Merge branch 'scarlett/pleroma-search-visibility-check' into 'develop'

Scarlett/pleroma search visibility check

See merge request pleroma/pleroma!635
This commit is contained in:
lambda 2019-01-07 12:20:15 +00:00
commit b640cf0ce0
2 changed files with 26 additions and 5 deletions

View File

@ -725,11 +725,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
json(conn, %{}) json(conn, %{})
end end
def status_search(query) do def status_search(user, query) do
fetched = fetched =
if Regex.match?(~r/https?:/, query) do if Regex.match?(~r/https?:/, query) do
with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do with {:ok, object} <- ActivityPub.fetch_object_from_id(query),
[Activity.get_create_activity_by_object_ap_id(object.data["id"])] %Activity{} = activity <-
Activity.get_create_activity_by_object_ap_id(object.data["id"]),
true <- ActivityPub.visible_for_user?(activity, user) do
[activity]
else else
_e -> [] _e -> []
end end
@ -756,7 +759,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
accounts = User.search(query, params["resolve"] == "true") accounts = User.search(query, params["resolve"] == "true")
statuses = status_search(query) statuses = status_search(user, query)
tags_path = Web.base_url() <> "/tag/" tags_path = Web.base_url() <> "/tag/"
@ -780,7 +783,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
accounts = User.search(query, params["resolve"] == "true") accounts = User.search(query, params["resolve"] == "true")
statuses = status_search(query) statuses = status_search(user, query)
tags = tags =
String.split(query) String.split(query)

View File

@ -1312,6 +1312,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
end) end)
end end
test "search doesn't show statuses that it shouldn't", %{conn: conn} do
{:ok, activity} =
CommonAPI.post(insert(:user), %{
"status" => "This is about 2hu, but private",
"visibility" => "private"
})
capture_log(fn ->
conn =
conn
|> get("/api/v1/search", %{"q" => activity.data["object"]["id"]})
assert results = json_response(conn, 200)
[] = results["statuses"]
end)
end
test "search fetches remote accounts", %{conn: conn} do test "search fetches remote accounts", %{conn: conn} do
conn = conn =
conn conn