From fee6e2aac4d93f1718615f4b424ca35dea14486f Mon Sep 17 00:00:00 2001
From: tusooa <tusooa@kazv.moe>
Date: Thu, 25 May 2023 18:40:38 -0400
Subject: [PATCH] Fix deleting banned users' statuses

---
 lib/pleroma/web/common_api.ex                 |  2 +-
 test/pleroma/web/common_api_test.exs          | 14 +++++++++++++
 .../controllers/status_controller_test.exs    | 21 +++++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex
index f1f51acf5..86c1bdfa7 100644
--- a/lib/pleroma/web/common_api.ex
+++ b/lib/pleroma/web/common_api.ex
@@ -88,7 +88,7 @@ def reject_follow_request(follower, followed) do
 
   def delete(activity_id, user) do
     with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
-           {:find_activity, Activity.get_by_id(activity_id)},
+           {:find_activity, Activity.get_by_id(activity_id, filter: [])},
          {_, %Object{} = object, _} <-
            {:find_object, Object.normalize(activity, fetch: false), activity},
          true <- User.superuser?(user) || user.ap_id == object.data["actor"],
diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs
index 33709c8f3..e877048cc 100644
--- a/test/pleroma/web/common_api_test.exs
+++ b/test/pleroma/web/common_api_test.exs
@@ -225,6 +225,20 @@ test "superusers deleting non-local posts won't federate the delete" do
 
       refute Activity.get_by_id(post.id)
     end
+
+    test "it allows privileged users to delete banned user's posts" do
+      clear_config([:instance, :moderator_privileges], [:messages_delete])
+      user = insert(:user)
+      moderator = insert(:user, is_moderator: true)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+      User.set_activation(user, false)
+
+      assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+      assert delete.local
+
+      refute Activity.get_by_id(post.id)
+    end
   end
 
   test "favoriting race condition" do
diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
index fe83c96ff..1e7da0e5f 100644
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1073,6 +1073,27 @@ test "when you're an admin or moderator", %{conn: conn} do
       refute Activity.get_by_id(activity1.id)
       refute Activity.get_by_id(activity2.id)
     end
+
+    test "when you're privileged and the user is banned", %{conn: conn} do
+      clear_config([:instance, :moderator_privileges], [:messages_delete])
+      posting_user = insert(:user, is_active: false)
+      refute posting_user.is_active
+      activity = insert(:note_activity, user: posting_user)
+      user = insert(:user, is_moderator: true)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:statuses"]))
+        |> delete("/api/v1/statuses/#{activity.id}")
+
+      assert %{} = json_response_and_validate_schema(res_conn, 200)
+
+      # assert ModerationLog |> Repo.one() |> ModerationLog.get_log_entry_message() ==
+      #          "@#{user.nickname} deleted status ##{activity.id}"
+
+      refute Activity.get_by_id(activity.id)
+    end
   end
 
   describe "reblogging" do