From: Egor Kislitsyn Date: Thu, 16 May 2019 10:54:24 +0000 (+0700) Subject: Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=fc7246d7159a97a8b9bb878e848db6f8ac0df988;p=akkoma Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists --- fc7246d7159a97a8b9bb878e848db6f8ac0df988 diff --cc lib/pleroma/web/common_api/common_api.ex index ed2c0017f,29c4c1014..97134cd19 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@@ -116,24 -116,22 +116,27 @@@ defmodule Pleroma.Web.CommonAPI d end end - def get_visibility(%{"visibility" => visibility}) + def get_visibility(%{"visibility" => visibility}, in_reply_to) when visibility in ~w{public unlisted private direct}, - do: visibility + do: {visibility, get_replied_to_visibility(in_reply_to)} - def get_visibility(%{"visibility" => "list:" <> list_id}) do - {:list, String.to_integer(list_id)} ++ def get_visibility(%{"visibility" => "list:" <> list_id}, in_reply_to) do ++ visibility = {:list, String.to_integer(list_id)} ++ {visibility, get_replied_to_visibility(in_reply_to)} + end + - def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do - case get_replied_to_activity(status_id) do - nil -> - "public" + def get_visibility(_, in_reply_to) when not is_nil(in_reply_to) do + visibility = get_replied_to_visibility(in_reply_to) + {visibility, visibility} + end + + def get_visibility(_, in_reply_to), do: {"public", get_replied_to_visibility(in_reply_to)} + + def get_replied_to_visibility(nil), do: nil - in_reply_to -> - # XXX: these heuristics should be moved out of MastodonAPI. - with %Object{} = object <- Object.normalize(in_reply_to) do - Pleroma.Web.MastodonAPI.StatusView.get_visibility(object) - end + def get_replied_to_visibility(activity) do + with %Object{} = object <- Object.normalize(activity) do + Pleroma.Web.ActivityPub.Visibility.get_visibility(object) end end @@@ -177,16 -174,21 +180,18 @@@ "emoji", Formatter.get_emoji_map(full_payload) ) do - res = - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) - - res + ActivityPub.create( + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} + }, + Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + ) + else + e -> {:error, e} end end diff --cc test/web/common_api/common_api_test.exs index 11f3c8357,8d4f401ee..23e89d685 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@@ -88,18 -88,27 +88,40 @@@ defmodule Pleroma.Web.CommonAPITest d assert object.data["content"] == "

2hu

alert('xss')" end + test "it does not allow replies to direct messages that are not direct messages themselves" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"}) + + assert {:ok, _} = + CommonAPI.post(user, %{ + "status" => "suya..", + "visibility" => "direct", + "in_reply_to_status_id" => activity.id + }) + + Enum.each(["public", "private", "unlisted"], fn visibility -> + assert {:error, {:private_to_public, _}} = + CommonAPI.post(user, %{ + "status" => "suya..", + "visibility" => visibility, + "in_reply_to_status_id" => activity.id + }) + end) + end ++ + test "it allows to address a list" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + assert activity.data["bcc"] == [list_ap_id] + assert activity.recipients == [list_ap_id, user.ap_id] + end end describe "reactions" do