Only search in public data for now.
This should be the data the user is allowed to see later, but this will stop accidental private message leaks.
This commit is contained in:
parent
a9203ab363
commit
70bcdf32bd
3 changed files with 9 additions and 0 deletions
|
@ -507,6 +507,7 @@ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
|
|||
from(
|
||||
a in Activity,
|
||||
where: fragment("?->>'type' = 'Create'", a.data),
|
||||
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
|
||||
where:
|
||||
fragment(
|
||||
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
||||
|
|
|
@ -193,6 +193,7 @@ def search(user, %{"q" => query} = params) do
|
|||
from(
|
||||
a in Activity,
|
||||
where: fragment("?->>'type' = 'Create'", a.data),
|
||||
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
|
||||
where:
|
||||
fragment(
|
||||
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
||||
|
|
|
@ -564,6 +564,13 @@ test "search", %{conn: conn} do
|
|||
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
|
||||
|
||||
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
|
||||
|
||||
{:ok, _activity} =
|
||||
CommonAPI.post(user, %{
|
||||
"status" => "This is about 2hu, but private",
|
||||
"visibility" => "private"
|
||||
})
|
||||
|
||||
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
|
||||
|
||||
conn =
|
||||
|
|
Loading…
Reference in a new issue