aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEgor Kislitsyn <egor@kislitsyn.com>2019-01-07 20:55:32 +0700
committerEgor Kislitsyn <egor@kislitsyn.com>2019-01-07 20:55:32 +0700
commitf24087f96ed31a18ed73b6e2d2c7b3a6ec1e6df6 (patch)
tree0f45822223ce9973162829e8bf6b4c47eec67562
parent380e9fba21123467b41629828f97d5f2c257a128 (diff)
parentb640cf0ce09f2c3f81ad8f74a4a536be34605c49 (diff)
downloadpleroma-f24087f96ed31a18ed73b6e2d2c7b3a6ec1e6df6.tar.gz
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/pinned-posts
-rw-r--r--lib/pleroma/web/mastodon_api/mastodon_api_controller.ex13
-rw-r--r--test/web/mastodon_api/mastodon_api_controller_test.exs18
2 files changed, 26 insertions, 5 deletions
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 2fb2943f1..e00a3fb87 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -740,11 +740,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
json(conn, %{})
end
- def status_search(query) do
+ def status_search(user, query) do
fetched =
if Regex.match?(~r/https?:/, query) do
- with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do
- [Activity.get_create_activity_by_object_ap_id(object.data["id"])]
+ with {:ok, object} <- ActivityPub.fetch_object_from_id(query),
+ %Activity{} = activity <-
+ Activity.get_create_activity_by_object_ap_id(object.data["id"]),
+ true <- ActivityPub.visible_for_user?(activity, user) do
+ [activity]
else
_e -> []
end
@@ -771,7 +774,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
accounts = User.search(query, params["resolve"] == "true")
- statuses = status_search(query)
+ statuses = status_search(user, query)
tags_path = Web.base_url() <> "/tag/"
@@ -795,7 +798,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
accounts = User.search(query, params["resolve"] == "true")
- statuses = status_search(query)
+ statuses = status_search(user, query)
tags =
String.split(query)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 7f6c9fb88..5ff7ef259 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -1312,6 +1312,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
end)
end
+ test "search doesn't show statuses that it shouldn't", %{conn: conn} do
+ {:ok, activity} =
+ CommonAPI.post(insert(:user), %{
+ "status" => "This is about 2hu, but private",
+ "visibility" => "private"
+ })
+
+ capture_log(fn ->
+ conn =
+ conn
+ |> get("/api/v1/search", %{"q" => activity.data["object"]["id"]})
+
+ assert results = json_response(conn, 200)
+
+ [] = results["statuses"]
+ end)
+ end
+
test "search fetches remote accounts", %{conn: conn} do
conn =
conn