kawen/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

ensure local statuses are not visible remotely

Browse source
This commit is contained in:
FloatingGhost 2022-06-22 17:06:40 +01:00
parent 34e11cef47
commit 3928cecf6b
2 changed files with 42 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/pleroma/web/activity_pub/visibility.ex
View file

@ -84,7 +84,12 @@ def visible_for_user?(%{__struct__: module} = message, user)
when module in [Activity, Object] do when module in [Activity, Object] do
x = [user.ap_id | User.following(user)] x = [user.ap_id | User.following(user)]
y = [message.data["actor"]] ++ message.data["to"] ++ (message.data["cc"] || []) y = [message.data["actor"]] ++ message.data["to"] ++ (message.data["cc"] || [])
is_public?(message) || Enum.any?(x, &(&1 in y))
if is_local_public?(message) do
user.local
else
is_public?(message) || Enum.any?(x, &(&1 in y))
end
end end
def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do

42
test/pleroma/web/activity_pub/visibility_test.exs
View file

@ -16,6 +16,7 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
mentioned = insert(:user) mentioned = insert(:user)
following = insert(:user) following = insert(:user)
unrelated = insert(:user) unrelated = insert(:user)
remote = insert(:user, local: false)
{:ok, following, user} = Pleroma.User.follow(following, user) {:ok, following, user} = Pleroma.User.follow(following, user)
{:ok, list} = Pleroma.List.create("foo", user) {:ok, list} = Pleroma.List.create("foo", user)
@ -33,6 +34,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
{:ok, unlisted} = {:ok, unlisted} =
CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "unlisted"}) CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "unlisted"})
{:ok, local} =
CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "local"})
{:ok, list} = {:ok, list} =
CommonAPI.post(user, %{ CommonAPI.post(user, %{
status: "@#{mentioned.nickname}", status: "@#{mentioned.nickname}",
@ -48,7 +52,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
mentioned: mentioned, mentioned: mentioned,
following: following, following: following,
unrelated: unrelated, unrelated: unrelated,
list: list list: list,
local: local,
remote: remote
} }
end end
@ -57,13 +63,15 @@ test "is_direct?", %{
private: private, private: private,
direct: direct, direct: direct,
unlisted: unlisted, unlisted: unlisted,
list: list list: list,
local: local
} do } do
assert Visibility.is_direct?(direct) assert Visibility.is_direct?(direct)
refute Visibility.is_direct?(public) refute Visibility.is_direct?(public)
refute Visibility.is_direct?(private) refute Visibility.is_direct?(private)
refute Visibility.is_direct?(unlisted) refute Visibility.is_direct?(unlisted)
assert Visibility.is_direct?(list) assert Visibility.is_direct?(list)
refute Visibility.is_direct?(local)
end end
test "is_public?", %{ test "is_public?", %{
@ -71,12 +79,14 @@ test "is_public?", %{
private: private, private: private,
direct: direct, direct: direct,
unlisted: unlisted, unlisted: unlisted,
local: local,
list: list list: list
} do } do
refute Visibility.is_public?(direct) refute Visibility.is_public?(direct)
assert Visibility.is_public?(public) assert Visibility.is_public?(public)
refute Visibility.is_public?(private) refute Visibility.is_public?(private)
assert Visibility.is_public?(unlisted) assert Visibility.is_public?(unlisted)
assert Visibility.is_public?(local)
refute Visibility.is_public?(list) refute Visibility.is_public?(list)
end end
@ -85,13 +95,15 @@ test "is_private?", %{
private: private, private: private,
direct: direct, direct: direct,
unlisted: unlisted, unlisted: unlisted,
list: list list: list,
local: local
} do } do
refute Visibility.is_private?(direct) refute Visibility.is_private?(direct)
refute Visibility.is_private?(public) refute Visibility.is_private?(public)
assert Visibility.is_private?(private) assert Visibility.is_private?(private)
refute Visibility.is_private?(unlisted) refute Visibility.is_private?(unlisted)
refute Visibility.is_private?(list) refute Visibility.is_private?(list)
refute Visibility.is_private?(local)
end end
test "is_list?", %{ test "is_list?", %{
@ -99,13 +111,15 @@ test "is_list?", %{
private: private, private: private,
direct: direct, direct: direct,
unlisted: unlisted, unlisted: unlisted,
list: list list: list,
local: local
} do } do
refute Visibility.is_list?(direct) refute Visibility.is_list?(direct)
refute Visibility.is_list?(public) refute Visibility.is_list?(public)
refute Visibility.is_list?(private) refute Visibility.is_list?(private)
