Popular Tags block does not honor rating-based visibility settings

[Hawker2]

Server Software

about:
  title: "HomeBooru"
  theme: "danbooru2"
  url: "http://[redacted]/index.php?q="

versions:
  shimmie: "2.12.0-alpha-20240825-8a8d78a"
  schema: 21
  php: "8.2.20"
  db: "pgsql PostgreSQL 11.22 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014, 64-bit"
  os: "Linux 33a54fc621fd 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64"
  server: "Unit/1.32.1"

extensions:
  core: ["admin","alias_editor","bbcode","comment","download","et","ext_manager","four_oh_four","handle_pixel","help_pages","image","index","media","mime","post_lock","post_owner","post_source","post_tags","replace_file","setup","static_files","system","tag_list","upgrade","upload","user","user_config","view"]
  extra: ["auto_tagger","autocomplete","bulk_add_csv","emoticons_list","et_server","favorites","home","pools","post_titles","random_image","random_list","rating","regen_thumb","relationships","tag_categories","tag_tools","tagger_xml"]
  handled_mimes: ["image/jpeg","image/gif","image/png","image/webp"]

stats:
  images: 40871
  comments: 0
  users: 2

media:
  memory_limit: "128MB"
  disk_use: "140GB"
  disk_total: "197GB"

thumbnails:
  engine: "convert"
  quality: 75
  width: 190
  height: 300
  scaling: 100
  mime: "image/jpeg"

Client Software (please complete the following information)

• Device: macOS 14.6.1
• Browser: Safari 17.6

What steps trigger this bug

1. Enable "post ratings" extension.
2. Under "Board Config", limit "Post Rating Visibility", for instance by setting "anonymous" to "Safe"
3. Populate a booru with numerous non-safe images
4. Show the posts lists as an anonymous user

What did you expect to happen?
I expected only "safe" posts to be shown, with applicable tags in the "popular tags" block to the left. I expected "popular tags" to be populated only with tags related to the visible subset.

What actually happened?
Only safe posts were shown, but the "popular tags" block reflects all images in the system, not just what is available to the anonymous user. This includes both tag names and quantities of images associated.

My concern here is this can be an unwanted data leakage, showing what kinds of content are not visible to a particular user class.

[shish]

Very related to #1218, this is also happening because the query is just looking at "tags", not "tags and other metadata in the context of the current query". I'm not even sure whether to consider it a feature request or bug, it depends whether "hidden" means "not-visible" or "we pretend that it doesn't exist at all" - I could go either way, though you're right that the latter feels safer. Though as in #1218 I'm not sure how to implement the latter without a huge CPU use increase...

In the more immediate term, I wonder if there's a way to make it more obvious that the current behaviour is "hidden posts are invisible, but their side effects (tags, post ID numbers) are still visible" 🤔

[smokiemario]

Honestly Id like if there was a way to just at least maybe hide tags from a certain user class in the popular tags and tag list I guess, maybe automatically, if no posts viewable have the tag, but yea not sure how that would work entirely

[smokiemario]

Or the rating visibilities enabled in general