From 5d89997a700bdcaecad10b9a3005e8071b9f6ba5 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 18 Feb 2018 15:50:34 +0100 Subject: [PATCH] Respect visibility in API. --- lib/pleroma/web/activity_pub/activity_pub.ex | 13 ++++++++++++- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 5 +++-- lib/pleroma/web/twitter_api/twitter_api.ex | 3 ++- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index b85f8eb8a..8f660a334 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -131,7 +131,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do query = from activity in Activity, where: fragment("?->>'type' = ? and ?->>'context' = ?", activity.data, "Create", activity.data, ^context), order_by: [desc: :id] - query = restrict_blocked(query, opts) + query = query + |> restrict_blocked(opts) + |> restrict_recipients(["https://www.w3.org/ns/activitystreams#Public"], opts["user"]) Repo.all(query) end @@ -313,4 +315,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end end + + def visible_for_user?(activity, nil) do + "https://www.w3.org/ns/activitystreams#Public" in (activity.data["to"] ++ (activity.data["cc"] || [])) + end + def visible_for_user?(activity, user) do + x = [user.ap_id | user.following] + y = (activity.data["to"] ++ (activity.data["cc"] || [])) + visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y)) + end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f52ac58de..45b4d24c6 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -190,14 +190,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id) do + with %Activity{} = activity <- Repo.get(Activity, id), + true <- ActivityPub.visible_for_user?(activity, user) do render conn, StatusView, "status.json", %{activity: activity, for: user} end end def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), - activities <- ActivityPub.fetch_activities_for_context(activity.data["object"]["context"], %{"blocking_user" => user}), + activities <- ActivityPub.fetch_activities_for_context(activity.data["object"]["context"], %{"blocking_user" => user, "user" => user}), activities <- activities |> Enum.filter(fn (%{id: aid}) -> to_string(aid) != to_string(id) end), activities <- activities |> Enum.filter(fn (%{data: %{"type" => type}}) -> type == "Create" end), grouped_activities <- Enum.group_by(activities, fn (%{id: id}) -> id < activity.id end) do diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 57795edba..174a79484 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -56,7 +56,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def fetch_status(user, id) do - with %Activity{} = activity <- Repo.get(Activity, id) do + with %Activity{} = activity <- Repo.get(Activity, id), + true <- ActivityPub.visible_for_user?(activity, user) do activity_to_status(activity, %{for: user}) end end