US4 frontend + backend + permissions (for post-replies & topic-replies)

[pskodr]

This PR
Implements User story 4 (for quick-replies and post replies): anonymous posting front end + back end

Fixes #45 #48 #61 #60 #52 #58 #59 #65 #66 #64 #63 #62

Changes & Implementation:

US4 Backend:

• logs isAnonymous through filter:post.create, and filter:topic.creat when post/reply is made
• On fetch, plugin masks identity only when appropriate (anonymous + viewer is not privileged/owner).

US4 Frontend:

• Anonymous UI created using ? as profile picture, and 'Anonymous' as display name and user name
• Dropdown created for post-reply and topic-reply user interface, including option for Post as: Show my name, or Post as: - Post Anonymously

US4 Permissions: logic:

• Non-anonymous items show regular view (regular profile picture & display name).
• Reworked some logic from how isAnonymous is triggered, toggling the state change on submit/reply click.
• Fixed backend persistence between session refreshes, account log out/log in, and for different types of users
• Fixed user-permissions for viewing anonymous (Anonymous UI applied only when the specific post is marked anonymous, Non-author, non-admin, non-TA viewers see Anonymous + generic avatar, Authors and admin/TA see real identity for all posts)
• Strict parsing of isAnonymous (true/1 only) to avoid false positives.

US4 Testing
Front end:

• composer quick reply should set data.isAnonymous to true when window.__taResolveQuickReplyAnonymous is true
• should set data.isAnonymous to false when window.__taResolveQuickReplyAnonymous is false
• should ensure data object exists and return same reference for quickreply payload

Backend:

• should attach isAnonymous flag to new post through saveAnonymousPost(), sets post.isAnonymous == true when data: { isAnonymous: true }.
• shouldn't attach flag if frontend doesn't send it, when data: {}, post.isAnonymous stays undefined.
• should attach isAnonymous flag to new topic through saveAnonymousTopic() which sets topic.isAnonymous == true when data: { isAnonymous: true }.

Permissions:

• For a different student viewer, anonymous post gets uid: 0, username: 'Anonymous', empty userslug/picture, scrub data
• Author still sees their own uid, username, picture, no scrub data
• TA sees real author (uid, username), no scrub data

How to Test (UI):

• Login as admin, create a post under any topic
• Reply to the topic post, select 'Post as: Post anonymously" and post
• Reply again to the topic chain, this time select Post as: Show my name
• Log out, Log into non-admin user account
• go to the topic post just created, notice that the anonymous reply is anonymous with a ? as the profile picture, and the name as 'Anonymous' whereas the non-anonymous post shows regularly.
• Repeat this process using a regular user to reply as anonymous/non-anonymous
• Should see self post in regular view, not anonymous view.
• Log in as an admin, and view the topic replies, should see all replies in regular view (not anonymous)
• Log in as a different non-admin user, should see anonymous posts from the original non-admin user.

Also test by running npx mocha test/ta-resolve-composer-client.js and npx mocha test/ta-resolve.js, or just npm run test
and run npm run lint

[Copilot]

Pull request overview

Implements US4 “anonymous posting” across frontend and backend, including persistence and permission-based identity masking for topic replies and post replies, plus enhancements to “Supported by Instructor” metadata/badging.

Changes:

• Adds anonymous posting UI hooks (quick-reply + full composer) and persists isAnonymous on created topics/posts.
• Masks author identity for anonymous content when viewed by non-privileged, non-author users (including API/schema updates to expose new fields).
• Extends “Supported by Instructor” with approver UID/time tracking and client-side badge update behavior.

Reviewed changes

Copilot reviewed 12 out of 14 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
vendor/nodebb-theme-harmony-main/templates/partials/topic/post.tpl	Repositions “Supported by Instructor” badge in post header markup.
vendor/nodebb-theme-harmony-2.1.35/templates/partials/topic/post.tpl	Same badge repositioning in version-pinned theme templates.
test/ta-resolve.js	Adds tests for anonymous save logic and obfuscation behavior.
src/topics/posts.js	Adds server-side anonymous obfuscation logic during topic post data assembly.
src/posts/summary.js	Includes isAnonymous and supported-by-instructor tracking fields in post summaries.
public/src/modules/quickreply.js	Fires a new quickreply data hook to allow plugins to modify payload before posting.
public/src/client/topic/supportAnswer.js	Improves badge/menu update robustness and adds success toasts for support/un-support actions.
public/openapi/read/admin/extend/plugins.yaml	Adds url field to admin plugin listing schema.
public/openapi/components/schemas/PostObject.yaml	Adds isAnonymous and supported-by-instructor tracking fields to OpenAPI post schemas.
plugins/ta-resolve/public/ta-resolve-composer.js	Injects “Post as: named/anonymous” UI and attaches isAnonymous to composer/quickreply payloads.
plugins/ta-resolve/plugin.json	Registers new client script and backend hooks for anonymous handling and obfuscation.
plugins/ta-resolve/library.js	Implements anonymous persistence + obfuscation hooks; adds support-approval tracking + notifications.
plugins/ta-resolve/language/en/ta-resolve.json	Adds an English translation string for support-answer messaging.
make-anon.js	Adds a standalone script to directly toggle anonymity flags in the DB for test data.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[brendayyu]

Applied a suggestion from Copilot but should thoroughly check other Copilot suggestions as well. Everything else looks great!

[pskodr]

Implemented Co-pilots changes

[pskodr]

Resolved co-pilot's suggestions

Co-pilot's suggesting breaks implementation of anonymous posting.

[PDFour4]

Went over copilot suggested comments and marked as resolved. Did not implement all, since they broke functionality.