forked from AkkomaGang/akkoma
excluded invisible actors from gets /api/v1/accounts/:id
This commit is contained in:
parent
fee1276963
commit
4b7c11e3f9
6 changed files with 82 additions and 16 deletions
|
@ -131,6 +131,8 @@ def auth_active?(%User{}), do: true
|
|||
|
||||
def visible_for?(user, for_user \\ nil)
|
||||
|
||||
def visible_for?(%User{invisible: true}, _), do: false
|
||||
|
||||
def visible_for?(%User{id: user_id}, %User{id: for_id}) when user_id == for_id, do: true
|
||||
|
||||
def visible_for?(%User{} = user, for_user) do
|
||||
|
@ -1314,22 +1316,23 @@ def get_or_fetch_by_ap_id(ap_id) do
|
|||
end
|
||||
end
|
||||
|
||||
@doc "Creates an internal service actor by URI if missing. Optionally takes nickname for addressing."
|
||||
@doc """
|
||||
Creates an internal service actor by URI if missing.
|
||||
Optionally takes nickname for addressing.
|
||||
"""
|
||||
def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do
|
||||
with %User{} = user <- get_cached_by_ap_id(uri) do
|
||||
user
|
||||
else
|
||||
_ ->
|
||||
{:ok, user} =
|
||||
%User{}
|
||||
|> cast(%{}, [:ap_id, :nickname, :local])
|
||||
|> put_change(:ap_id, uri)
|
||||
|> put_change(:nickname, nickname)
|
||||
|> put_change(:local, true)
|
||||
|> put_change(:follower_address, uri <> "/followers")
|
||||
|> Repo.insert()
|
||||
with user when is_nil(user) <- get_cached_by_ap_id(uri) do
|
||||
{:ok, user} =
|
||||
%User{
|
||||
invisible: true,
|
||||
local: true,
|
||||
ap_id: uri,
|
||||
nickname: nickname,
|
||||
follower_address: uri <> "/followers"
|
||||
}
|
||||
|> Repo.insert()
|
||||
|
||||
user
|
||||
user
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -14,7 +14,6 @@ def get_actor do
|
|||
relay_ap_id()
|
||||
|> User.get_or_create_service_actor_by_ap_id()
|
||||
|
||||
{:ok, actor} = User.set_invisible(actor, true)
|
||||
actor
|
||||
end
|
||||
|
||||
|
|
|
@ -238,7 +238,7 @@ def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
|
|||
@doc "GET /api/v1/accounts/:id"
|
||||
def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
|
||||
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
|
||||
true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
|
||||
true <- User.visible_for?(user, for_user) do
|
||||
render(conn, "show.json", user: user, for: for_user)
|
||||
else
|
||||
_e -> render_error(conn, :not_found, "Can't find user")
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
defmodule Pleroma.Repo.Migrations.SetVisibleServiceActors do
|
||||
use Ecto.Migration
|
||||
import Ecto.Query
|
||||
alias Pleroma.Repo
|
||||
|
||||
def up do
|
||||
user_nicknames = ["relay", "internal.fetch"]
|
||||
|
||||
from(
|
||||
u in "users",
|
||||
where: u.nickname in ^user_nicknames,
|
||||
update: [
|
||||
set: [invisible: true]
|
||||
]
|
||||
)
|
||||
|> Repo.update_all([])
|
||||
end
|
||||
|
||||
def down do
|
||||
:ok
|
||||
end
|
||||
end
|
|
@ -25,6 +25,25 @@ defmodule Pleroma.UserTest do
|
|||
|
||||
clear_config([:instance, :account_activation_required])
|
||||
|
||||
describe "service actors" do
|
||||
test "returns invisible actor" do
|
||||
uri = "#{Pleroma.Web.Endpoint.url()}/internal/fetch-test"
|
||||
followers_uri = "#{uri}/followers"
|
||||
user = User.get_or_create_service_actor_by_ap_id(uri, "internal.fetch-test")
|
||||
|
||||
assert %User{
|
||||
nickname: "internal.fetch-test",
|
||||
invisible: true,
|
||||
local: true,
|
||||
ap_id: ^uri,
|
||||
follower_address: ^followers_uri
|
||||
} = user
|
||||
|
||||
user2 = User.get_or_create_service_actor_by_ap_id(uri, "internal.fetch-test")
|
||||
assert user.id == user2.id
|
||||
end
|
||||
end
|
||||
|
||||
describe "when tags are nil" do
|
||||
test "tagging a user" do
|
||||
user = insert(:user, %{tags: nil})
|
||||
|
|
|
@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
|||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||
alias Pleroma.Web.ActivityPub.InternalFetchActor
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
|
@ -118,6 +119,28 @@ test "accounts fetches correct account for nicknames beginning with numbers", %{
|
|||
refute acc_one == acc_two
|
||||
assert acc_two == acc_three
|
||||
end
|
||||
|
||||
test "returns 404 when user is invisible", %{conn: conn} do
|
||||
user = insert(:user, %{invisible: true})
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/accounts/#{user.nickname}")
|
||||
|> json_response(404)
|
||||
|
||||
assert %{"error" => "Can't find user"} = resp
|
||||
end
|
||||
|
||||
test "returns 404 for internal.fetch actor", %{conn: conn} do
|
||||
%User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/accounts/internal.fetch")
|
||||
|> json_response(404)
|
||||
|
||||
assert %{"error" => "Can't find user"} = resp
|
||||
end
|
||||
end
|
||||
|
||||
describe "user timelines" do
|
||||
|
|
Loading…
Reference in a new issue