parent
1e5d889aec
commit
6a35c151c6
@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## [1.0.2] - 2019-07-28
|
||||
### Fixed
|
||||
- Not being able to pin unlisted posts
|
||||
|
||||
## [1.0.1] - 2019-07-14
|
||||
### Security
|
||||
- OStatus: fix an object spoofing vulnerability.
|
||||
|
@ -11,6 +11,7 @@ defmodule Pleroma.Web.CommonAPI do
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.ActivityPub.Utils
|
||||
alias Pleroma.Web.ActivityPub.Visibility
|
||||
|
||||
import Pleroma.Web.CommonAPI.Utils
|
||||
|
||||
@ -284,12 +285,11 @@ defmodule Pleroma.Web.CommonAPI do
|
||||
},
|
||||
object: %Object{
|
||||
data: %{
|
||||
"to" => object_to,
|
||||
"type" => "Note"
|
||||
}
|
||||
}
|
||||
} = activity <- get_by_id_or_ap_id(id_or_ap_id),
|
||||
true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"),
|
||||
true <- Visibility.is_public?(activity),
|
||||
%{valid?: true} = info_changeset <-
|
||||
User.Info.add_pinnned_activity(user.info, activity),
|
||||
changeset <-
|
||||
|
@ -188,6 +188,11 @@ defmodule Pleroma.Web.CommonAPITest do
|
||||
assert %User{info: %{pinned_activities: [^id]}} = user
|
||||
end
|
||||
|
||||
test "unlisted statuses can be pinned", %{user: user} do
|
||||
{:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
|
||||
assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
|
||||
end
|
||||
|
||||
test "only self-authored can be pinned", %{activity: activity} do
|
||||
user = insert(:user)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user