commit: 1fa196d8f7abfeccfcd911c74190866ad0950ca0
parent 5433742faf0acfe759799c1b7907b1aff44ecaf3
Author: tusooa <tusooa@kazv.moe>
Date: Thu, 25 May 2023 18:40:38 -0400
Fix deleting banned users' statuses
Diffstat:
4 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/changelog.d/delete-status-of-banned-user.fix b/changelog.d/delete-status-of-banned-user.fix
@@ -0,0 +1 @@
+Fix error 404 when deleting status of a banned user
diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex
@@ -142,7 +142,7 @@ defmodule Pleroma.Web.CommonAPI do
def delete(activity_id, user) do
with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
- {:find_activity, Activity.get_by_id(activity_id)},
+ {:find_activity, Activity.get_by_id(activity_id, filter: [])},
{_, %Object{} = object, _} <-
{:find_object, Object.normalize(activity, fetch: false), activity},
true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"],
diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs
@@ -393,6 +393,20 @@ defmodule Pleroma.Web.CommonAPITest do
refute Activity.get_by_id(post.id)
end
+
+ test "it allows privileged users to delete banned user's posts" do
+ clear_config([:instance, :moderator_privileges], [:messages_delete])
+ user = insert(:user)
+ moderator = insert(:user, is_moderator: true)
+
+ {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+ User.set_activation(user, false)
+
+ assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+ assert delete.local
+
+ refute Activity.get_by_id(post.id)
+ end
end
test "favoriting race condition" do
diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1018,6 +1018,27 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
refute Activity.get_by_id(activity.id)
end
+
+ test "when you're privileged and the user is banned", %{conn: conn} do
+ clear_config([:instance, :moderator_privileges], [:messages_delete])
+ posting_user = insert(:user, is_active: false)
+ refute posting_user.is_active
+ activity = insert(:note_activity, user: posting_user)
+ user = insert(:user, is_moderator: true)
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:statuses"]))
+ |> delete("/api/v1/statuses/#{activity.id}")
+
+ assert %{} = json_response_and_validate_schema(res_conn, 200)
+
+ assert ModerationLog |> Repo.one() |> ModerationLog.get_log_entry_message() ==
+ "@#{user.nickname} deleted status ##{activity.id}"
+
+ refute Activity.get_by_id(activity.id)
+ end
end
describe "reblogging" do