Add visibility check in context path (#26)
authorfloatingghost <hannah@coffee-and-dreams.uk>
Wed, 29 Jun 2022 09:33:57 +0000 (09:33 +0000)
committerfloatingghost <hannah@coffee-and-dreams.uk>
Wed, 29 Jun 2022 09:33:57 +0000 (09:33 +0000)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/26

.woodpecker/.release.yml
.woodpecker/.test.yml
config/config.exs
lib/pleroma/web/mastodon_api/controllers/status_controller.ex
test/pleroma/web/mastodon_api/controllers/status_controller_test.exs

index 335f3c8e8826442671677c2e5f56e31af66472a7..28043aa655d5792964178589cdebf90fb1aa7a16 100644 (file)
@@ -16,7 +16,9 @@ pipeline:
   glibc:
     when:
       event:
-        - tag
+        - push
+      branch:
+        - develop
     secrets:
     - SCW_ACCESS_KEY
     - SCW_SECRET_KEY
@@ -44,7 +46,9 @@ pipeline:
   musl:
     when:
       event:
-        - tag
+        - push
+      branch:
+        - develop
     secrets:
     - SCW_ACCESS_KEY
     - SCW_SECRET_KEY
index cef7436433bc540d05854968ef5d93385af6a9b7..6724d363ddc1e42248a9cc1bef415a317380efb4 100644 (file)
@@ -11,6 +11,7 @@ pipeline:
     when:
       event:
       - push
+      - pull_request
     environment:
       MIX_ENV: test
     commands:
@@ -25,6 +26,7 @@ pipeline:
     when:
       event:
       - push
+      - pull_request
     environment:
       MIX_ENV: test
       POSTGRES_DB: pleroma_test
index ea0b233603e4cf8532734c71fc347b6bc78ad5a8..00f9af79737c3063478dfdca4dd54d07f052ddf0 100644 (file)
@@ -97,6 +97,7 @@ config :pleroma, :uri_schemes,
     "http",
     "dat",
     "dweb",
+    "gopher",
     "hyper",
     "ipfs",
     "ipns",
index 2eff4d9d08c04c9cd9ac8da5aaf2944ed8f75eb9..60f4c44d7c705ef7079fbf17439ab61a79bc6367 100644 (file)
@@ -384,11 +384,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
   def context(%{assigns: %{user: user}} = conn, %{id: id}) do
     with %Activity{} = activity <- Activity.get_by_id(id) do
       activities =
-        ActivityPub.fetch_activities_for_context(activity.data["context"], %{
+        activity.data["context"]
+        |> ActivityPub.fetch_activities_for_context(%{
           blocking_user: user,
           user: user,
           exclude_id: activity.id
         })
+        |> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end)
 
       render(conn, "context.json", activity: activity, activities: activities, user: user)
     end
index ed66d370ab3fdc59ee5cf49a1b9798d04e39a20e..3e0660031ed3d5e4b195a116003ab46cd6fc3d07 100644 (file)
@@ -1810,6 +1810,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
            } = response
   end
 
+  test "context when restrict_unauthenticated is on" do
+    user = insert(:user)
+    remote_user = insert(:user, local: false)
+
+    {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
+    {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
+
+    {:ok, %{id: id3}} =
+      CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false})
+
+    response =
+      build_conn()
+      |> get("/api/v1/statuses/#{id2}/context")
+      |> json_response_and_validate_schema(:ok)
+
+    assert %{
+             "ancestors" => [%{"id" => ^id1}],
+             "descendants" => [%{"id" => ^id3}]
+           } = response
+
+    clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    response =
+      build_conn()
+      |> get("/api/v1/statuses/#{id2}/context")
+      |> json_response_and_validate_schema(:ok)
+
+    assert %{
+             "ancestors" => [],
+             "descendants" => []
+           } = response
+  end
+
   test "favorites paginate correctly" do
     %{user: user, conn: conn} = oauth_access(["read:favourites"])
     other_user = insert(:user)