From 36fa5e8802b45bdaee048dd63065d8e73142e52b Mon Sep 17 00:00:00 2001 From: scarlett Date: Mon, 7 Jan 2019 10:30:30 +0000 Subject: [PATCH] Check visible_for_user when performing a search using a direct link. --- .../web/mastodon_api/mastodon_api_controller.ex | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 95d0f849c..f739e8f7d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -725,11 +725,14 @@ def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) d json(conn, %{}) end - def status_search(query) do + def status_search(user, query) do fetched = if Regex.match?(~r/https?:/, query) do - with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do - [Activity.get_create_activity_by_object_ap_id(object.data["id"])] + with {:ok, object} <- ActivityPub.fetch_object_from_id(query), + %Activity{} = activity <- + Activity.get_create_activity_by_object_ap_id(object.data["id"]), + true <- ActivityPub.visible_for_user?(activity, user) do + [activity] else _e -> [] end @@ -756,7 +759,7 @@ def status_search(query) do def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") - statuses = status_search(query) + statuses = status_search(user, query) tags_path = Web.base_url() <> "/tag/" @@ -780,7 +783,7 @@ def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") - statuses = status_search(query) + statuses = status_search(user, query) tags = String.split(query)