From 2342fface1d1c13be27e3b3bdbb8d11d83403f02 Mon Sep 17 00:00:00 2001 From: floatingghost Date: Wed, 29 Jun 2022 09:33:57 +0000 Subject: [PATCH] Add visibility check in context path (#26) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/26 --- .woodpecker/.release.yml | 8 +++-- .woodpecker/.test.yml | 2 ++ config/config.exs | 1 + .../controllers/status_controller.ex | 4 ++- .../controllers/status_controller_test.exs | 33 +++++++++++++++++++ 5 files changed, 45 insertions(+), 3 deletions(-) diff --git a/.woodpecker/.release.yml b/.woodpecker/.release.yml index 335f3c8e8..28043aa65 100644 --- a/.woodpecker/.release.yml +++ b/.woodpecker/.release.yml @@ -16,7 +16,9 @@ pipeline: glibc: when: event: - - tag + - push + branch: + - develop secrets: - SCW_ACCESS_KEY - SCW_SECRET_KEY @@ -44,7 +46,9 @@ pipeline: musl: when: event: - - tag + - push + branch: + - develop secrets: - SCW_ACCESS_KEY - SCW_SECRET_KEY diff --git a/.woodpecker/.test.yml b/.woodpecker/.test.yml index cef743643..6724d363d 100644 --- a/.woodpecker/.test.yml +++ b/.woodpecker/.test.yml @@ -11,6 +11,7 @@ pipeline: when: event: - push + - pull_request environment: MIX_ENV: test commands: @@ -25,6 +26,7 @@ pipeline: when: event: - push + - pull_request environment: MIX_ENV: test POSTGRES_DB: pleroma_test diff --git a/config/config.exs b/config/config.exs index ea0b23360..00f9af797 100644 --- a/config/config.exs +++ b/config/config.exs @@ -97,6 +97,7 @@ "http", "dat", "dweb", + "gopher", "hyper", "ipfs", "ipns", diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2eff4d9d0..60f4c44d7 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -384,11 +384,13 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{id: id}) do def context(%{assigns: %{user: user}} = conn, %{id: id}) do with %Activity{} = activity <- Activity.get_by_id(id) do activities = - ActivityPub.fetch_activities_for_context(activity.data["context"], %{ + activity.data["context"] + |> ActivityPub.fetch_activities_for_context(%{ blocking_user: user, user: user, exclude_id: activity.id }) + |> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end) render(conn, "context.json", activity: activity, activities: activities, user: user) end diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index ed66d370a..3e0660031 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -1810,6 +1810,39 @@ test "context" do } = response end + test "context when restrict_unauthenticated is on" do + user = insert(:user) + remote_user = insert(:user, local: false) + + {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"}) + {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1}) + + {:ok, %{id: id3}} = + CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false}) + + response = + build_conn() + |> get("/api/v1/statuses/#{id2}/context") + |> json_response_and_validate_schema(:ok) + + assert %{ + "ancestors" => [%{"id" => ^id1}], + "descendants" => [%{"id" => ^id3}] + } = response + + clear_config([:restrict_unauthenticated, :activities, :local], true) + + response = + build_conn() + |> get("/api/v1/statuses/#{id2}/context") + |> json_response_and_validate_schema(:ok) + + assert %{ + "ancestors" => [], + "descendants" => [] + } = response + end + test "favorites paginate correctly" do %{user: user, conn: conn} = oauth_access(["read:favourites"]) other_user = insert(:user)