Hide pleroma:report for non-privileged users

Before we deleted the notifications, but that was a side effect and didn't always trigger any more. Now we just hide them when an unprivileged user asks them.
2022-03-02 18:05:50 +01:00 · 2022-03-02 18:05:50 +01:00 · eab13fed3e
commit eab13fed3e
parent e45faddb38
2 changed files with 52 additions and 5 deletions
--- a/lib/pleroma/web/mastodon_api/mastodon_api.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api.ex
@ -61,7 +61,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do
  end

  def get_notifications(user, params \\ %{}) do
-    options = cast_params(params)
+    options =
+      cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end)
+
+    options =
+      if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do
+        options
+      else
+        options
+        |> Map.update(:exclude_types, ["pleroma:report"], fn current_exclude_types ->
+          current_exclude_types ++ ["pleroma:report"]
+        end)
+      end

    user
    |> Notification.for_user_query(options)
--- a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs
@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
-  use Pleroma.Web.ConnCase
+  use Pleroma.Web.ConnCase, async: false

  alias Pleroma.Notification
  alias Pleroma.Repo
@ -74,12 +74,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
  end

  test "by default, does not contain pleroma:report" do
-    %{user: user, conn: conn} = oauth_access(["read:notifications"])
+    clear_config([:instance, :moderator_privileges], [:report_handle])
+
+    user = insert(:user)
    other_user = insert(:user)
    third_user = insert(:user)

-    user
-    |> User.admin_api_update(%{is_moderator: true})
+    {:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
+
+    %{conn: conn} = oauth_access(["read:notifications"], user: user)

    {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})

@ -101,6 +104,39 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    assert [_] = result
  end

+  test "Pleroma:report is hidden for non-privileged users" do
+    clear_config([:instance, :moderator_privileges], [:report_handle])
+
+    user = insert(:user)
+    other_user = insert(:user)
+    third_user = insert(:user)
+
+    {:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
+
+    %{conn: conn} = oauth_access(["read:notifications"], user: user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+
+    {:ok, _report} =
+      CommonAPI.report(third_user, %{account_id: other_user.id, status_ids: [activity.id]})
+
+    result =
+      conn
+      |> get("/api/v1/notifications?include_types[]=pleroma:report")
+      |> json_response_and_validate_schema(200)
+
+    assert [_] = result
+
+    clear_config([:instance, :moderator_privileges], [])
+
+    result =
+      conn
+      |> get("/api/v1/notifications?include_types[]=pleroma:report")
+      |> json_response_and_validate_schema(200)
+
+    assert [] == result
+  end
+
  test "excludes mentions from blockers when blockers_visible is false" do
    clear_config([:activitypub, :blockers_visible], false)