiveFlagAssigned'].includes(notification.type)">
+				{{ i18n.ts.thisInfoIsNotVisibleOtherUser }}
+			</span>
 		</div>
 	</div>
 </div>
@@ -176,7 +189,7 @@ import { userPage } from '@/filters/user.js';
 import { i18n } from '@/i18n.js';
 import { misskeyApi } from '@/scripts/misskey-api.js';
 import { signinRequired } from '@/account.js';
-import { infoImageUrl } from '@/instance.js';
+import {infoImageUrl} from '@/instance.js';
 
 const $i = signinRequired();
 
@@ -341,6 +354,12 @@ function getActualReactedUsersCount(notification: Misskey.entities.Notification)
 	pointer-events: none;
 }
 
+.t_sensitiveFlagAssigned {
+	padding: 3px;
+	background: var(--eventOther);
+	pointer-events: none;
+}
+
 .tail {
 	flex: 1;
 	min-width: 0;
@@ -430,6 +449,57 @@ function getActualReactedUsersCount(notification: Misskey.entities.Notification)
 	color: #fff;
 }
 
+.iconFrame {
+	position: relative;
+	width: 100%;
+	height: 100%;
+	padding: 4px;
+	border-radius: 100%;
+	box-sizing: border-box;
+	pointer-events: none;
+	user-select: none;
+	filter: drop-shadow(0px 2px 2px #00000044);
+	box-shadow: 0 1px 0px #ffffff88 inset;
+	overflow: clip;
+	background: linear-gradient(0deg, #703827, #d37566);
+}
+
+.iconImg {
+	width: calc(100% - 12px);
+	height: calc(100% - 12px);
+	position: absolute;
+	top: 0;
+	right: 0;
+	bottom: 0;
+	left: 0;
+	margin: auto;
+	filter: drop-shadow(0px 1px 2px #000000aa);
+}
+
+.iconInner {
+	position: relative;
+	width: 100%;
+	height: 100%;
+	border-radius: 100%;
+	box-shadow: 0 1px 0px #ffffff88 inset;
+	background: linear-gradient(0deg, #d37566, #703827);
+}
+
+.iconFrame_gold {
+	&:before {
+		content: "";
+		display: block;
+		position: absolute;
+		top: 30px;
+		width: 200px;
+		height: 8px;
+		rotate: -45deg;
+		translate: -30px;
+		background: #ffffff88;
+		animation: shine 2s infinite;
+	}
+}
+
 @container (max-width: 600px) {
 	.root {
 		padding: 16px;
diff --git a/packages/frontend/src/const.ts b/packages/frontend/src/const.ts
index e84958a69be8..6283391be5c3 100644
--- a/packages/frontend/src/const.ts
+++ b/packages/frontend/src/const.ts
@@ -70,6 +70,7 @@ export const notificationTypes = [
 	'noteScheduled',
 	'scheduledNotePosted',
 	'scheduledNoteError',
+	'sensitiveFlagAssigned',
 	'app',
 ] as const;
 export const obsoleteNotificationTypes = ['pollVote', 'groupInvited'] as const;
diff --git a/packages/frontend/src/pages/drive.file.info.vue b/packages/frontend/src/pages/drive.file.info.vue
index 74cbd82d720b..bd690e1e7b9e 100644
--- a/packages/frontend/src/pages/drive.file.info.vue
+++ b/packages/frontend/src/pages/drive.file.info.vue
@@ -6,7 +6,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 <template>
 <div class="_gaps">
