diff options
| author | Fire Demon <firedemon@creature.cafe> | 2020-08-18 01:44:29 -0500 |
|---|---|---|
| committer | Fire Demon <firedemon@creature.cafe> | 2020-08-30 05:45:19 -0500 |
| commit | 8fde6152198d21fffe9b1ce5f870a5eccd2cdbf0 (patch) | |
| tree | e5f8926cb4ddb4d10571ebaddb59a328d79c4409 | |
| parent | 5c329014a1c2fdbf34c23d4da994bd96e92b5e81 (diff) | |
[Privacy] Refactor outbox privacy to allow full account migrations and authenticated access
| -rw-r--r-- | app/controllers/activitypub/outboxes_controller.rb | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index c4c0ce0c9..5c4a15051 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -14,7 +14,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController before_action -> { require_following!(@account) }, if: -> { @account.private? } def show - expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?)) + expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(current_account.present? && page_requested?)) render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: current_account&.domain end @@ -34,7 +34,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController ActivityPub::CollectionPresenter.new( id: account_outbox_url(@account), type: :ordered, - size: @account.statuses_count, + size: @statuses.count, first: account_outbox_url(@account, page: true), last: account_outbox_url(@account, page: true, min_id: 0) ) @@ -49,15 +49,38 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController account_outbox_url(@account, page: true, min_id: @statuses.first.id) unless @statuses.empty? end + def permitted_account_statuses + @account.statuses.permitted_for( + @account, + current_account, + include_replies: true, + include_reblogs: true, + public: !(owner? || follower?), + include_semiprivate: owner? || mutual_follower?, + exclude_local_only: true + ) + end + + def owner? + return @owner if defined?(@owner) + + @owner = @account.id == current_account&.id + @owner ||= @account.moved_to_account_id == current_account&.id if @account.moved_to_account_id.present? + @owner + end + + def follower? + @following ||= current_account&.following?(@account) + end + + def mutual_follower? + follower? && @account.following?(current_account) + end + def set_statuses return unless page_requested? - @statuses = if authenticated_or_following?(@account) - @account.statuses.without_semiprivate.permitted_for(@account, signed_request_account) - else - @account.statuses.permitted_for(@account, signed_request_account, user_signed_in: true) - end - + @statuses = permitted_account_statuses @statuses = @statuses.paginate_by_id(LIMIT, params_slice(:max_id, :min_id, :since_id)) @statuses = cache_collection(@statuses, Status) end |