commit: eab13fed3e6ba7edd7847fd00581b45dc4292af0
parent e45faddb38311c799b2276cb952ac7715e2cbfab
Author: Ilja <ilja@ilja.space>
Date: Wed, 2 Mar 2022 18:05:50 +0100
Hide pleroma:report for non-privileged users
Before we deleted the notifications, but that was a side effect and didn't always trigger any more.
Now we just hide them when an unprivileged user asks them.
Diffstat:
2 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api.ex b/lib/pleroma/web/mastodon_api/mastodon_api.ex
@@ -61,7 +61,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do
end
def get_notifications(user, params \\ %{}) do
- options = cast_params(params)
+ options =
+ cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end)
+
+ options =
+ if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do
+ options
+ else
+ options
+ |> Map.update(:exclude_types, ["pleroma:report"], fn current_exclude_types ->
+ current_exclude_types ++ ["pleroma:report"]
+ end)
+ end
user
|> Notification.for_user_query(options)
diff --git a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
- use Pleroma.Web.ConnCase
+ use Pleroma.Web.ConnCase, async: false
alias Pleroma.Notification
alias Pleroma.Repo
@@ -74,12 +74,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
end
test "by default, does not contain pleroma:report" do
- %{user: user, conn: conn} = oauth_access(["read:notifications"])
+ clear_config([:instance, :moderator_privileges], [:report_handle])
+
+ user = insert(:user)
other_user = insert(:user)
third_user = insert(:user)
- user
- |> User.admin_api_update(%{is_moderator: true})
+ {:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
+
+ %{conn: conn} = oauth_access(["read:notifications"], user: user)
{:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
@@ -101,6 +104,39 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
assert [_] = result
end
+ test "Pleroma:report is hidden for non-privileged users" do
+ clear_config([:instance, :moderator_privileges], [:report_handle])
+
+ user = insert(:user)
+ other_user = insert(:user)
+ third_user = insert(:user)
+
+ {:ok, user} = user |> User.admin_api_update(%{is_moderator: true})
+
+ %{conn: conn} = oauth_access(["read:notifications"], user: user)
+
+ {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+
+ {:ok, _report} =
+ CommonAPI.report(third_user, %{account_id: other_user.id, status_ids: [activity.id]})
+
+ result =
+ conn
+ |> get("/api/v1/notifications?include_types[]=pleroma:report")
+ |> json_response_and_validate_schema(200)
+
+ assert [_] = result
+
+ clear_config([:instance, :moderator_privileges], [])
+
+ result =
+ conn
+ |> get("/api/v1/notifications?include_types[]=pleroma:report")
+ |> json_response_and_validate_schema(200)
+
+ assert [] == result
+ end
+
test "excludes mentions from blockers when blockers_visible is false" do
clear_config([:activitypub, :blockers_visible], false)
