From 8277b29790dfd283d94b995539dcb28e51131150 Mon Sep 17 00:00:00 2001
From: Sergey Suprunenko <suprunenko.s@gmail.com>
Date: Mon, 25 Nov 2019 16:59:55 +0100
Subject: [PATCH] Restrict thread statuses that contain user's irreversible
 filters

---
 CHANGELOG.md                                 |  7 ++---
 lib/pleroma/web/activity_pub/activity_pub.ex |  2 ++
 test/notification_test.exs                   |  2 +-
 test/web/activity_pub/activity_pub_test.exs  | 28 ++++++++++++++++++++
 4 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 85401809a..0d31e7928 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Streaming: Repeats of a user's posts will no longer be pushed to the user's stream.
 - Mastodon API: Added `pleroma.metadata.fields_limits` to /api/v1/instance
 - Mastodon API: On deletion, returns the original post text.
+- Mastodon API: Add `pleroma.unread_count` to the Marker entity.
 </details>
 
 <details>
@@ -58,8 +59,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Extended `/api/v1/instance`.
 - Mastodon API: Support for `include_types` in `/api/v1/notifications`.
 - Mastodon API: Added `/api/v1/notifications/:id/dismiss` endpoint.
-- Mastodon API: Add support for filtering replies in public and home timelines
-- Mastodon API: Support for `bot` field in `/api/v1/accounts/update_credentials`
+- Mastodon API: Add support for filtering replies in public and home timelines.
+- Mastodon API: Support for `bot` field in `/api/v1/accounts/update_credentials`.
+- Mastodon API: Support irreversible property for filters.
 - Admin API: endpoints for create/update/delete OAuth Apps.
 - Admin API: endpoint for status view.
 - OTP: Add command to reload emoji packs
@@ -214,7 +216,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: `pleroma.thread_muted` to the Status entity
 - Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
 - Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload.
-- Mastodon API: Add `pleroma.unread_count` to the Marker entity
 - Admin API: Render whole status in grouped reports
 - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).
 - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try.
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 31353c866..8abbef487 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -447,6 +447,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     |> maybe_set_thread_muted_field(opts)
     |> restrict_blocked(opts)
     |> restrict_recipients(recipients, opts[:user])
+    |> restrict_filtered(opts)
     |> where(
       [activity],
       fragment(
@@ -1112,6 +1113,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     |> restrict_favorited_by(opts)
     |> restrict_blocked(restrict_blocked_opts)
     |> restrict_muted(restrict_muted_opts)
+    |> restrict_filtered(opts)
     |> restrict_media(opts)
     |> restrict_visibility(opts)
     |> restrict_thread_visibility(opts, config)
diff --git a/test/notification_test.exs b/test/notification_test.exs
index 9ac6925c3..abaafd60e 100644
--- a/test/notification_test.exs
+++ b/test/notification_test.exs
@@ -1147,7 +1147,7 @@ defmodule Pleroma.NotificationTest do
       insert(:filter, user: user, phrase: "test", hide: false)
       another_user = insert(:user)
 
-      {:ok, _activity} = CommonAPI.post(another_user, %{"status" => "@#{user.nickname} test"})
+      {:ok, _} = CommonAPI.post(another_user, %{"status" => "@#{user.nickname} test"})
 
       assert length(Notification.for_user(user)) == 1
     end
diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
index 4968403dc..2190ff808 100644
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@ -507,6 +507,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       activities = ActivityPub.fetch_activities_for_context("2hu", %{blocking_user: user})
       assert activities == [activity_two, activity]
     end
+
+    test "doesn't return activities with filtered words" do
+      user = insert(:user)
+      user_two = insert(:user)
+      insert(:filter, user: user, phrase: "test", hide: true)
+
+      {:ok, %{id: id1, data: %{"context" => context}}} = CommonAPI.post(user, %{"status" => "1"})
+
+      {:ok, %{id: id2}} =
+        CommonAPI.post(user_two, %{"status" => "2", "in_reply_to_status_id" => id1})
+
+      {:ok, %{id: id3} = user_activity} =
+        CommonAPI.post(user, %{"status" => "3 test?", "in_reply_to_status_id" => id2})
+
+      {:ok, %{id: id4} = filtered_activity} =
+        CommonAPI.post(user_two, %{"status" => "4 test!", "in_reply_to_status_id" => id3})
+
+      {:ok, _} = CommonAPI.post(user, %{"status" => "5", "in_reply_to_status_id" => id4})
+
+      activities =
+        context
+        |> ActivityPub.fetch_activities_for_context(%{"user" => user})
+        |> Enum.map(& &1.id)
+
+      assert length(activities) == 4
+      assert user_activity.id in activities
+      refute filtered_activity.id in activities
+    end
   end
 
   test "doesn't return blocked activities" do
-- 
2.49.0