Only search in public data for now.

This should be the data the user is allowed to see later, but this
will stop accidental private message leaks.
This commit is contained in:
lain 2018-04-07 16:40:03 +02:00
parent a9203ab363
commit 70bcdf32bd
3 changed files with 9 additions and 0 deletions

View file

@ -507,6 +507,7 @@ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
from(
a in Activity,
where: fragment("?->>'type' = 'Create'", a.data),
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where:
fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",

View file

@ -193,6 +193,7 @@ def search(user, %{"q" => query} = params) do
from(
a in Activity,
where: fragment("?->>'type' = 'Create'", a.data),
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where:
fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",

View file

@ -564,6 +564,13 @@ test "search", %{conn: conn} do
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
{:ok, _activity} =
CommonAPI.post(user, %{
"status" => "This is about 2hu, but private",
"visibility" => "private"
})
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
conn =