User.visible_for/2

According to the tests, this was only used for unconfirmed accounts.
So this just needed to be restricted to users with privilege :user_activation
This commit is contained in:
Ilja 2022-06-18 08:32:05 +02:00
parent bb61cfee8d
commit edf0013ff3
2 changed files with 7 additions and 2 deletions

View file

@ -326,7 +326,7 @@ defmodule Pleroma.User do
end end
def visible_for(%User{} = user, for_user) do def visible_for(%User{} = user, for_user) do
if superuser?(for_user) do if privileged?(for_user, :user_activation) do
:visible :visible
else else
visible_account_status(user) visible_account_status(user)

View file

@ -1986,13 +1986,18 @@ defmodule Pleroma.UserTest do
assert User.visible_for(user, other_user) == :visible assert User.visible_for(user, other_user) == :visible
end end
test "returns true when the account is unconfirmed and being viewed by a privileged account (confirmation required)" do test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do
clear_config([:instance, :account_activation_required], true) clear_config([:instance, :account_activation_required], true)
clear_config([:instance, :admin_privileges], [:user_activation])
user = insert(:user, local: true, is_confirmed: false) user = insert(:user, local: true, is_confirmed: false)
other_user = insert(:user, local: true, is_admin: true) other_user = insert(:user, local: true, is_admin: true)
assert User.visible_for(user, other_user) == :visible assert User.visible_for(user, other_user) == :visible
clear_config([:instance, :admin_privileges], [])
refute User.visible_for(user, other_user) == :visible
end end
end end