Hide pleroma:report for non-privileged users

Before we deleted the notifications, but that was a side effect and didn't always trigger any more.
Now we just hide them when an unprivileged user asks them.
This commit is contained in:
Ilja 2022-03-02 18:05:50 +01:00
parent e45faddb38
commit eab13fed3e
2 changed files with 52 additions and 5 deletions

View File

@ -61,7 +61,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do
end
def get_notifications(user, params \\ %{}) do
options = cast_params(params)
options =
cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end)
options =
if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do
options
else
options
|> Map.update(:exclude_types, ["pleroma:report"], fn current_exclude_types ->
current_exclude_types ++ ["pleroma:report"]
end)
end
user
|> Notification.for_user_query(options)

View File

@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
use Pleroma.Web.ConnCase
use Pleroma.Web.ConnCase, async: false
alias Pleroma.Notification
alias Pleroma.Repo
@ -74,12 +74,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
end
test "by default, does not contain pleroma:report" do
%{user: user, conn: conn} = oauth_access(["read:notifications"])
clear_config([:instance, :moderator_privileges], [:report_handle])
user = insert(:user)
other_user = insert(:user)
third_user = insert(:user)
user
|> User.admin_api_update(%{is_moderator: true})
{:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
%{conn: conn} = oauth_access(["read:notifications"], user: user)
{:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
@ -101,6 +104,39 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
assert [_] = result
end
test "Pleroma:report is hidden for non-privileged users" do
clear_config([:instance, :moderator_privileges], [:report_handle])
user = insert(:user)
other_user = insert(:user)
third_user = insert(:user)
{:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
%{conn: conn} = oauth_access(["read:notifications"], user: user)
{:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
{:ok, _report} =
CommonAPI.report(third_user, %{account_id: other_user.id, status_ids: [activity.id]})
result =
conn
|> get("/api/v1/notifications?include_types[]=pleroma:report")
|> json_response_and_validate_schema(200)
assert [_] = result
clear_config([:instance, :moderator_privileges], [])
result =
conn
|> get("/api/v1/notifications?include_types[]=pleroma:report")
|> json_response_and_validate_schema(200)
assert [] == result
end
test "excludes mentions from blockers when blockers_visible is false" do
clear_config([:activitypub, :blockers_visible], false)