9 files changed, 137 insertions, 43 deletions

diff --git a/config/config.exs b/config/config.exs
index 4f4e2368a..9f0f4cd4f 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -237,34 +237,34 @@ config :cors_plug,
 
 config :pleroma, Pleroma.User,
   restricted_nicknames: [
-    "about",
+    ".well-known",
     "~",
-    "main",
-    "users",
-    "settings",
-    "objects",
+    "about",
     "activities",
-    "web",
-    "registration",
-    "friend-requests",
-    "pleroma",
     "api",
-    "tag",
+    "auth",
+    "dev",
+    "friend-requests",
+    "inbox",
+    "internal",
+    "main",
+    "media",
+    "nodeinfo",
     "notice",
-    "status",
-    "user-search",
-    "ostatus_subscribe",
     "oauth",
+    "objects",
+    "ostatus_subscribe",
+    "pleroma",
+    "proxy",
     "push",
+    "registration",
     "relay",
-    "inbox",
-    ".well-known",
-    "nodeinfo",
-    "auth",
-    "proxy",
-    "dev",
-    "internal",
-    "media"
+    "settings",
+    "status",
+    "tag",
+    "user-search",
+    "users",
+    "web"
   ]
 
 config :pleroma, Pleroma.Web.Federator, max_jobs: 50
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 4685f6d95..b8141146f 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -364,21 +364,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   @valid_visibilities ~w[direct unlisted public private]
 
-  defp restrict_visibility(query, %{visibility: "direct"}) do
-    public = "https://www.w3.org/ns/activitystreams#Public"
+  defp restrict_visibility(query, %{visibility: visibility})
+       when visibility in @valid_visibilities do
+    query =
+      from(
+        a in query,
+        where:
+          fragment("activity_visibility(?, ?, ?) = ?", a.actor, a.recipients, a.data, ^visibility)
+      )
 
-    from(
-      activity in query,
-      join: sender in User,
-      on: sender.ap_id == activity.actor,
-      # Are non-direct statuses with no to/cc possible?
-      where:
-        fragment(
-          "not (? && ?)",
-          [^public, sender.follower_address],
-          activity.recipients
-        )
-    )
+    Ecto.Adapters.SQL.to_sql(:all, Repo, query)
+
+    query
   end
 
   defp restrict_visibility(_query, %{visibility: visibility})
diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex
index 3746feaf6..18d9e2df5 100644
--- a/lib/pleroma/web/rich_media/parser.ex
+++ b/lib/pleroma/web/rich_media/parser.ex
@@ -5,7 +5,7 @@ defmodule Pleroma.Web.RichMedia.Parser do
     def parse(url), do: parse_url(url)
   else
     def parse(url),
-      do: {:commit, Cachex.fetch!(:rich_media_cache, url, fn _ -> parse_url(url) end)}
+      do: Cachex.fetch!(:rich_media_cache, url, fn _ -> parse_url(url) end)
   end
 
   defp parse_url(url) do
diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex
index 245cd52fd..47154829d 100644
--- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex
+++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex
@@ -181,6 +181,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do
 
     reply_user = reply_parent && User.get_cached_by_ap_id(reply_parent.actor)
 
+    summary = HTML.strip_tags(object["summary"])
+
     %{
       "id" => activity.id,
       "uri" => activity.data["object"]["id"],
@@ -207,7 +209,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do
       "activity_type" => "post",
       "possibly_sensitive" => possibly_sensitive,
       "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object),
-      "summary" => HTML.strip_tags(object["summary"]) |> Formatter.emojify(object["emoji"])
+      "summary" => summary,
+      "summary_html" => summary |> Formatter.emojify(object["emoji"])
     }
   end
 
diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex
index 25e1486c1..5f4b74842 100644
--- a/lib/pleroma/web/twitter_api/views/activity_view.ex
+++ b/lib/pleroma/web/twitter_api/views/activity_view.ex
@@ -279,6 +279,8 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do
 
     reply_user = reply_parent && User.get_cached_by_ap_id(reply_parent.actor)
 
+    summary = HTML.strip_tags(summary)
+
     %{
       "id" => activity.id,
       "uri" => activity.data["object"]["id"],
@@ -305,7 +307,8 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do
       "activity_type" => "post",
       "possibly_sensitive" => possibly_sensitive,
       "visibility" => Pleroma.Web.MastodonAPI.StatusView.get_visibility(object),
-      "summary" => HTML.strip_tags(summary) |> Formatter.emojify(object["emoji"])
+      "summary" => summary,
+      "summary_html" => summary |> Formatter.emojify(object["emoji"])
     }
   end
 
