From: lain Date: Sat, 7 Apr 2018 14:40:03 +0000 (+0200) Subject: Only search in public data for now. X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299;p=akkoma Only search in public data for now. This should be the data the user is allowed to see later, but this will stop accidental private message leaks. --- diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ccba4710a..6339704a2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 027b97154..c12cd7f8a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 2c9cdd194..5d39c25c6 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -564,6 +564,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"}) + + {:ok, _activity} = + CommonAPI.post(user, %{ + "status" => "This is about 2hu, but private", + "visibility" => "private" + }) + {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"}) conn =