From: Egor Kislitsyn <egor@kislitsyn.com>
Date: Mon, 15 Jul 2019 07:54:40 +0000 (+0700)
Subject: List messages must be visible for mentioned users
X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=de13c9bb8fc08b12d9694f63f92935ba39a51118;p=akkoma

List messages must be visible for mentioned users
---

diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex
index e0282d758..2666edc7c 100644
--- a/lib/pleroma/web/activity_pub/visibility.ex
+++ b/lib/pleroma/web/activity_pub/visibility.ex
@@ -39,10 +39,11 @@ defmodule Pleroma.Web.ActivityPub.Visibility do
 
   def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true
 
-  def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do
-    list_ap_id
-    |> Pleroma.List.get_by_ap_id()
-    |> Pleroma.List.member?(user)
+  def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{} = user) do
+    user.ap_id in activity.data["to"] ||
+      list_ap_id
+      |> Pleroma.List.get_by_ap_id()
+      |> Pleroma.List.member?(user)
   end
 
   def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index fed5f9de7..f28a96320 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -100,7 +100,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     end
   end
 
-  def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []}
+  def get_to_and_cc(_user, mentions, _inReplyTo, {:list, _}), do: {mentions, []}
 
   def get_addressed_users(_, to) when is_list(to) do
     User.get_ap_ids_by_nicknames(to)
diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs
index 2ce6928c4..b62a89e68 100644
--- a/test/web/activity_pub/visibilty_test.exs
+++ b/test/web/activity_pub/visibilty_test.exs
@@ -126,13 +126,13 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
     assert Visibility.visible_for_user?(direct, user)
     assert Visibility.visible_for_user?(list, user)
 
-    # All visible to a mentioned user, except when it's a list activity
+    # All visible to a mentioned user
 
     assert Visibility.visible_for_user?(public, mentioned)
     assert Visibility.visible_for_user?(private, mentioned)
     assert Visibility.visible_for_user?(unlisted, mentioned)
     assert Visibility.visible_for_user?(direct, mentioned)
-    refute(Visibility.visible_for_user?(list, mentioned))
+    assert Visibility.visible_for_user?(list, mentioned)
 
     # DM not visible for just follower