Respect visibility in API.
This commit is contained in:
parent
5729233c36
commit
5d89997a70
|
@ -131,7 +131,9 @@ def fetch_activities_for_context(context, opts \\ %{}) do
|
||||||
query = from activity in Activity,
|
query = from activity in Activity,
|
||||||
where: fragment("?->>'type' = ? and ?->>'context' = ?", activity.data, "Create", activity.data, ^context),
|
where: fragment("?->>'type' = ? and ?->>'context' = ?", activity.data, "Create", activity.data, ^context),
|
||||||
order_by: [desc: :id]
|
order_by: [desc: :id]
|
||||||
query = restrict_blocked(query, opts)
|
query = query
|
||||||
|
|> restrict_blocked(opts)
|
||||||
|
|> restrict_recipients(["https://www.w3.org/ns/activitystreams#Public"], opts["user"])
|
||||||
Repo.all(query)
|
Repo.all(query)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -313,4 +315,13 @@ def fetch_object_from_id(id) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def visible_for_user?(activity, nil) do
|
||||||
|
"https://www.w3.org/ns/activitystreams#Public" in (activity.data["to"] ++ (activity.data["cc"] || []))
|
||||||
|
end
|
||||||
|
def visible_for_user?(activity, user) do
|
||||||
|
x = [user.ap_id | user.following]
|
||||||
|
y = (activity.data["to"] ++ (activity.data["cc"] || []))
|
||||||
|
visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y))
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -190,14 +190,15 @@ def user_statuses(%{assigns: %{user: user}} = conn, params) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||||
with %Activity{} = activity <- Repo.get(Activity, id) do
|
with %Activity{} = activity <- Repo.get(Activity, id),
|
||||||
|
true <- ActivityPub.visible_for_user?(activity, user) do
|
||||||
render conn, StatusView, "status.json", %{activity: activity, for: user}
|
render conn, StatusView, "status.json", %{activity: activity, for: user}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||||
with %Activity{} = activity <- Repo.get(Activity, id),
|
with %Activity{} = activity <- Repo.get(Activity, id),
|
||||||
activities <- ActivityPub.fetch_activities_for_context(activity.data["object"]["context"], %{"blocking_user" => user}),
|
activities <- ActivityPub.fetch_activities_for_context(activity.data["object"]["context"], %{"blocking_user" => user, "user" => user}),
|
||||||
activities <- activities |> Enum.filter(fn (%{id: aid}) -> to_string(aid) != to_string(id) end),
|
activities <- activities |> Enum.filter(fn (%{id: aid}) -> to_string(aid) != to_string(id) end),
|
||||||
activities <- activities |> Enum.filter(fn (%{data: %{"type" => type}}) -> type == "Create" end),
|
activities <- activities |> Enum.filter(fn (%{data: %{"type" => type}}) -> type == "Create" end),
|
||||||
grouped_activities <- Enum.group_by(activities, fn (%{id: id}) -> id < activity.id end) do
|
grouped_activities <- Enum.group_by(activities, fn (%{id: id}) -> id < activity.id end) do
|
||||||
|
|
|
@ -56,7 +56,8 @@ def fetch_conversation(user, id) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def fetch_status(user, id) do
|
def fetch_status(user, id) do
|
||||||
with %Activity{} = activity <- Repo.get(Activity, id) do
|
with %Activity{} = activity <- Repo.get(Activity, id),
|
||||||
|
true <- ActivityPub.visible_for_user?(activity, user) do
|
||||||
activity_to_status(activity, %{for: user})
|
activity_to_status(activity, %{for: user})
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue