about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorFire Demon <firedemon@creature.cafe>2020-08-18 01:44:29 -0500
committerFire Demon <firedemon@creature.cafe>2020-08-30 05:45:19 -0500
commit8fde6152198d21fffe9b1ce5f870a5eccd2cdbf0 (patch)
treee5f8926cb4ddb4d10571ebaddb59a328d79c4409 /app
parent5c329014a1c2fdbf34c23d4da994bd96e92b5e81 (diff)
[Privacy] Refactor outbox privacy to allow full account migrations and authenticated access
Diffstat (limited to 'app')
-rw-r--r--app/controllers/activitypub/outboxes_controller.rb39
1 files changed, 31 insertions, 8 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index c4c0ce0c9..5c4a15051 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -14,7 +14,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   before_action -> { require_following!(@account) }, if: -> { @account.private? }
 
   def show
-    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
+    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(current_account.present? && page_requested?))
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: current_account&.domain
   end
 
@@ -34,7 +34,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
       ActivityPub::CollectionPresenter.new(
         id: account_outbox_url(@account),
         type: :ordered,
-        size: @account.statuses_count,
+        size: @statuses.count,
         first: account_outbox_url(@account, page: true),
         last: account_outbox_url(@account, page: true, min_id: 0)
       )
@@ -49,15 +49,38 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
     account_outbox_url(@account, page: true, min_id: @statuses.first.id) unless @statuses.empty?
   end
 
+  def permitted_account_statuses
+    @account.statuses.permitted_for(
+      @account,
+      current_account,
+      include_replies: true,
+      include_reblogs: true,
+      public: !(owner? || follower?),
+      include_semiprivate: owner? || mutual_follower?,
+      exclude_local_only: true
+    )
+  end
+
+  def owner?
+    return @owner if defined?(@owner)
+
+    @owner   = @account.id == current_account&.id
+    @owner ||= @account.moved_to_account_id == current_account&.id if @account.moved_to_account_id.present?
+    @owner
+  end
+
+  def follower?
+    @following ||= current_account&.following?(@account)
+  end
+
+  def mutual_follower?
+    follower? && @account.following?(current_account)
+  end
+
   def set_statuses
     return unless page_requested?
 
-    @statuses = if authenticated_or_following?(@account)
-                  @account.statuses.without_semiprivate.permitted_for(@account, signed_request_account)
-                else
-                  @account.statuses.permitted_for(@account, signed_request_account, user_signed_in: true)
-                end
-
+    @statuses = permitted_account_statuses
     @statuses = @statuses.paginate_by_id(LIMIT, params_slice(:max_id, :min_id, :since_id))
     @statuses = cache_collection(@statuses, Status)
   end