Merge branch 'fix/dont-show-dms-in-mentions-timeline' into 'develop'

[#675] Do not show DMs in mentions timeline See merge request pleroma/pleroma!877
2019-03-03 11:13:59 +00:00 · 2019-03-03 11:13:59 +00:00 · 9b63fda9c7
commit 9b63fda9c7
parent f38c316e6e 9c6abec4d8
4 changed files with 54 additions and 1 deletions
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -420,6 +420,30 @@ def fetch_public_activities(opts \\ %{}) do

  @valid_visibilities ~w[direct unlisted public private]

+  defp restrict_visibility(query, %{visibility: visibility})
+       when is_list(visibility) do
+    if Enum.all?(visibility, &(&1 in @valid_visibilities)) do
+      query =
+        from(
+          a in query,
+          where:
+            fragment(
+              "activity_visibility(?, ?, ?) = ANY (?)",
+              a.actor,
+              a.recipients,
+              a.data,
+              ^visibility
+            )
+        )
+
+      Ecto.Adapters.SQL.to_sql(:all, Repo, query)
+
+      query
+    else
+      Logger.error("Could not restrict visibility to #{visibility}")
+    end
+  end
+
  defp restrict_visibility(query, %{visibility: visibility})
       when visibility in @valid_visibilities do
    query =
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -167,6 +167,7 @@ def mentions_timeline(%{assigns: %{user: user}} = conn, params) do
      params
      |> Map.put("type", ["Create", "Announce", "Follow", "Like"])
      |> Map.put("blocking_user", user)
+      |> Map.put(:visibility, ~w[unlisted public private])

    activities = ActivityPub.fetch_activities([user.ap_id], params)

--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@ -55,6 +55,14 @@ test "it restricts by the appropriate visibility" do
        ActivityPub.fetch_activities([], %{:visibility => "public", "actor_id" => user.ap_id})

      assert activities == [public_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{
+          :visibility => ~w[private public],
+          "actor_id" => user.ap_id
+        })
+
+      assert activities == [public_activity, private_activity]
    end
  end

--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@ -427,7 +427,10 @@ test "without valid credentials", %{conn: conn} do

    test "with credentials", %{conn: conn, user: current_user} do
      {:ok, activity} =
-        ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
+        CommonAPI.post(current_user, %{
+          "status" => "why is tenshi eating a corndog so cute?",
+          "visibility" => "public"
+        })

      conn =
        conn
@ -445,6 +448,23 @@ test "with credentials", %{conn: conn, user: current_user} do
                 mentioned: [current_user]
               })
    end
+
+    test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
+      {:ok, _activity} =
+        CommonAPI.post(current_user, %{
+          "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
+          "visibility" => "direct"
+        })
+
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> get("/api/statuses/mentions.json")
+
+      response = json_response(conn, 200)
+
+      assert length(response) == 0
+    end
  end

  describe "GET /api/qvitter/statuses/notifications.json" do