 	<MkInfo>{{ i18n.ts._fileViewer.thisPageCanBeSeenFromTheAuthor }}</MkInfo>
-	<MkInfo v-if="file && file.isSensitiveByModerator" :warn="true">{{ i18n.ts._fileViewer. }}</MkInfo>
+	<MkInfo v-if="file && file.isSensitiveByModerator" :warn="true">
+		<Mfm :text="i18n.ts.sensitiveByModerator"/>
+	</MkInfo>
 	<MkLoading v-if="fetching"/>
 	<div v-else-if="file" class="_gaps">
 		<div :class="$style.filePreviewRoot">
@@ -24,12 +26,14 @@ SPDX-License-Identifier: AGPL-3.0-only
 				<button v-if="isImage" v-tooltip="i18n.ts.cropImage" class="_button" :class="$style.fileQuickActionsOthersButton" @click="crop()">
 					<i class="ti ti-crop"></i>
 				</button>
-				<button v-if="file.isSensitive" v-tooltip="i18n.ts.unmarkAsSensitive" class="_button" :class="$style.fileQuickActionsOthersButton" @click="toggleSensitive()">
-					<i class="ti ti-eye"></i>
-				</button>
-				<button v-else v-tooltip="i18n.ts.markAsSensitive" class="_button" :class="$style.fileQuickActionsOthersButton" @click="toggleSensitive()">
-					<i class="ti ti-eye-exclamation"></i>
-				</button>
+				<span v-if="!file.isSensitiveByModerator">
+					<button v-if="file.isSensitive" v-tooltip="i18n.ts.unmarkAsSensitive" class="_button" :class="$style.fileQuickActionsOthersButton" @click="toggleSensitive()">
+						<i class="ti ti-eye"></i>
+					</button>
+					<button v-else v-tooltip="i18n.ts.markAsSensitive" class="_button" :class="$style.fileQuickActionsOthersButton" @click="toggleSensitive()">
+						<i class="ti ti-eye-exclamation"></i>
+					</button>
+				</span>
 				<a v-tooltip="i18n.ts.download" :href="file.url" :download="file.name" class="_button" :class="$style.fileQuickActionsOthersButton">
 					<i class="ti ti-download"></i>
 				</a>
diff --git a/packages/frontend/src/pages/note.vue b/packages/frontend/src/pages/note.vue
index a088c5cb9376..f9a9e7b83d6d 100644
--- a/packages/frontend/src/pages/note.vue
+++ b/packages/frontend/src/pages/note.vue
@@ -21,6 +21,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 						</div>
 						<div class="_margin _gaps_s">
 							<MkRemoteCaution v-if="note.user.host != null" :href="note.url ?? note.uri"/>
+							<MkInfo v-if="hasSensitiveFiles" :warn="true">
+								<Mfm :text="i18n.ts.sensitiveByModerator"/>
+							</MkInfo>
 							<MkNoteDetailed :key="note.id" v-model:note="note" :initialTab="initialTab" :class="$style.note"/>
 						</div>
 						<div v-if="clips && clips.length > 0" class="_margin">
@@ -61,6 +64,8 @@ import { i18n } from '@/i18n.js';
 import { dateString } from '@/filters/date.js';
 import MkClipPreview from '@/components/MkClipPreview.vue';
 import { defaultStore } from '@/store.js';
+import MkInfo from '@/components/MkInfo.vue';
+import { $i } from '@/account.js';
 
