Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (GET /api/v1/timelines/public)

This commit is contained in:
eugenijm 2019-09-20 17:54:38 +03:00 committed by Ariadne Conill
parent f6ff19e074
commit 790ae8e189
4 changed files with 20 additions and 3 deletions

View file

@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- ActivityPub: Polls are now refreshed when necessary. - ActivityPub: Polls are now refreshed when necessary.
- Mastodon API: Ensure the `account` field is not empty when rendering Notification entities. - Mastodon API: Ensure the `account` field is not empty when rendering Notification entities.
- Report emails now include functional links to profiles of remote user accounts - Report emails now include functional links to profiles of remote user accounts
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
### Removed ### Removed
- ActivityPub: The `/objects/:uuid/likes` endpoint. - ActivityPub: The `/objects/:uuid/likes` endpoint.

View file

@ -527,9 +527,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
end end
def fetch_public_activities(opts \\ %{}) do def fetch_public_activities(opts \\ %{}) do
q = fetch_activities_query([Pleroma.Constants.as_public()], opts) opts = Map.drop(opts, ["user"])
q [Pleroma.Constants.as_public()]
|> fetch_activities_query(opts)
|> restrict_unlisted() |> restrict_unlisted()
|> Pagination.fetch_paginated(opts) |> Pagination.fetch_paginated(opts)
|> Enum.reverse() |> Enum.reverse()

View file

@ -398,7 +398,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|> Map.put("local_only", local_only) |> Map.put("local_only", local_only)
|> Map.put("blocking_user", user) |> Map.put("blocking_user", user)
|> Map.put("muting_user", user) |> Map.put("muting_user", user)
|> Map.put("user", user)
|> ActivityPub.fetch_public_activities() |> ActivityPub.fetch_public_activities()
|> Enum.reverse() |> Enum.reverse()

View file

@ -96,6 +96,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|> json_response(403) == %{"error" => "This resource requires authentication."} |> json_response(403) == %{"error" => "This resource requires authentication."}
end end
test "the public timeline includes only public statuses for an authenticated user" do
user = insert(:user)
conn =
build_conn()
|> assign(:user, user)
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
res_conn = get(conn, "/api/v1/timelines/public")
assert length(json_response(res_conn, 200)) == 1
end
describe "posting statuses" do describe "posting statuses" do
setup do setup do
user = insert(:user) user = insert(:user)