ActivityPub: For user timelines, respects blocks.
Unless the timeline belongs to a blocked user.
This commit is contained in:
parent
67d8df04a4
commit
e8cee4d9a0
@ -748,6 +748,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
|
|||||||
|> Map.put("whole_db", true)
|
|> Map.put("whole_db", true)
|
||||||
|> Map.put("pinned_activity_ids", user.pinned_activities)
|
|> Map.put("pinned_activity_ids", user.pinned_activities)
|
||||||
|
|
||||||
|
params =
|
||||||
|
if User.blocks?(reading_user, user) do
|
||||||
|
params
|
||||||
|
else
|
||||||
|
params
|
||||||
|
|> Map.put("blocking_user", reading_user)
|
||||||
|
|> Map.put("muting_user", reading_user)
|
||||||
|
end
|
||||||
|
|
||||||
recipients =
|
recipients =
|
||||||
user_activities_recipients(%{
|
user_activities_recipients(%{
|
||||||
"godmode" => params["godmode"],
|
"godmode" => params["godmode"],
|
||||||
|
@ -249,7 +249,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
|||||||
@doc "GET /api/v1/accounts/:id/statuses"
|
@doc "GET /api/v1/accounts/:id/statuses"
|
||||||
def statuses(%{assigns: %{user: reading_user}} = conn, params) do
|
def statuses(%{assigns: %{user: reading_user}} = conn, params) do
|
||||||
with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user) do
|
with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user) do
|
||||||
params = Map.put(params, "tag", params["tagged"])
|
params =
|
||||||
|
params
|
||||||
|
|> Map.put("tag", params["tagged"])
|
||||||
|
|> Map.delete("godmode")
|
||||||
|
|
||||||
activities = ActivityPub.fetch_user_activities(user, reading_user, params)
|
activities = ActivityPub.fetch_user_activities(user, reading_user, params)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|
@ -144,6 +144,50 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "user timelines" do
|
describe "user timelines" do
|
||||||
|
test "respects blocks", %{conn: conn} do
|
||||||
|
user_one = insert(:user)
|
||||||
|
user_two = insert(:user)
|
||||||
|
user_three = insert(:user)
|
||||||
|
|
||||||
|
User.block(user_one, user_two)
|
||||||
|
|
||||||
|
{:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
|
||||||
|
{:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
|
||||||
|
|
||||||
|
resp =
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/accounts/#{user_two.id}/statuses")
|
||||||
|
|
||||||
|
assert [%{"id" => id}] = json_response(resp, 200)
|
||||||
|
assert id == activity.id
|
||||||
|
|
||||||
|
# Even a blocked user will deliver the full user timeline, there would be
|
||||||
|
# no point in looking at a blocked users timeline otherwise
|
||||||
|
resp =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user_one)
|
||||||
|
|> get("/api/v1/accounts/#{user_two.id}/statuses")
|
||||||
|
|
||||||
|
assert [%{"id" => id}] = json_response(resp, 200)
|
||||||
|
assert id == activity.id
|
||||||
|
|
||||||
|
resp =
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/accounts/#{user_three.id}/statuses")
|
||||||
|
|
||||||
|
assert [%{"id" => id}] = json_response(resp, 200)
|
||||||
|
assert id == repeat.id
|
||||||
|
|
||||||
|
# When viewing a third user's timeline, the blocked users will NOT be
|
||||||
|
# shown.
|
||||||
|
resp =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user_one)
|
||||||
|
|> get("/api/v1/accounts/#{user_three.id}/statuses")
|
||||||
|
|
||||||
|
assert [] = json_response(resp, 200)
|
||||||
|
end
|
||||||
|
|
||||||
test "gets a users statuses", %{conn: conn} do
|
test "gets a users statuses", %{conn: conn} do
|
||||||
user_one = insert(:user)
|
user_one = insert(:user)
|
||||||
user_two = insert(:user)
|
user_two = insert(:user)
|
||||||
|
Loading…
Reference in New Issue
Block a user