 const props = defineProps<{
 	noteId: string;
@@ -69,6 +74,7 @@ const props = defineProps<{
 
 const note = ref<null | Misskey.entities.Note>();
 const clips = ref<Misskey.entities.Clip[]>();
+const hasSensitiveFiles = ref(false);
 const showPrev = ref<'user' | 'channel' | false>(false);
 const showNext = ref<'user' | 'channel' | false>(false);
 const error = ref();
@@ -119,6 +125,15 @@ function fetchNote() {
 		noteId: props.noteId,
 	}).then(res => {
 		note.value = res;
+
+		if (note.value.userId === $i?.id && note.value.fileIds) {
+			Promise.all(note.value.fileIds.map(fileId =>
+				misskeyApi('drive/files/show', { fileId: fileId }),
+			)).then(files => {
+				hasSensitiveFiles.value = files.some(file => file.isSensitiveByModerator);
+			});
+		}
+
 		// 古いノートは被クリップ数をカウントしていないので、2023-10-01以前のものは強制的にnotes/clipsを叩く
 		if (note.value.clippedCount > 0 || new Date(note.value.createdAt).getTime() < new Date('2023-10-01').getTime()) {
 			misskeyApi('notes/clips', {
diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts
index 9990683c8828..3e0feb4fdadb 100644
--- a/packages/misskey-js/src/autogen/types.ts
+++ b/packages/misskey-js/src/autogen/types.ts
@@ -4513,6 +4513,14 @@ export type components = {
       /** @enum {string} */
       type: 'scheduledNoteError';
       draft: components['schemas']['NoteDraft'];
+    } | {
+      /** Format: id */
+      id: string;
+      /** Format: date-time */
+      createdAt: string;
+      /** @enum {string} */
+      type: 'sensitiveFlagAssigned';
+      fileId: unknown;
     } | {
       /** Format: id */
       id: string;
@@ -4572,6 +4580,7 @@ export type components = {
       /** @example 51469 */
       size: number;
       isSensitive: boolean;
+      isSensitiveByModerator?: boolean | null;
       blurhash: string | null;
       properties: {
         /** @example 1280 */
@@ -20463,8 +20472,8 @@ export type operations = {
           untilId?: string;
           /** @default true */
           markAsRead?: boolean;
-          includeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'app' | 'test' | 'pollVote' | 'groupInvited')[];
-          excludeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'app' | 'test' | 'pollVote' | 'groupInvited')[];
+          includeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'sensitiveFlagAssigned' | 'app' | 'test' | 'pollVote' | 'groupInvited')[];
+          excludeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'sensitiveFlagAssigned' | 'app' | 'test' | 'pollVote' | 'groupInvited')[];
         };
       };
     };
@@ -20531,8 +20540,8 @@ export type operations = {
           untilId?: string;
           /** @default true */
           markAsRead?: boolean;
-          includeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'app' | 'test' | 'reaction:grouped' | 'renote:grouped' | 'pollVote' | 'groupInvited')[];
-          excludeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'app' | 'test' | 'reaction:grouped' | 'renote:grouped' | 'pollVote' | 'groupInvited')[];
+          includeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'sensitiveFlagAssigned' | 'app' | 'test' | 'reaction:grouped' | 'renote:grouped' | 'pollVote' | 'groupInvited')[];
+          excludeTypes?: ('note' | 'follow' | 'mention' | 'reply' | 'renote' | 'quote' | 'reaction' | 'pollEnded' | 'receiveFollowRequest' | 'followRequestAccepted' | 'roleAssigned' | 'achievementEarned' | 'noteScheduled' | 'scheduledNotePosted' | 'scheduledNoteError' | 'sensitiveFlagAssigned' | 'app' | 'test' | 'reaction:grouped' | 'renote:grouped' | 'pollVote' | 'groupInvited')[];
         };
       };
     };

From 9d8dd37fa8d40542745e935d537a380607b62bef Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Sat, 15 Feb 2025 21:10:41 +0900
Subject: [PATCH 3/8] =?UTF-8?q?=E5=A4=89=E3=81=AA=E5=A4=89=E6=9B=B4?=
 =?UTF-8?q?=E3=82=92=E7=B4=9B=E3=82=8C=E8=BE=BC=E3=81=BE=E3=81=9B=E3=82=8B?=
 =?UTF-8?q?=E3=81=A8=E3=81=93=E3=82=8D=E3=81=A0=E3=81=A3=E3=81=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 34d61b1804d5..c45ed11317a0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "2024.5.0-io.123131",
+	"version": "2024.5.0-io.7c",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",

From 31b4963e89adc0a71da838b60ac3a2d015d991a7 Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Sat, 15 Feb 2025 21:13:27 +0900
Subject: [PATCH 4/8] =?UTF-8?q?=E5=A4=89=E3=81=AA=E5=A4=89=E6=9B=B4?=
 =?UTF-8?q?=E3=82=92=E7=B4=9B=E3=82=8C=E8=BE=BC=E3=81=BE=E3=81=9B=E3=82=8B?=
 =?UTF-8?q?=E3=81=A8=E3=81=93=E3=82=8D=E3=81=A0=E3=81=A3=E3=81=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/postgres.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/postgres.ts b/packages/backend/src/postgres.ts
index 05c2748be4f9..b272f7d6523e 100644
--- a/packages/backend/src/postgres.ts
+++ b/packages/backend/src/postgres.ts
@@ -212,7 +212,7 @@ export const entities = [
 	...charts,
 ];
 
