Merge branch 'features/private-reblogs' into 'develop'

Allow receiving private self-announces over ActivityPub

See merge request pleroma/pleroma!1766
This commit is contained in:
kaniini 2019-10-02 07:02:24 +00:00
commit 9b38bf4af4
9 changed files with 115 additions and 9 deletions

View file

@ -346,7 +346,7 @@ def announce(
local \\ true,
public \\ true
) do
with true <- is_public?(object),
with true <- is_announceable?(object, user, public),
announce_data <- make_announce_data(user, object, activity_id, public),
{:ok, activity} <- insert(announce_data, local),
{:ok, object} <- add_announce_to_object(activity, object),

View file

@ -494,7 +494,7 @@ def make_unlike_data(
@spec add_announce_to_object(Activity.t(), Object.t()) ::
{:ok, Object.t()} | {:error, Ecto.Changeset.t()}
def add_announce_to_object(
%Activity{data: %{"actor" => actor, "cc" => [Pleroma.Constants.as_public()]}},
%Activity{data: %{"actor" => actor}},
object
) do
announcements = take_announcements(object)

View file

@ -27,6 +27,11 @@ def is_private?(activity) do
end
end
def is_announceable?(activity, user, public \\ true) do
is_public?(activity) ||
(!public && is_private?(activity) && activity.data["actor"] == user.ap_id)
end
def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true
def is_direct?(%Object{data: %{"directMessage" => true}}), do: true

View file

@ -76,11 +76,12 @@ def delete(activity_id, user) do
end
end
def repeat(id_or_ap_id, user) do
def repeat(id_or_ap_id, user, params \\ %{}) do
with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
object <- Object.normalize(activity),
nil <- Utils.get_existing_announce(user.ap_id, object) do
ActivityPub.announce(user, object)
nil <- Utils.get_existing_announce(user.ap_id, object),
public <- get_announce_visibility(object, params) do
ActivityPub.announce(user, object, nil, true, public)
else
_ -> {:error, dgettext("errors", "Could not repeat")}
end
@ -169,6 +170,14 @@ defp normalize_and_validate_choices(choices, object) do
end
end
def get_announce_visibility(_, %{"visibility" => visibility})
when visibility in ~w{public unlisted private direct},
do: visibility in ~w(public unlisted)
def get_announce_visibility(object, _) do
Visibility.is_public?(object)
end
def get_visibility(_, _, %Participation{}), do: {"direct", "direct"}
def get_visibility(%{"visibility" => visibility}, in_reply_to, _)

View file

@ -125,8 +125,8 @@ def delete(%{assigns: %{user: user}} = conn, %{"id" => id}) do
end
@doc "POST /api/v1/statuses/:id/reblog"
def reblog(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user),
def reblog(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id} = params) do
with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user, params),
%Activity{} = announce <- Activity.normalize(announce.data) do
try_render(conn, "show.json", %{activity: announce, for: user, as: :activity})
end
@ -242,7 +242,19 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do
def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
{:visible, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
%Object{data: %{"announcements" => announces}} <- Object.normalize(activity) do
%Object{data: %{"announcements" => announces, "id" => ap_id}} <-
Object.normalize(activity) do
announces =
"Announce"
|> Activity.Queries.by_type()
|> Ecto.Query.where([a], a.actor in ^announces)
# this is to use the index
|> Activity.Queries.by_object_id(ap_id)
|> Repo.all()
|> Enum.filter(&Visibility.visible_for_user?(&1, user))
|> Enum.map(& &1.actor)
|> Enum.uniq()
users =
User
|> Ecto.Query.where([u], u.ap_id in ^announces)

View file

@ -125,7 +125,7 @@ def render(
pinned: pinned?(activity, user),
sensitive: false,
spoiler_text: "",
visibility: "public",
visibility: get_visibility(activity),
media_attachments: reblogged[:media_attachments] || [],
mentions: mentions,
tags: reblogged[:tags] || [],

View file

@ -839,6 +839,39 @@ test "adds an announce activity to the db" do
end
end
describe "announcing a private object" do
test "adds an announce activity to the db if the audience is not widened" do
user = insert(:user)
{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
object = Object.normalize(note_activity)
{:ok, announce_activity, object} = ActivityPub.announce(user, object, nil, true, false)
assert announce_activity.data["to"] == [User.ap_followers(user)]
assert announce_activity.data["object"] == object.data["id"]
assert announce_activity.data["actor"] == user.ap_id
assert announce_activity.data["context"] == object.data["context"]
end
test "does not add an announce activity to the db if the audience is widened" do
user = insert(:user)
{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
object = Object.normalize(note_activity)
assert {:error, _} = ActivityPub.announce(user, object, nil, true, true)
end
test "does not add an announce activity to the db if the announcer is not the author" do
user = insert(:user)
announcer = insert(:user)
{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
object = Object.normalize(note_activity)
assert {:error, _} = ActivityPub.announce(announcer, object, nil, true, false)
end
end
describe "unannouncing an object" do
test "unannouncing a previously announced object" do
note_activity = insert(:note_activity)

View file

@ -231,6 +231,18 @@ test "repeating a status" do
{:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
end
test "repeating a status privately" do
user = insert(:user)
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
{:ok, %Activity{} = announce_activity, _} =
CommonAPI.repeat(activity.id, user, %{"visibility" => "private"})
assert Visibility.is_private?(announce_activity)
end
test "favoriting a status" do
user = insert(:user)
other_user = insert(:user)

View file

@ -547,6 +547,24 @@ test "reblogs and returns the reblogged status", %{conn: conn} do
assert to_string(activity.id) == id
end
test "reblogs privately and returns the reblogged status", %{conn: conn} do
activity = insert(:note_activity)
user = insert(:user)
conn =
conn
|> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
assert %{
"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
"reblogged" => true,
"visibility" => "private"
} = json_response(conn, 200)
assert to_string(activity.id) == id
end
test "reblogged status for another user", %{conn: conn} do
activity = insert(:note_activity)
user1 = insert(:user)
@ -1149,6 +1167,23 @@ test "does not return users who have reblogged the status but are blocked", %{
assert Enum.empty?(response)
end
test "does not return users who have reblogged the status privately", %{
conn: %{assigns: %{user: user}} = conn,
activity: activity
} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user, %{"visibility" => "private"})
response =
conn
|> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
assert Enum.empty?(response)
end
test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)