From 40d9aa62199dc637039ee7931685195097fe5035 Mon Sep 17 00:00:00 2001 From: Johann150 Date: Thu, 28 Jul 2022 12:34:23 +0200 Subject: [PATCH] API: visiblity cannot be less restrictive Removed a now unnecessary provision from services/note/create as well. --- .../src/server/api/endpoints/notes/create.ts | 23 ++++++++++++++++++- packages/backend/src/services/note/create.ts | 5 ---- packages/backend/src/types.ts | 3 +++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/notes/create.ts b/packages/backend/src/server/api/endpoints/notes/create.ts index 82540f96b..192e19bd2 100644 --- a/packages/backend/src/server/api/endpoints/notes/create.ts +++ b/packages/backend/src/server/api/endpoints/notes/create.ts @@ -78,13 +78,24 @@ export const meta = { code: 'YOU_HAVE_BEEN_BLOCKED', id: 'b390d7e1-8a5e-46ed-b625-06271cafd3d3', }, + + lessRestrictiveVisibility: { + message: 'The visibility cannot be less restrictive than the parent note.', + code: 'LESS_RESTRICTIVE_VISIBILITY', + id: 'c8ab7a7a-8852-41e2-8b24-079bbaceb585', + }, }, } as const; export const paramDef = { type: 'object', properties: { - visibility: { type: 'string', enum: noteVisibilities, default: 'public' }, + visibility: { + description: 'The visibility of the new note. Must be the same or more restrictive than a replied to or quoted note.' + type: 'string', + enum: noteVisibilities, + default: 'public', + }, visibleUserIds: { type: 'array', uniqueItems: true, items: { type: 'string', format: 'misskey:id', } }, @@ -195,6 +206,11 @@ export default define(meta, paramDef, async (ps, user) => { throw new ApiError(meta.errors.cannotReRenote); } + // check that the visibility is not less restrictive + if (noteVisibilities.indexOf(renote.visibility) > noteVisibilities.indexOf(ps.visibility)) { + throw new ApiError(meta.errors.lessRestrictiveVisibility); + } + // Check blocking if (renote.userId !== user.id) { const block = await Blockings.findOneBy({ @@ -219,6 +235,11 @@ export default define(meta, paramDef, async (ps, user) => { throw new ApiError(meta.errors.cannotReplyToPureRenote); } + // check that the visibility is not less restrictive + if (noteVisibilities.indexOf(reply.visibility) > noteVisibilities.indexOf(ps.visibility)) { + throw new ApiError(meta.errors.lessRestrictiveVisibility); + } + // Check blocking if (reply.userId !== user.id) { const block = await Blockings.findOneBy({ diff --git a/packages/backend/src/services/note/create.ts b/packages/backend/src/services/note/create.ts index 0fce38029..51fcac0b9 100644 --- a/packages/backend/src/services/note/create.ts +++ b/packages/backend/src/services/note/create.ts @@ -170,11 +170,6 @@ export default async (user: { id: User['id']; username: User['username']; host: data.visibility = 'followers'; } - // 返信対象がpublicではないならhomeにする - if (data.reply && data.reply.visibility !== 'public' && data.visibility === 'public') { - data.visibility = 'home'; - } - // ローカルのみをRenoteしたらローカルのみにする if (data.renote && data.renote.localOnly && data.channel == null) { data.localOnly = true; diff --git a/packages/backend/src/types.ts b/packages/backend/src/types.ts index 573e2faf8..5ca4a966a 100644 --- a/packages/backend/src/types.ts +++ b/packages/backend/src/types.ts @@ -1,5 +1,8 @@ export const notificationTypes = ['follow', 'mention', 'reply', 'renote', 'quote', 'reaction', 'pollVote', 'pollEnded', 'receiveFollowRequest', 'followRequestAccepted', 'groupInvited', 'app'] as const; +/** + * Note visibilities, ordered from most to least open. + */ export const noteVisibilities = ['public', 'home', 'followers', 'specified'] as const; export const mutedNoteReasons = ['word', 'manual', 'spam', 'other'] as const;