-const log = false;
+const log = process.env.NODE_ENV !== 'production';
 const timeoutFinalizationRegistry = new FinalizationRegistry((reference: { name: string; timeout: NodeJS.Timeout }) => {
 	dbLogger.info(`Finalizing timeout: ${reference.name}`);
 	clearInterval(reference.timeout);

From 7878c324af0544ccd06145dfe4ea8ab306b2d5dd Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Sat, 15 Feb 2025 21:19:02 +0900
Subject: [PATCH 5/8] =?UTF-8?q?=E5=A4=89=E3=81=AA=E5=A4=89=E6=9B=B4?=
 =?UTF-8?q?=E3=82=92=E7=B4=9B=E3=82=8C=E8=BE=BC=E3=81=BE=E3=81=9B=E3=82=8B?=
 =?UTF-8?q?=E3=81=A8=E3=81=93=E3=82=8D=E3=81=A0=E3=81=A3=E3=81=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../frontend/src/components/MkNotification.vue    | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/packages/frontend/src/components/MkNotification.vue b/packages/frontend/src/components/MkNotification.vue
index 219f350e743d..f674e9b15b44 100644
--- a/packages/frontend/src/components/MkNotification.vue
+++ b/packages/frontend/src/components/MkNotification.vue
@@ -485,21 +485,6 @@ function getActualReactedUsersCount(notification: Misskey.entities.Notification)
 	background: linear-gradient(0deg, #d37566, #703827);
 }
 
-.iconFrame_gold {
-	&:before {
-		content: "";
-		display: block;
-		position: absolute;
-		top: 30px;
-		width: 200px;
-		height: 8px;
-		rotate: -45deg;
-		translate: -30px;
-		background: #ffffff88;
-		animation: shine 2s infinite;
-	}
-}
-
 @container (max-width: 600px) {
 	.root {
 		padding: 16px;

From bdc24d0431154f46c91a14c8aaed096d89293939 Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Sat, 15 Feb 2025 21:21:39 +0900
Subject: [PATCH 6/8] =?UTF-8?q?Test=E3=82=92=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/test/unit/NoteCreateService.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/backend/test/unit/NoteCreateService.ts b/packages/backend/test/unit/NoteCreateService.ts
index 6010fcee8a3c..e1a1396b24cf 100644
--- a/packages/backend/test/unit/NoteCreateService.ts
+++ b/packages/backend/test/unit/NoteCreateService.ts
@@ -95,6 +95,7 @@ describe('NoteCreateService', () => {
 			folderId: null,
 			folder: null,
 			isSensitive: false,
+			isSensitiveByModerator: false,
 			maybeSensitive: false,
 			maybePorn: false,
 			isLink: false,

From 13cccfdfbfe1de76df195e0e3788449cf6f66caa Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Sat, 15 Feb 2025 21:25:57 +0900
Subject: [PATCH 7/8] lint