refute Visibility.is_list?(unlisted) refute Visibility.is_list?(unlisted)
assert Visibility.is_list?(list) assert Visibility.is_list?(list)
refute Visibility.is_list?(local)
end end
test "visible_for_user? Activity", %{ test "visible_for_user? Activity", %{
@ -117,7 +131,9 @@ test "visible_for_user? Activity", %{
mentioned: mentioned, mentioned: mentioned,
following: following, following: following,
unrelated: unrelated, unrelated: unrelated,
list: list list: list,
local: local,
remote: remote
} do } do
# All visible to author # All visible to author
@ -126,6 +142,7 @@ test "visible_for_user? Activity", %{
assert Visibility.visible_for_user?(unlisted, user) assert Visibility.visible_for_user?(unlisted, user)
assert Visibility.visible_for_user?(direct, user) assert Visibility.visible_for_user?(direct, user)
assert Visibility.visible_for_user?(list, user) assert Visibility.visible_for_user?(list, user)
assert Visibility.visible_for_user?(local, user)
# All visible to a mentioned user # All visible to a mentioned user
@ -134,6 +151,7 @@ test "visible_for_user? Activity", %{
assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned)
assert Visibility.visible_for_user?(direct, mentioned) assert Visibility.visible_for_user?(direct, mentioned)
assert Visibility.visible_for_user?(list, mentioned) assert Visibility.visible_for_user?(list, mentioned)
assert Visibility.visible_for_user?(local, mentioned)
# DM not visible for just follower # DM not visible for just follower
@ -142,6 +160,7 @@ test "visible_for_user? Activity", %{
assert Visibility.visible_for_user?(unlisted, following) assert Visibility.visible_for_user?(unlisted, following)
refute Visibility.visible_for_user?(direct, following) refute Visibility.visible_for_user?(direct, following)
refute Visibility.visible_for_user?(list, following) refute Visibility.visible_for_user?(list, following)
assert Visibility.visible_for_user?(local, following)
# Public and unlisted visible for unrelated user # Public and unlisted visible for unrelated user
@ -149,6 +168,7 @@ test "visible_for_user? Activity", %{
assert Visibility.visible_for_user?(unlisted, unrelated) assert Visibility.visible_for_user?(unlisted, unrelated)
refute Visibility.visible_for_user?(private, unrelated) refute Visibility.visible_for_user?(private, unrelated)
refute Visibility.visible_for_user?(direct, unrelated) refute Visibility.visible_for_user?(direct, unrelated)
assert Visibility.visible_for_user?(local, unrelated)
# Public and unlisted visible for unauthenticated # Public and unlisted visible for unauthenticated
@ -156,9 +176,13 @@ test "visible_for_user? Activity", %{
assert Visibility.visible_for_user?(unlisted, nil) assert Visibility.visible_for_user?(unlisted, nil)
refute Visibility.visible_for_user?(private, nil) refute Visibility.visible_for_user?(private, nil)
refute Visibility.visible_for_user?(direct, nil) refute Visibility.visible_for_user?(direct, nil)
refute Visibility.visible_for_user?(local, nil)
# Visible for a list member # Visible for a list member
assert Visibility.visible_for_user?(list, unrelated) assert Visibility.visible_for_user?(list, unrelated)
# Local not visible to remote user
refute Visibility.visible_for_user?(local, remote)
end end
test "visible_for_user? Object", %{ test "visible_for_user? Object", %{
@ -170,13 +194,16 @@ test "visible_for_user? Object", %{
mentioned: mentioned, mentioned: mentioned,
following: following, following: following,
unrelated: unrelated, unrelated: unrelated,
list: list list: list,
local: local,
remote: remote
} do } do
public = Object.normalize(public) public = Object.normalize(public)
private = Object.normalize(private) private = Object.normalize(private)
unlisted = Object.normalize(unlisted) unlisted = Object.normalize(unlisted)
direct = Object.normalize(direct) direct = Object.normalize(direct)
list = Object.normalize(list) list = Object.normalize(list)
local = Object.normalize(local)
# All visible to author # All visible to author
@ -215,7 +242,10 @@ test "visible_for_user? Object", %{
assert Visibility.visible_for_user?(unlisted, nil) assert Visibility.visible_for_user?(unlisted, nil)
refute Visibility.visible_for_user?(private, nil) refute Visibility.visible_for_user?(private, nil)
refute Visibility.visible_for_user?(direct, nil) refute Visibility.visible_for_user?(direct, nil)
refute Visibility.visible_for_user?(local, nil)
# Local posts to remote
refute Visibility.visible_for_user?(local, remote)
# Visible for a list member # Visible for a list member
# assert Visibility.visible_for_user?(list, unrelated) # assert Visibility.visible_for_user?(list, unrelated)
end end