add visibility check on quote (#178)
authorfloatingghost <hannah@coffee-and-dreams.uk>
Sun, 21 Aug 2022 15:17:01 +0000 (15:17 +0000)
committerfloatingghost <hannah@coffee-and-dreams.uk>
Sun, 21 Aug 2022 15:17:01 +0000 (15:17 +0000)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/178

lib/pleroma/web/mastodon_api/views/status_view.ex
test/pleroma/web/mastodon_api/views/status_view_test.exs

index d099c4901cf9237793444a0b6ba502e92a74c898..d838c4673512b1b9d0ba082d3a0c936e5d4d4f6b 100644 (file)
@@ -623,15 +623,19 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   defp maybe_render_quote(nil, _), do: nil
 
   defp maybe_render_quote(quote, opts) do
-    if opts[:do_not_recurse] || !visible_for_user?(quote, opts[:for]) do
-      nil
-    else
+    with %User{} = quoted_user <- User.get_cached_by_ap_id(quote.actor),
+         false <- Map.get(opts, :do_not_recurse, false),
+         true <- visible_for_user?(quote, opts[:for]),
+         false <- User.blocks?(opts[:for], quoted_user),
+         false <- User.mutes?(opts[:for], quoted_user) do
       opts =
         opts
         |> Map.put(:activity, quote)
         |> Map.put(:do_not_recurse, true)
 
       render("show.json", opts)
+    else
+      _ -> nil
     end
   end
 end
index a6f8f3fc8cb02b9d101d6e96796a076c7b48c5f7..f46dded7c20b10485e5871934f31bdc66102b0f9 100644 (file)
@@ -428,6 +428,34 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert is_nil(status.quote)
   end
 
+  test "a quote from a user we block" do
+    user = insert(:user)
+    other_user = insert(:user)
+    blocked_user = insert(:user)
+
+    {:ok, _relationship} = User.block(user, blocked_user)
+
+    {:ok, activity} = CommonAPI.post(blocked_user, %{status: ":< i am ANGERY"})
+    {:ok, quote_activity} = CommonAPI.post(other_user, %{status: "hehe", quote_id: activity.id})
+
+    status = StatusView.render("show.json", %{activity: quote_activity, for: user})
+    assert is_nil(status.quote)
+  end
+
+  test "a quote from a user we mute" do
+    user = insert(:user)
+    other_user = insert(:user)
+    blocked_user = insert(:user)
+
+    {:ok, _relationship} = User.mute(user, blocked_user)
+
+    {:ok, activity} = CommonAPI.post(blocked_user, %{status: ":< i am ANGERY"})
+    {:ok, quote_activity} = CommonAPI.post(other_user, %{status: "hehe", quote_id: activity.id})
+
+    status = StatusView.render("show.json", %{activity: quote_activity, for: user})
+    assert is_nil(status.quote)
+  end
+
   test "contains mentions" do
     user = insert(:user)
     mentioned = insert(:user)