defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
use Ecto.Schema
+ alias Pleroma.Activity
+ alias Pleroma.User
alias Pleroma.Web.ActivityPub.ObjectValidators.Types
import Ecto.Changeset
field(:actor, Types.ObjectID)
field(:to, Types.Recipients, default: [])
field(:cc, Types.Recipients, default: [])
+ field(:deleted_activity_id, Types.ObjectID)
field(:object, Types.ObjectID)
end
|> cast(data, __schema__(:fields))
end
+ def add_deleted_activity_id(cng) do
+ object =
+ cng
+ |> get_field(:object)
+
+ with %Activity{id: id} <- Activity.get_create_by_object_ap_id(object) do
+ cng
+ |> put_change(:deleted_activity_id, id)
+ else
+ _ -> cng
+ end
+ end
+
+ @deletable_types ~w{
+ Answer
+ Article
+ Audio
+ ChatMessage
+ Event
+ Note
+ Page
+ Question
+ Tombstone
+ Video
+ }
def validate_data(cng) do
cng
|> validate_required([:id, :type, :actor, :to, :cc, :object])
|> validate_inclusion(:type, ["Delete"])
- |> validate_same_domain()
- |> validate_object_presence()
+ |> validate_actor_presence()
+ |> validate_deletion_rights()
+ |> validate_object_or_user_presence(allowed_types: @deletable_types)
+ |> add_deleted_activity_id()
end
- def validate_same_domain(cng) do
- actor_domain =
+ def do_not_federate?(cng) do
+ !same_domain?(cng)
+ end
+
+ defp same_domain?(cng) do
+ actor_uri =
cng
|> get_field(:actor)
|> URI.parse()
- |> (& &1.host).()
- object_domain =
+ object_uri =
cng
|> get_field(:object)
|> URI.parse()
- |> (& &1.host).()
- if object_domain != actor_domain do
+ object_uri.host == actor_uri.host
+ end
+
+ def validate_deletion_rights(cng) do
+ actor = User.get_cached_by_ap_id(get_field(cng, :actor))
+
+ if User.superuser?(actor) || same_domain?(cng) do
cng
- |> add_error(:actor, "is not allowed to delete object")
else
cng
+ |> add_error(:actor, "is not allowed to delete object")
end
end
projects / akkoma / blobdiff