X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Factivity_pub%2Fobject_validators%2Fdelete_validator.ex;h=f42c035105444a8b48eefa53389bdff4c3ab7d0a;hb=6b84c62d4a51cb17192945d1b67999b2c56a23d2;hp=0eb31451cd650462aaedc494b05077e8056545e8;hpb=db184a8eb495865334f47a24f8c5b1fec65450b6;p=akkoma

diff --git a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
index 0eb31451c..f42c03510 100644
--- a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
@@ -5,6 +5,8 @@
 defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
   use Ecto.Schema
 
+  alias Pleroma.Activity
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ObjectValidators.Types
 
   import Ecto.Changeset
@@ -18,6 +20,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
     field(:actor, Types.ObjectID)
     field(:to, Types.Recipients, default: [])
     field(:cc, Types.Recipients, default: [])
+    field(:deleted_activity_id, Types.ObjectID)
     field(:object, Types.ObjectID)
   end
 
@@ -26,32 +29,66 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
     |> cast(data, __schema__(:fields))
   end
 
+  def add_deleted_activity_id(cng) do
+    object =
+      cng
+      |> get_field(:object)
+
+    with %Activity{id: id} <- Activity.get_create_by_object_ap_id(object) do
+      cng
+      |> put_change(:deleted_activity_id, id)
+    else
+      _ -> cng
+    end
+  end
+
+  @deletable_types ~w{
+    Answer
+    Article
+    Audio
+    Event
+    Note
+    Page
+    Question
+    Video
+    Tombstone
+  }
   def validate_data(cng) do
     cng
     |> validate_required([:id, :type, :actor, :to, :cc, :object])
     |> validate_inclusion(:type, ["Delete"])
-    |> validate_same_domain()
-    |> validate_object_presence()
+    |> validate_actor_presence()
+    |> validate_deletion_rights()
+    |> validate_object_or_user_presence(allowed_types: @deletable_types)
+    |> add_deleted_activity_id()
   end
 
-  def validate_same_domain(cng) do
-    actor_domain =
+  def do_not_federate?(cng) do
+    !same_domain?(cng)
+  end
+
+  defp same_domain?(cng) do
+    actor_uri =
       cng
       |> get_field(:actor)
       |> URI.parse()
-      |> (& &1.host).()
 
-    object_domain =
+    object_uri =
       cng
       |> get_field(:object)
       |> URI.parse()
-      |> (& &1.host).()
 
-    if object_domain != actor_domain do
+    object_uri.host == actor_uri.host
+  end
+
+  def validate_deletion_rights(cng) do
+    actor = User.get_cached_by_ap_id(get_field(cng, :actor))
+
+    if User.superuser?(actor) || same_domain?(cng) do
       cng
-      |> add_error(:actor, "is not allowed to delete object")
     else
       cng
+      |> add_error(:actor, "is not allowed to delete object")
     end
   end