Add visibility check in context path (#26)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/26
This commit is contained in:
parent
e538102cf5
commit
2342fface1
5 changed files with 45 additions and 3 deletions
|
@ -16,7 +16,9 @@ pipeline:
|
|||
glibc:
|
||||
when:
|
||||
event:
|
||||
- tag
|
||||
- push
|
||||
branch:
|
||||
- develop
|
||||
secrets:
|
||||
- SCW_ACCESS_KEY
|
||||
- SCW_SECRET_KEY
|
||||
|
@ -44,7 +46,9 @@ pipeline:
|
|||
musl:
|
||||
when:
|
||||
event:
|
||||
- tag
|
||||
- push
|
||||
branch:
|
||||
- develop
|
||||
secrets:
|
||||
- SCW_ACCESS_KEY
|
||||
- SCW_SECRET_KEY
|
||||
|
|
|
@ -11,6 +11,7 @@ pipeline:
|
|||
when:
|
||||
event:
|
||||
- push
|
||||
- pull_request
|
||||
environment:
|
||||
MIX_ENV: test
|
||||
commands:
|
||||
|
@ -25,6 +26,7 @@ pipeline:
|
|||
when:
|
||||
event:
|
||||
- push
|
||||
- pull_request
|
||||
environment:
|
||||
MIX_ENV: test
|
||||
POSTGRES_DB: pleroma_test
|
||||
|
|
|
@ -97,6 +97,7 @@ config :pleroma, :uri_schemes,
|
|||
"http",
|
||||
"dat",
|
||||
"dweb",
|
||||
"gopher",
|
||||
"hyper",
|
||||
"ipfs",
|
||||
"ipns",
|
||||
|
|
|
@ -384,11 +384,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
|
|||
def context(%{assigns: %{user: user}} = conn, %{id: id}) do
|
||||
with %Activity{} = activity <- Activity.get_by_id(id) do
|
||||
activities =
|
||||
ActivityPub.fetch_activities_for_context(activity.data["context"], %{
|
||||
activity.data["context"]
|
||||
|> ActivityPub.fetch_activities_for_context(%{
|
||||
blocking_user: user,
|
||||
user: user,
|
||||
exclude_id: activity.id
|
||||
})
|
||||
|> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end)
|
||||
|
||||
render(conn, "context.json", activity: activity, activities: activities, user: user)
|
||||
end
|
||||
|
|
|
@ -1810,6 +1810,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
|
|||
} = response
|
||||
end
|
||||
|
||||
test "context when restrict_unauthenticated is on" do
|
||||
user = insert(:user)
|
||||
remote_user = insert(:user, local: false)
|
||||
|
||||
{:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
|
||||
{:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
|
||||
|
||||
{:ok, %{id: id3}} =
|
||||
CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false})
|
||||
|
||||
response =
|
||||
build_conn()
|
||||
|> get("/api/v1/statuses/#{id2}/context")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert %{
|
||||
"ancestors" => [%{"id" => ^id1}],
|
||||
"descendants" => [%{"id" => ^id3}]
|
||||
} = response
|
||||
|
||||
clear_config([:restrict_unauthenticated, :activities, :local], true)
|
||||
|
||||
response =
|
||||
build_conn()
|
||||
|> get("/api/v1/statuses/#{id2}/context")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert %{
|
||||
"ancestors" => [],
|
||||
"descendants" => []
|
||||
} = response
|
||||
end
|
||||
|
||||
test "favorites paginate correctly" do
|
||||
%{user: user, conn: conn} = oauth_access(["read:favourites"])
|
||||
other_user = insert(:user)
|
||||
|
|
Loading…
Reference in a new issue