Merge branch 'remove-direct-messages-from-public-timeline' into 'develop'
Fix private and direct statuses not being filtered out from the public timeline for an authenticated user. Closes #1223 See merge request pleroma/pleroma!1703
This commit is contained in:
commit
760df67a7b
@ -12,6 +12,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
- Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler
|
||||
- Admin API: Return `total` when querying for reports
|
||||
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
|
||||
### Fixed
|
||||
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
|
||||
|
||||
## [1.1.0] - 2019-??-??
|
||||
### Security
|
||||
|
@ -520,9 +520,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
|
||||
end
|
||||
|
||||
def fetch_public_activities(opts \\ %{}) do
|
||||
q = fetch_activities_query([Pleroma.Constants.as_public()], opts)
|
||||
opts = Map.drop(opts, ["user"])
|
||||
|
||||
q
|
||||
[Pleroma.Constants.as_public()]
|
||||
|> fetch_activities_query(opts)
|
||||
|> restrict_unlisted()
|
||||
|> Pagination.fetch_paginated(opts)
|
||||
|> Enum.reverse()
|
||||
|
@ -381,7 +381,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
||||
|> Map.put("local_only", local_only)
|
||||
|> Map.put("blocking_user", user)
|
||||
|> Map.put("muting_user", user)
|
||||
|> Map.put("user", user)
|
||||
|> ActivityPub.fetch_public_activities()
|
||||
|> Enum.reverse()
|
||||
|
||||
|
@ -97,6 +97,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
||||
|> json_response(403) == %{"error" => "This resource requires authentication."}
|
||||
end
|
||||
|
||||
test "the public timeline includes only public statuses for an authenticated user" do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, user)
|
||||
|
||||
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
|
||||
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
|
||||
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
|
||||
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
|
||||
|
||||
res_conn = get(conn, "/api/v1/timelines/public")
|
||||
assert length(json_response(res_conn, 200)) == 1
|
||||
end
|
||||
|
||||
describe "posting statuses" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
|
Loading…
Reference in New Issue
Block a user