diff --git a/priv/repo/migrations/20190109152453_add_visibility_function.exs b/priv/repo/migrations/20190109152453_add_visibility_function.exs
new file mode 100644
index 000000000..3aadabcd7
--- /dev/null
+++ b/priv/repo/migrations/20190109152453_add_visibility_function.exs
@@ -0,0 +1,48 @@
+defmodule Pleroma.Repo.Migrations.AddVisibilityFunction do
+  use Ecto.Migration
+  @disable_ddl_transaction true
+
+  def up do
+    definition = """
+    create or replace function activity_visibility(actor varchar, recipients varchar[], data jsonb) returns varchar as $$
+    DECLARE
+      fa varchar;
+      public varchar := 'https://www.w3.org/ns/activitystreams#Public';
+    BEGIN
+      SELECT COALESCE(users.follower_address, '') into fa from users where users.ap_id = actor;
+
+      IF data->'to' ? public THEN
+        RETURN 'public';
+      ELSIF data->'cc' ? public THEN
+        RETURN 'unlisted';
+      ELSIF ARRAY[fa] && recipients THEN
+        RETURN 'private';
+      ELSIF not(ARRAY[fa, public] && recipients) THEN
+        RETURN 'direct';
+      ELSE
+        RETURN 'unknown';
+      END IF;
+    END;
+    $$ LANGUAGE plpgsql IMMUTABLE;
+    """
+
+    execute(definition)
+
+    create(
+      index(:activities, ["activity_visibility(actor, recipients, data)"],
+        name: :activities_visibility_index,
+        concurrently: true
+      )
+    )
+  end
+
+  def down do
+    drop(
+      index(:activities, ["activity_visibility(actor, recipients, data)"],
+        name: :activities_visibility_index
+      )
+    )
+
+    execute("drop function activity_visibility(actor varchar, recipients varchar[], data jsonb)")
+  end
+end
diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
index 2453998ad..47aa5a56f 100644
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@ -18,6 +18,42 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     :ok
   end
 
+  describe "fetching restricted by visibility" do
+    test "it restricts by the appropriate visibility" do
+      user = insert(:user)
+
+      {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
+
+      {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+
+      {:ok, unlisted_activity} =
+        CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
+
+      {:ok, private_activity} =
+        CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "direct", "actor_id" => user.ap_id})
+
+      assert activities == [direct_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "unlisted", "actor_id" => user.ap_id})
+
+      assert activities == [unlisted_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "private", "actor_id" => user.ap_id})
+
+      assert activities == [private_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "public", "actor_id" => user.ap_id})
+
+      assert activities == [public_activity]
+    end
+  end
+
   describe "building a user from his ap id" do
     test "it returns a user" do
       user_id = "http://mastodon.example.org/users/admin"
diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs
index 2ac32aeb2..d71aaacfe 100644
--- a/test/web/twitter_api/representers/activity_representer_test.exs
+++ b/test/web/twitter_api/representers/activity_representer_test.exs
@@ -107,7 +107,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
           "published" => date,
           "type" => "Note",
           "content" => content_html,
-          "summary" => "2hu",
+          "summary" => "2hu :2hu:",
           "inReplyToStatusId" => 213_123,
           "attachment" => [
             object
@@ -129,7 +129,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
     }
 
     expected_html =
-      "<p>2hu</p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{
+      "<p>2hu <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /></p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{
         mentioned_user.ap_id
       }\">@shp</a>"
 
@@ -138,7 +138,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
       "user" => UserView.render("show.json", %{user: user, for: follower}),
       "is_local" => false,
       "statusnet_html" => expected_html,
-      "text" => "2hu" <> content,
+      "text" => "2hu :2hu:" <> content,
       "is_post_verb" => true,
       "created_at" => "Tue May 24 13:26:08 +0000 2016",
       "in_reply_to_status_id" => 213_123,
@@ -163,7 +163,9 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
       "possibly_sensitive" => true,
       "uri" => activity.data["object"]["id"],
       "visibility" => "direct",
-      "summary" => "2hu"
+      "summary" => "2hu :2hu:",
+      "summary_html" =>
+        "2hu <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" />"
     }
 
     assert ActivityRepresenter.to_map(activity, %{
diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs
index bd4878e98..5294204c6 100644
--- a/test/web/twitter_api/views/activity_view_test.exs
+++ b/test/web/twitter_api/views/activity_view_test.exs
@@ -81,10 +81,13 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
 
     result = ActivityView.render("activity.json", activity: activity)
 
-    expected =
+    expected = ":woollysocks: meow"
+
+    expected_html =
       "<img height=\"32px\" width=\"32px\" alt=\"woollysocks\" title=\"woollysocks\" src=\"http://localhost:4001/finmoji/128px/woollysocks-128.png\" /> meow"
 
     assert result["summary"] == expected
+    assert result["summary_html"] == expected_html
   end
 
   test "a create activity with a summary containing invalid HTML" do
@@ -99,6 +102,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
     expected = "meow"
 
     assert result["summary"] == expected
+    assert result["summary_html"] == expected
   end
 
   test "a create activity with a note" do
@@ -134,6 +138,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
       "repeated" => false,
       "statusnet_conversation_id" => convo_id,
       "summary" => "",
+      "summary_html" => "",
       "statusnet_html" =>
         "Hey <span><a data-user=\"#{other_user.id}\" href=\"#{other_user.ap_id}\">@<span>shp</span></a></span>!",
       "tags" => [],