commit: 70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299
parent: a9203ab363fdedcf69c3f299063345e26b836a05
Author: lain <lain@soykaf.club>
Date: Sat, 7 Apr 2018 16:40:03 +0200
Only search in public data for now.
This should be the data the user is allowed to see later, but this
will stop accidental private message leaks.
Diffstat:
3 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
from(
a in Activity,
where: fragment("?->>'type' = 'Create'", a.data),
+ where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where:
fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
from(
a in Activity,
where: fragment("?->>'type' = 'Create'", a.data),
+ where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where:
fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -564,6 +564,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+
+ {:ok, _activity} =
+ CommonAPI.post(user, %{
+ "status" => "This is about 2hu, but private",
+ "visibility" => "private"
+ })
+
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
conn =