---
 packages/frontend/src/components/MkNotification.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/frontend/src/components/MkNotification.vue b/packages/frontend/src/components/MkNotification.vue
index f674e9b15b44..ce14517ac7e0 100644
--- a/packages/frontend/src/components/MkNotification.vue
+++ b/packages/frontend/src/components/MkNotification.vue
@@ -12,7 +12,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 			v-else-if="notification.type === 'sensitiveFlagAssigned'"
 			:class="$style.iconFrame"
 		>
-			<div :class="[$style.iconInner]" >
+			<div :class="[$style.iconInner]">
 				<img :class="$style.iconImg" src="/fluent-emoji/1f6a9.png">
 			</div>
 		</div>
@@ -168,8 +168,8 @@ SPDX-License-Identifier: AGPL-3.0-only
 					<MkAvatar :class="$style.reactionsItemAvatar" :user="user" link preview/>
 				</div>
 			</div>
-				<Mfm v-else-if="notification.type === 'sensitiveFlagAssigned'" :text="i18n.ts.sensitiveByModerator"/>
-			<span :class="$style.text" style="opacity: 0.6;" v-if="['sensitiveFlagAssigned'].includes(notification.type)">
+			<Mfm v-else-if="notification.type === 'sensitiveFlagAssigned'" :text="i18n.ts.sensitiveByModerator"/>
+			<span v-if="['sensitiveFlagAssigned'].includes(notification.type)" :class="$style.text" style="opacity: 0.6;">
 				{{ i18n.ts.thisInfoIsNotVisibleOtherUser }}
 			</span>
 		</div>
@@ -189,7 +189,7 @@ import { userPage } from '@/filters/user.js';
 import { i18n } from '@/i18n.js';
 import { misskeyApi } from '@/scripts/misskey-api.js';
 import { signinRequired } from '@/account.js';
-import {infoImageUrl} from '@/instance.js';
+import { infoImageUrl } from '@/instance.js';
 
 const $i = signinRequired();
 

From 303e1f8a09b2b3004bfcf0c5d689fdf628fba7f7 Mon Sep 17 00:00:00 2001
From: mattyatea <mattyacocacora0@gmail.com>
Date: Wed, 5 Mar 2025 03:45:24 +0900
Subject: [PATCH 8/8] =?UTF-8?q?=E8=89=B2=E3=80=85=E3=82=92=E4=BF=AE?=
 =?UTF-8?q?=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/core/DriveService.ts              |  3 +--
 .../src/server/api/endpoints/drive/files/update.ts     | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/packages/backend/src/core/DriveService.ts b/packages/backend/src/core/DriveService.ts
index 9cfefe601055..c949c0ebee5f 100644
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -592,7 +592,6 @@ export class DriveService {
 		if (info.sensitive && profile!.autoSensitive) file.isSensitive = true;
 		if (info.sensitive && instance.setSensitiveFlagAutomatically) file.isSensitive = true;
 		if (userRoleNSFW) file.isSensitive = true;
-		if (file.isSensitiveByModerator) file.isSensitive = true;
 
 		if (url !== null) {
 			file.src = url;
@@ -669,7 +668,7 @@ export class DriveService {
 			throw new DriveService.InvalidFileNameError();
 		}
 
-		if (values.isSensitive !== undefined && values.isSensitive !== file.isSensitive && alwaysMarkNsfw && !values.isSensitive) {
+		if ((values.isSensitive !== undefined && values.isSensitive !== file.isSensitive && alwaysMarkNsfw || (!isModerator && file.isSensitiveByModerator)) && !values.isSensitive) {
 			throw new DriveService.CannotUnmarkSensitiveError();
 		}
 
diff --git a/packages/backend/src/server/api/endpoints/drive/files/update.ts b/packages/backend/src/server/api/endpoints/drive/files/update.ts
index 099888922e94..1a03827ecf03 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/update.ts
@@ -96,10 +96,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new ApiError(meta.errors.accessDenied);
 			}
 
-			if (!await this.roleService.isModerator(me) && file.isSensitiveByModerator) {
-				throw new ApiError(meta.errors.restrictedByModerator);
-			}
-
 			let packedFile;
 
 			try {
@@ -115,7 +111,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				} else if (e instanceof DriveService.NoSuchFolderError) {
 					throw new ApiError(meta.errors.noSuchFolder);
 				} else if (e instanceof DriveService.CannotUnmarkSensitiveError) {
-					throw new ApiError(meta.errors.restrictedByRole);
+					if (file.isSensitiveByModerator) {
+						throw new ApiError(meta.errors.restrictedByModerator);
+					} else {
+						throw new ApiError(meta.errors.restrictedByRole);
+					}
 				} else {
 					throw e;
 				}