Allow Updates by every actor on the same origin

lib/pleroma/web/activity_pub/object_validators/update_validator.ex

@@ -51,7 +51,9 @@ def validate_updating_rights(cng) do
     with actor = get_field(cng, :actor),
          object = get_field(cng, :object),
          {:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
-         true <- actor == object_id do
+         actor_uri <- URI.parse(actor),
+         object_uri <- URI.parse(object_id),
+         true <- actor_uri.host == object_uri.host do
       cng
     else
       _e ->

test/pleroma/web/activity_pub/object_validators/update_handling_test.exs

@@ -32,7 +32,7 @@ test "validates a basic object", %{valid_update: valid_update} do
     test "returns an error if the object can't be updated by the actor", %{
       valid_update: valid_update
     } do
-      other_user = insert(:user)
+      other_user = insert(:user, local: false)
 
       update =
         valid_update
@@ -40,5 +40,27 @@ test "returns an error if the object can't be updated by the actor", %{
 
       assert {:error, _cng} = ObjectValidator.validate(update, [])
     end
+
+    test "validates as long as the object is same-origin with the actor", %{
+      valid_update: valid_update
+    } do
+      other_user = insert(:user)
+
+      update =
+        valid_update
+        |> Map.put("actor", other_user.ap_id)
+
+      assert {:ok, _update, []} = ObjectValidator.validate(update, [])
+    end
+
+    test "validates if the object is not of an Actor type" do
+      note = insert(:note)
+      updated_note = note.data |> Map.put("content", "edited content")
+      other_user = insert(:user)
+
+      {:ok, update, _} = Builder.update(other_user, updated_note)
+
+      assert {:ok, _update, []} = ObjectValidator.validate(update, [])
+    end
   end
 end