end
end
- def get_visibility(%{"visibility" => visibility})
+ def get_visibility(%{"visibility" => visibility}, in_reply_to)
when visibility in ~w{public unlisted private direct},
- do: visibility
+ do: {visibility, get_replied_to_visibility(in_reply_to)}
- def get_visibility(%{"visibility" => "list:" <> list_id}) do
- {:list, String.to_integer(list_id)}
++ def get_visibility(%{"visibility" => "list:" <> list_id}, in_reply_to) do
++ visibility = {:list, String.to_integer(list_id)}
++ {visibility, get_replied_to_visibility(in_reply_to)}
+ end
+
- def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do
- case get_replied_to_activity(status_id) do
- nil ->
- "public"
+ def get_visibility(_, in_reply_to) when not is_nil(in_reply_to) do
+ visibility = get_replied_to_visibility(in_reply_to)
+ {visibility, visibility}
+ end
+
+ def get_visibility(_, in_reply_to), do: {"public", get_replied_to_visibility(in_reply_to)}
+
+ def get_replied_to_visibility(nil), do: nil
- in_reply_to ->
- # XXX: these heuristics should be moved out of MastodonAPI.
- with %Object{} = object <- Object.normalize(in_reply_to) do
- Pleroma.Web.MastodonAPI.StatusView.get_visibility(object)
- end
+ def get_replied_to_visibility(activity) do
+ with %Object{} = object <- Object.normalize(activity) do
+ Pleroma.Web.ActivityPub.Visibility.get_visibility(object)
end
end
"emoji",
Formatter.get_emoji_map(full_payload)
) do
- res =
- ActivityPub.create(
- %{
- to: to,
- actor: user,
- context: context,
- object: object,
- additional: %{"cc" => cc, "directMessage" => visibility == "direct"}
- },
- Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false
- )
-
- res
+ ActivityPub.create(
+ %{
+ to: to,
+ actor: user,
+ context: context,
+ object: object,
+ additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"}
+ },
+ Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false
+ )
+ else
+ e -> {:error, e}
end
end
assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
end
+ test "it does not allow replies to direct messages that are not direct messages themselves" do
+ user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+
+ assert {:ok, _} =
+ CommonAPI.post(user, %{
+ "status" => "suya..",
+ "visibility" => "direct",
+ "in_reply_to_status_id" => activity.id
+ })
+
+ Enum.each(["public", "private", "unlisted"], fn visibility ->
+ assert {:error, {:private_to_public, _}} =
+ CommonAPI.post(user, %{
+ "status" => "suya..",
+ "visibility" => visibility,
+ "in_reply_to_status_id" => activity.id
+ })
+ end)
+ end
++
+ test "it allows to address a list" do
+ user = insert(:user)
+ {:ok, list} = Pleroma.List.create("foo", user)
+
+ list_ap_id = Pleroma.List.ap_id(user, list.id)
+
+ {:ok, activity} =
+ CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+
+ assert activity.data["bcc"] == [list_ap_id]
+ assert activity.recipients == [list_ap_id, user.ap_id]
+ end
end
describe "reactions" do
projects / akkoma / commitdiff