diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-10-25 18:12:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-25 18:12:22 +0200 |
commit | d4cf963749d2f6bb8e47a670e8cc4819ff659f49 (patch) | |
tree | edf1952827a69950512fbc05e7150942266a13fc | |
parent | b9d7021c1ba9abdfceeffb36cb7c67885b1fb9fc (diff) |
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
-rw-r--r-- | app/controllers/activitypub/inboxes_controller.rb | 2 | ||||
-rw-r--r-- | app/lib/activitypub/activity/create.rb | 13 | ||||
-rw-r--r-- | app/workers/activitypub/processing_worker.rb | 4 |
3 files changed, 15 insertions, 4 deletions
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index af51e32d5..8f5e1887e 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -36,6 +36,6 @@ class ActivityPub::InboxesController < Api::BaseController end def process_payload - ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8')) + ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id) end end diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 7e6702a63..92cdf4578 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -81,11 +81,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity @mentions << Mention.new(account: account, silent: true) # If there is at least one silent mention, then the status can be considered - # as a limited-audience status, and not strictly a direct message + # as a limited-audience status, and not strictly a direct message, but only + # if we considered a direct message in the first place next unless @params[:visibility] == :direct @params[:visibility] = :limited end + + # If the payload was delivered to a specific inbox, the inbox owner must have + # access to it, unless they already have access to it anyway + return if @options[:delivered_to_account_id].nil? || @mentions.any? { mention.account_id == @options[:delivered_to_account_id] } + + @mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true) + + return unless @param[:visibility] == :direct + + @params[:visibility] = :limited end def attach_tags(status) diff --git a/app/workers/activitypub/processing_worker.rb b/app/workers/activitypub/processing_worker.rb index 0e2e0eddd..a8a3ebf0f 100644 --- a/app/workers/activitypub/processing_worker.rb +++ b/app/workers/activitypub/processing_worker.rb @@ -5,7 +5,7 @@ class ActivityPub::ProcessingWorker sidekiq_options backtrace: true - def perform(account_id, body) - ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true) + def perform(account_id, body, delivered_to_account_id = nil) + ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true, delivered_to_account_id: delivered_to_account_id) end end |