@@ -729,7 +729,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do | |||
"actor" => | |||
AccountView.render( | |||
"show.json", | |||
%{user: activity_actor, force: true} | |||
%{user: activity_actor, skip_visibility_check: true} | |||
) | |||
} | |||
@@ -105,7 +105,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do | |||
end | |||
def merge_account_views(%User{} = user) do | |||
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}) | |||
MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
|> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user})) | |||
end | |||
@@ -24,7 +24,7 @@ defmodule Pleroma.Web.ChatChannel do | |||
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do | |||
author = User.get_cached_by_nickname(user_name) | |||
author_json = AccountView.render("show.json", user: author, force: true) | |||
author_json = AccountView.render("show.json", user: author, skip_visibility_check: true) | |||
message = ChatChannelState.add_message(%{text: text, author: author_json}) | |||
@@ -39,11 +39,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do | |||
@doc """ | |||
Renders specified user account. | |||
:force option skips visibility check and renders any user (local or remote) | |||
:skip_visibility_check option skips visibility check and renders any user (local or remote) | |||
regardless of [:pleroma, :restrict_unauthenticated] setting. | |||
:for option specifies the requester and can be a User record or nil. | |||
Only use `user: user, for: user` when `user` is the actual requester of own profile. | |||
""" | |||
def render("show.json", %{user: _user, force: true} = opts) do | |||
def render("show.json", %{user: _user, skip_visibility_check: true} = opts) do | |||
do_render("show.json", opts) | |||
end | |||
@@ -56,7 +57,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do | |||
end | |||
def render("show.json", _) do | |||
raise "In order to prevent account accessibility issues, :force or :for option is required." | |||
raise "In order to prevent account accessibility issues, " <> | |||
":skip_visibility_check or :for option is required." | |||
end | |||
def render("mention.json", %{user: user}) do | |||
@@ -38,7 +38,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do | |||
if Map.has_key?(account_view_opts, :for) do | |||
account_view_opts | |||
else | |||
Map.put(account_view_opts, :force, true) | |||
Map.put(account_view_opts, :skip_visibility_check, true) | |||
end | |||
end | |||
end |
@@ -1179,7 +1179,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do | |||
"id" => activity_ap_id, | |||
"content" => content, | |||
"published" => activity_with_object.object.data["published"], | |||
"actor" => AccountView.render("show.json", %{user: target_account, force: true}) | |||
"actor" => | |||
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true}) | |||
} | |||
assert %Activity{ | |||
@@ -710,7 +710,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do | |||
"id" => activity.data["id"], | |||
"content" => "test post", | |||
"published" => object.data["published"], | |||
"actor" => AccountView.render("show.json", %{user: user, force: true}) | |||
"actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
} | |||
message = %{ | |||
@@ -482,7 +482,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do | |||
"id" => activity_ap_id, | |||
"content" => content, | |||
"published" => activity.object.data["published"], | |||
"actor" => AccountView.render("show.json", %{user: target_account, force: true}) | |||
"actor" => | |||
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true}) | |||
} | |||
assert %{ | |||
@@ -24,12 +24,15 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do | |||
content: nil, | |||
actor: | |||
Map.merge( | |||
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}), | |||
MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}), | |||
AdminAPI.AccountView.render("show.json", %{user: user}) | |||
), | |||
account: | |||
Map.merge( | |||
MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}), | |||
MastodonAPI.AccountView.render("show.json", %{ | |||
user: other_user, | |||
skip_visibility_check: true | |||
}), | |||
AdminAPI.AccountView.render("show.json", %{user: other_user}) | |||
), | |||
statuses: [], | |||
@@ -59,12 +62,15 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do | |||
content: nil, | |||
actor: | |||
Map.merge( | |||
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}), | |||
MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}), | |||
AdminAPI.AccountView.render("show.json", %{user: user}) | |||
), | |||
account: | |||
Map.merge( | |||
MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}), | |||
MastodonAPI.AccountView.render("show.json", %{ | |||
user: other_user, | |||
skip_visibility_check: true | |||
}), | |||
AdminAPI.AccountView.render("show.json", %{user: other_user}) | |||
), | |||
statuses: [StatusView.render("show.json", %{activity: activity})], | |||
@@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
} | |||
} | |||
assert expected == AccountView.render("show.json", %{user: user, force: true}) | |||
assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
end | |||
test "Favicon is nil when :instances_favicons is disabled" do | |||
@@ -108,12 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
favicon: | |||
"https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" | |||
} | |||
} = AccountView.render("show.json", %{user: user, force: true}) | |||
} = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
Config.put([:instances_favicons, :enabled], false) | |||
assert %{pleroma: %{favicon: nil}} = | |||
AccountView.render("show.json", %{user: user, force: true}) | |||
AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
end | |||
test "Represent the user account for the account owner" do | |||
@@ -190,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
} | |||
} | |||
assert expected == AccountView.render("show.json", %{user: user, force: true}) | |||
assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
end | |||
test "Represent a Funkwhale channel" do | |||
@@ -199,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
"https://channels.tests.funkwhale.audio/federation/actors/compositions" | |||
) | |||
assert represented = AccountView.render("show.json", %{user: user, force: true}) | |||
assert represented = | |||
AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
assert represented.acct == "compositions@channels.tests.funkwhale.audio" | |||
assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" | |||
end | |||
@@ -224,7 +226,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
assert expected == AccountView.render("mention.json", %{user: user}) | |||
end | |||
test "demands :for or :force option for account rendering" do | |||
test "demands :for or :skip_visibility_check option for account rendering" do | |||
clear_config([:restrict_unauthenticated, :profiles, :local], false) | |||
user = insert(:user) | |||
@@ -232,9 +234,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil}) | |||
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user}) | |||
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, force: true}) | |||
assert_raise RuntimeError, ~r/:force or :for option is required/, fn -> | |||
assert %{id: ^user_id} = | |||
AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn -> | |||
AccountView.render("show.json", %{user: user}) | |||
end | |||
end | |||
@@ -361,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
test "doesn't sanitize display names" do | |||
user = insert(:user, name: "<marquee> username </marquee>") | |||
result = AccountView.render("show.json", %{user: user, force: true}) | |||
result = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
assert result.display_name == "<marquee> username </marquee>" | |||
end | |||
test "never display nil user follow counts" do | |||
user = insert(:user, following_count: 0, follower_count: 0) | |||
result = AccountView.render("show.json", %{user: user, force: true}) | |||
result = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
assert result.following_count == 0 | |||
assert result.followers_count == 0 | |||
@@ -391,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
followers_count: 0, | |||
following_count: 0, | |||
pleroma: %{hide_follows_count: true, hide_followers_count: true} | |||
} = AccountView.render("show.json", %{user: user, force: true}) | |||
} = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
end | |||
test "shows when follows/followers are hidden" do | |||
@@ -404,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
followers_count: 1, | |||
following_count: 1, | |||
pleroma: %{hide_follows: true, hide_followers: true} | |||
} = AccountView.render("show.json", %{user: user, force: true}) | |||
} = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
end | |||
test "shows actual follower/following count to the account owner" do | |||
@@ -547,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do | |||
emoji: %{"joker_smile" => "https://evil.website/society.png"} | |||
) | |||
AccountView.render("show.json", %{user: user, force: true}) | |||
AccountView.render("show.json", %{user: user, skip_visibility_check: true}) | |||
|> Enum.all?(fn | |||
{key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> | |||
String.starts_with?(url, Pleroma.Web.base_url()) | |||
@@ -177,7 +177,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do | |||
id: to_string(note.id), | |||
uri: object_data["id"], | |||
url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note), | |||
account: AccountView.render("show.json", %{user: user, force: true}), | |||
account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}), | |||
in_reply_to_id: nil, | |||
in_reply_to_account_id: nil, | |||
card: nil, | |||
@@ -26,7 +26,8 @@ defmodule Pleroma.Web.PleromaAPI.ChatViewTest do | |||
assert represented_chat == %{ | |||
id: "#{chat.id}", | |||
account: AccountView.render("show.json", user: recipient, force: true), | |||
account: | |||
AccountView.render("show.json", user: recipient, skip_visibility_check: true), | |||
unread: 0, | |||
last_message: nil, | |||
updated_at: Utils.to_masto_date(chat.updated_at) | |||