Only search in public data for now.
This should be the data the user is allowed to see later, but this will stop accidental private message leaks.
This commit is contained in:
parent
a9203ab363
commit
70bcdf32bd
@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
|||||||
from(
|
from(
|
||||||
a in Activity,
|
a in Activity,
|
||||||
where: fragment("?->>'type' = 'Create'", a.data),
|
where: fragment("?->>'type' = 'Create'", a.data),
|
||||||
|
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
|
||||||
where:
|
where:
|
||||||
fragment(
|
fragment(
|
||||||
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
||||||
|
@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
|||||||
from(
|
from(
|
||||||
a in Activity,
|
a in Activity,
|
||||||
where: fragment("?->>'type' = 'Create'", a.data),
|
where: fragment("?->>'type' = 'Create'", a.data),
|
||||||
|
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
|
||||||
where:
|
where:
|
||||||
fragment(
|
fragment(
|
||||||
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
||||||
|
@ -564,6 +564,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
|||||||
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
|
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
|
||||||
|
|
||||||
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
|
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
|
||||||
|
|
||||||
|
{:ok, _activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => "This is about 2hu, but private",
|
||||||
|
"visibility" => "private"
|
||||||
|
})
|
||||||
|
|
||||||
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
|
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
|
Loading…
Reference in New Issue
Block a user