|> maybe_preload_bookmarks(opts)
|> maybe_set_thread_muted_field(opts)
|> restrict_blocked(opts)
+ |> restrict_blockers_visibility(opts)
|> restrict_recipients(recipients, opts[:user])
|> restrict_filtered(opts)
|> where(
where:
fragment(
"""
- ?->>'type' != 'Create' -- This isn't a Create
+ ?->>'type' != 'Create' -- This isn't a Create
OR ?->>'inReplyTo' is null -- this isn't a reply
- OR ? && array_remove(?, ?) -- The recipient is us or one of our friends,
- -- unless they are the author (because authors
+ OR ? && array_remove(?, ?) -- The recipient is us or one of our friends,
+ -- unless they are the author (because authors
-- are also part of the recipients). This leads
-- to a bug that self-replies by friends won't
-- show up.
from(
[activity, object: o] in query,
+ # You don't block the author
where: fragment("not (? = ANY(?))", activity.actor, ^blocked_ap_ids),
+
+ # You don't block any recipients, and didn't author the post
where:
fragment(
"((not (? && ?)) or ? = ?)",
activity.actor,
^user.ap_id
),
+
+ # You don't block the domain of any recipients, and didn't author the post
where:
fragment(
- "recipients_contain_blocked_domains(?, ?) = false",
+ "(recipients_contain_blocked_domains(?, ?) = false) or ? = ?",
activity.recipients,
- ^domain_blocks
+ ^domain_blocks,
+ activity.actor,
+ ^user.ap_id
),
+
+ # It's not a boost of a user you block
where:
fragment(
"not (?->>'type' = 'Announce' and ?->'to' \\?| ?)",
activity.data,
^blocked_ap_ids
),
+
+ # You don't block the author's domain, and also don't follow the author
where:
fragment(
"(not (split_part(?, '/', 3) = ANY(?))) or ? = ANY(?)",
activity.actor,
^following_ap_ids
),
+
+ # Same as above, but checks the Object
where:
fragment(
"(not (split_part(?->>'actor', '/', 3) = ANY(?))) or (?->>'actor') = ANY(?)",
defp restrict_blocked(query, _), do: query
+ defp restrict_blockers_visibility(query, %{blocking_user: %User{} = user}) do
+ if Config.get([:activitypub, :blockers_visible]) == true do
+ query
+ else
+ blocker_ap_ids = User.incoming_relationships_ungrouped_ap_ids(user, [:block])
+
+ from(
+ activity in query,
+ # The author doesn't block you
+ where: fragment("not (? = ANY(?))", activity.actor, ^blocker_ap_ids),
+
+ # It's not a boost of a user that blocks you
+ where:
+ fragment(
+ "not (?->>'type' = 'Announce' and ?->'to' \\?| ?)",
+ activity.data,
+ activity.data,
+ ^blocker_ap_ids
+ )
+ )
+ end
+ end
+
+ defp restrict_blockers_visibility(query, _), do: query
+
defp restrict_unlisted(query, %{restrict_unlisted: true}) do
from(
activity in query,
|> restrict_state(opts)
|> restrict_favorited_by(opts)
|> restrict_blocked(restrict_blocked_opts)
+ |> restrict_blockers_visibility(opts)
|> restrict_muted(restrict_muted_opts)
|> restrict_filtered(opts)
|> restrict_media(opts)
assert Enum.member?(activities, activity_one)
end
+ test "always see your own posts even when they address people you block" do
+ user = insert(:user)
+ blockee = insert(:user)
+
+ {:ok, _} = User.block(user, blockee)
+ {:ok, activity} = CommonAPI.post(user, %{status: "hey! @#{blockee.nickname}"})
+
+ activities = ActivityPub.fetch_activities([], %{blocking_user: user})
+
+ assert Enum.member?(activities, activity)
+ end
+
test "doesn't return transitive interactions concerning blocked users" do
blocker = insert(:user)
blockee = insert(:user)
refute repeat_activity in activities
end
+ test "see your own posts even when they adress actors from blocked domains" do
+ user = insert(:user)
+
+ domain = "dogwhistle.zone"
+ domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
+
+ {:ok, user} = User.block_domain(user, domain)
+
+ {:ok, activity} = CommonAPI.post(user, %{status: "hey! @#{domain_user.nickname}"})
+
+ activities = ActivityPub.fetch_activities([], %{blocking_user: user})
+
+ assert Enum.member?(activities, activity)
+ end
+
test "does return activities from followed users on blocked domains" do
domain = "meanies.social"
domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
[%{"id" => ^reply_from_me}, %{"id" => ^activity_id}] = response
end
+ test "doesn't return posts from users who blocked you when :blockers_visible is disabled" do
+ clear_config([:activitypub, :blockers_visible], false)
+
+ %{conn: conn, user: blockee} = oauth_access(["read:statuses"])
+ blocker = insert(:user)
+ {:ok, _} = User.block(blocker, blockee)
+
+ conn = assign(conn, :user, blockee)
+
+ {:ok, _} = CommonAPI.post(blocker, %{status: "hey!"})
+
+ response =
+ get(conn, "/api/v1/timelines/public")
+ |> json_response_and_validate_schema(200)
+
+ assert length(response) == 0
+ end
+
test "doesn't return replies if follow is posting with users from blocked domain" do
%{conn: conn, user: blocker} = oauth_access(["read:statuses"])
friend = insert(:user)