Add visibility check in context path (#26)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/26
This commit is contained in:
parent
e538102cf5
commit
2342fface1
5 changed files with 45 additions and 3 deletions
|
@ -16,7 +16,9 @@ pipeline:
|
||||||
glibc:
|
glibc:
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- tag
|
- push
|
||||||
|
branch:
|
||||||
|
- develop
|
||||||
secrets:
|
secrets:
|
||||||
- SCW_ACCESS_KEY
|
- SCW_ACCESS_KEY
|
||||||
- SCW_SECRET_KEY
|
- SCW_SECRET_KEY
|
||||||
|
@ -44,7 +46,9 @@ pipeline:
|
||||||
musl:
|
musl:
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- tag
|
- push
|
||||||
|
branch:
|
||||||
|
- develop
|
||||||
secrets:
|
secrets:
|
||||||
- SCW_ACCESS_KEY
|
- SCW_ACCESS_KEY
|
||||||
- SCW_SECRET_KEY
|
- SCW_SECRET_KEY
|
||||||
|
|
|
@ -11,6 +11,7 @@ pipeline:
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
|
- pull_request
|
||||||
environment:
|
environment:
|
||||||
MIX_ENV: test
|
MIX_ENV: test
|
||||||
commands:
|
commands:
|
||||||
|
@ -25,6 +26,7 @@ pipeline:
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
|
- pull_request
|
||||||
environment:
|
environment:
|
||||||
MIX_ENV: test
|
MIX_ENV: test
|
||||||
POSTGRES_DB: pleroma_test
|
POSTGRES_DB: pleroma_test
|
||||||
|
|
|
@ -97,6 +97,7 @@ config :pleroma, :uri_schemes,
|
||||||
"http",
|
"http",
|
||||||
"dat",
|
"dat",
|
||||||
"dweb",
|
"dweb",
|
||||||
|
"gopher",
|
||||||
"hyper",
|
"hyper",
|
||||||
"ipfs",
|
"ipfs",
|
||||||
"ipns",
|
"ipns",
|
||||||
|
|
|
@ -384,11 +384,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
|
||||||
def context(%{assigns: %{user: user}} = conn, %{id: id}) do
|
def context(%{assigns: %{user: user}} = conn, %{id: id}) do
|
||||||
with %Activity{} = activity <- Activity.get_by_id(id) do
|
with %Activity{} = activity <- Activity.get_by_id(id) do
|
||||||
activities =
|
activities =
|
||||||
ActivityPub.fetch_activities_for_context(activity.data["context"], %{
|
activity.data["context"]
|
||||||
|
|> ActivityPub.fetch_activities_for_context(%{
|
||||||
blocking_user: user,
|
blocking_user: user,
|
||||||
user: user,
|
user: user,
|
||||||
exclude_id: activity.id
|
exclude_id: activity.id
|
||||||
})
|
})
|
||||||
|
|> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end)
|
||||||
|
|
||||||
render(conn, "context.json", activity: activity, activities: activities, user: user)
|
render(conn, "context.json", activity: activity, activities: activities, user: user)
|
||||||
end
|
end
|
||||||
|
|
|
@ -1810,6 +1810,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
|
||||||
} = response
|
} = response
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "context when restrict_unauthenticated is on" do
|
||||||
|
user = insert(:user)
|
||||||
|
remote_user = insert(:user, local: false)
|
||||||
|
|
||||||
|
{:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
|
||||||
|
{:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
|
||||||
|
|
||||||
|
{:ok, %{id: id3}} =
|
||||||
|
CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false})
|
||||||
|
|
||||||
|
response =
|
||||||
|
build_conn()
|
||||||
|
|> get("/api/v1/statuses/#{id2}/context")
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
"ancestors" => [%{"id" => ^id1}],
|
||||||
|
"descendants" => [%{"id" => ^id3}]
|
||||||
|
} = response
|
||||||
|
|
||||||
|
clear_config([:restrict_unauthenticated, :activities, :local], true)
|
||||||
|
|
||||||
|
response =
|
||||||
|
build_conn()
|
||||||
|
|> get("/api/v1/statuses/#{id2}/context")
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
"ancestors" => [],
|
||||||
|
"descendants" => []
|
||||||
|
} = response
|
||||||
|
end
|
||||||
|
|
||||||
test "favorites paginate correctly" do
|
test "favorites paginate correctly" do
|
||||||
%{user: user, conn: conn} = oauth_access(["read:favourites"])
|
%{user: user, conn: conn} = oauth_access(["read:favourites"])
|
||||||
other_user = insert(:user)
|
other_user = insert(:user)
|
||||||
|
|
Loading…
Reference in a new issue