Add visibility check in context path (#26)

Reviewed-on: #26
2022-06-29 09:33:57 +00:00 · 2022-06-29 09:33:57 +00:00 · 2342fface1
parent e538102cf5
commit 2342fface1
5 changed files with 45 additions and 3 deletions
--- a/.woodpecker/.release.yml
+++ b/.woodpecker/.release.yml
@ -16,7 +16,9 @@ pipeline:
  glibc:
    when:
      event:
-        - tag
+        - push
+      branch:
+        - develop
    secrets:
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
@ -44,7 +46,9 @@ pipeline:
  musl:
    when:
      event:
-        - tag
+        - push
+      branch:
+        - develop
    secrets:
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
--- a/.woodpecker/.test.yml
+++ b/.woodpecker/.test.yml
@ -11,6 +11,7 @@ pipeline:
    when:
      event:
      - push
+      - pull_request
    environment:
      MIX_ENV: test
    commands:
@ -25,6 +26,7 @@ pipeline:
    when:
      event:
      - push
+      - pull_request
    environment:
      MIX_ENV: test
      POSTGRES_DB: pleroma_test
--- a/config/config.exs
+++ b/config/config.exs
@ -97,6 +97,7 @@ config :pleroma, :uri_schemes,
    "http",
    "dat",
    "dweb",
+    "gopher",
    "hyper",
    "ipfs",
    "ipns",
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -384,11 +384,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
  def context(%{assigns: %{user: user}} = conn, %{id: id}) do
    with %Activity{} = activity <- Activity.get_by_id(id) do
      activities =
-        ActivityPub.fetch_activities_for_context(activity.data["context"], %{
+        activity.data["context"]
+        |> ActivityPub.fetch_activities_for_context(%{
          blocking_user: user,
          user: user,
          exclude_id: activity.id
        })
+        |> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end)

      render(conn, "context.json", activity: activity, activities: activities, user: user)
    end
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@ -1810,6 +1810,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
           } = response
  end

+  test "context when restrict_unauthenticated is on" do
+    user = insert(:user)
+    remote_user = insert(:user, local: false)
+
+    {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
+    {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
+
+    {:ok, %{id: id3}} =
+      CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false})
+
+    response =
+      build_conn()
+      |> get("/api/v1/statuses/#{id2}/context")
+      |> json_response_and_validate_schema(:ok)
+
+    assert %{
+             "ancestors" => [%{"id" => ^id1}],
+             "descendants" => [%{"id" => ^id3}]
+           } = response
+
+    clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    response =
+      build_conn()
+      |> get("/api/v1/statuses/#{id2}/context")
+      |> json_response_and_validate_schema(:ok)
+
+    assert %{
+             "ancestors" => [],
+             "descendants" => []
+           } = response
+  end
+
  test "favorites paginate correctly" do
    %{user: user, conn: conn} = oauth_access(["read:favourites"])
    other_user = insert(:user)