From d72f9e39d9f76ee8bbd26c068b2870ea945705b7 Mon Sep 17 00:00:00 2001 From: floatingghost Date: Sun, 21 Aug 2022 15:17:01 +0000 Subject: [PATCH] add visibility check on quote (#178) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/178 --- .../web/mastodon_api/views/status_view.ex | 10 +++++-- .../mastodon_api/views/status_view_test.exs | 28 +++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index d099c4901..d838c4673 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -623,15 +623,19 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do defp maybe_render_quote(nil, _), do: nil defp maybe_render_quote(quote, opts) do - if opts[:do_not_recurse] || !visible_for_user?(quote, opts[:for]) do - nil - else + with %User{} = quoted_user <- User.get_cached_by_ap_id(quote.actor), + false <- Map.get(opts, :do_not_recurse, false), + true <- visible_for_user?(quote, opts[:for]), + false <- User.blocks?(opts[:for], quoted_user), + false <- User.mutes?(opts[:for], quoted_user) do opts = opts |> Map.put(:activity, quote) |> Map.put(:do_not_recurse, true) render("show.json", opts) + else + _ -> nil end end end diff --git a/test/pleroma/web/mastodon_api/views/status_view_test.exs b/test/pleroma/web/mastodon_api/views/status_view_test.exs index a6f8f3fc8..f46dded7c 100644 --- a/test/pleroma/web/mastodon_api/views/status_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/status_view_test.exs @@ -428,6 +428,34 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do assert is_nil(status.quote) end + test "a quote from a user we block" do + user = insert(:user) + other_user = insert(:user) + blocked_user = insert(:user) + + {:ok, _relationship} = User.block(user, blocked_user) + + {:ok, activity} = CommonAPI.post(blocked_user, %{status: ":< i am ANGERY"}) + {:ok, quote_activity} = CommonAPI.post(other_user, %{status: "hehe", quote_id: activity.id}) + + status = StatusView.render("show.json", %{activity: quote_activity, for: user}) + assert is_nil(status.quote) + end + + test "a quote from a user we mute" do + user = insert(:user) + other_user = insert(:user) + blocked_user = insert(:user) + + {:ok, _relationship} = User.mute(user, blocked_user) + + {:ok, activity} = CommonAPI.post(blocked_user, %{status: ":< i am ANGERY"}) + {:ok, quote_activity} = CommonAPI.post(other_user, %{status: "hehe", quote_id: activity.id}) + + status = StatusView.render("show.json", %{activity: quote_activity, for: user}) + assert is_nil(status.quote) + end + test "contains mentions" do user = insert(:user) mentioned = insert(:user)