Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into pleroma-2.1-rc0

3 år sedan · 4e022fc16c
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -99,6 +99,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 </details>

 ### Fixed
 - Fix list pagination and other list issues.
 - Support pagination in conversations API
 - **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
 - Fix follower/blocks import when nicknames starts with @
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@ -182,11 +182,10 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
    with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do
      params =
        params
        |> Map.new(fn {key, value} -> {to_string(key), value} end)
        |> Map.put("type", "Create")
        |> Map.put("blocking_user", user)
        |> Map.put("user", user)
        |> Map.put("muting_user", user)
        |> Map.put(:type, "Create")
        |> Map.put(:blocking_user, user)
        |> Map.put(:user, user)
        |> Map.put(:muting_user, user)

      # we must filter the following list for the user to avoid leaking statuses the user
      # does not actually have permission to see (for more info, peruse security issue #270).
--- a/test/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs
@@ -333,6 +333,46 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
  describe "list" do
    setup do: oauth_access(["read:lists"])

    test "does not contain retoots", %{user: user, conn: conn} do
      other_user = insert(:user)
      {:ok, activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."})
      {:ok, activity_two} = CommonAPI.post(other_user, %{status: "Marisa is stupid."})
      {:ok, _} = CommonAPI.repeat(activity_one.id, other_user)

      {:ok, list} = Pleroma.List.create("name", user)
      {:ok, list} = Pleroma.List.follow(list, other_user)

      conn = get(conn, "/api/v1/timelines/list/#{list.id}")

      assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok)

      assert id == to_string(activity_two.id)
    end

    test "works with pagination", %{user: user, conn: conn} do
      other_user = insert(:user)
      {:ok, list} = Pleroma.List.create("name", user)
      {:ok, list} = Pleroma.List.follow(list, other_user)

      Enum.each(1..30, fn i ->
        CommonAPI.post(other_user, %{status: "post number #{i}"})
      end)

      res =
        get(conn, "/api/v1/timelines/list/#{list.id}?limit=1")
        |> json_response_and_validate_schema(:ok)

      assert length(res) == 1

      [first] = res

      res =
        get(conn, "/api/v1/timelines/list/#{list.id}?max_id=#{first["id"]}&limit=30")
        |> json_response_and_validate_schema(:ok)

      assert length(res) == 29
    end

    test "list timeline", %{user: user, conn: conn} do
      other_user = insert(:user)
      {:ok, _activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."})