Blocks: make blockers_visible config work

2020-10-10 03:41:35 -05:00 · 2020-10-10 03:41:35 -05:00 · 7c2d0e378c
commit 7c2d0e378c
parent 2fc7ce3e1e
2 changed files with 45 additions and 0 deletions
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -410,6 +410,7 @@ def fetch_activities_for_context_query(context, opts) do
    |> maybe_preload_bookmarks(opts)
    |> maybe_set_thread_muted_field(opts)
    |> restrict_blocked(opts)
+    |> restrict_blockers_visibility(opts)
    |> restrict_recipients(recipients, opts[:user])
    |> restrict_filtered(opts)
    |> where(
@ -906,6 +907,31 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do

  defp restrict_blocked(query, _), do: query

+  defp restrict_blockers_visibility(query, %{blocking_user: %User{} = user}) do
+    if Config.get([:activitypub, :blockers_visible]) == true do
+      query
+    else
+      blocker_ap_ids = User.incoming_relationships_ungrouped_ap_ids(user, [:block])
+
+      from(
+        activity in query,
+        # The author doesn't block you
+        where: fragment("not (? = ANY(?))", activity.actor, ^blocker_ap_ids),
+
+        # It's not a boost of a user that blocks you
+        where:
+          fragment(
+            "not (?->>'type' = 'Announce' and ?->'to' \\?| ?)",
+            activity.data,
+            activity.data,
+            ^blocker_ap_ids
+          )
+      )
+    end
+  end
+
+  defp restrict_blockers_visibility(query, _), do: query
+
  defp restrict_unlisted(query, %{restrict_unlisted: true}) do
    from(
      activity in query,
@ -1106,6 +1132,7 @@ def fetch_activities_query(recipients, opts \\ %{}) do
    |> restrict_state(opts)
    |> restrict_favorited_by(opts)
    |> restrict_blocked(restrict_blocked_opts)
+    |> restrict_blockers_visibility(opts)
    |> restrict_muted(restrict_muted_opts)
    |> restrict_filtered(opts)
    |> restrict_media(opts)
--- a/test/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs
@ -126,6 +126,24 @@ test "doesn't return replies if follower is posting with blocked user" do
      [%{"id" => ^reply_from_me}, %{"id" => ^activity_id}] = response
    end

+    test "doesn't return posts from users who blocked you when :blockers_visible is disabled" do
+      clear_config([:activitypub, :blockers_visible], false)
+
+      %{conn: conn, user: blockee} = oauth_access(["read:statuses"])
+      blocker = insert(:user)
+      {:ok, _} = User.block(blocker, blockee)
+
+      conn = assign(conn, :user, blockee)
+
+      {:ok, _} = CommonAPI.post(blocker, %{status: "hey!"})
+
+      response =
+        get(conn, "/api/v1/timelines/public")
+        |> json_response_and_validate_schema(200)
+
+      assert length(response) == 0
+    end
+
    test "doesn't return replies if follow is posting with users from blocked domain" do
      %{conn: conn, user: blocker} = oauth_access(["read:statuses"])
      friend = insert(:user)