aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/web/activity_pub/object_validators/accept_validator.ex16
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/pleroma/web/activity_pub/object_validators/accept_validator.ex b/lib/pleroma/web/activity_pub/object_validators/accept_validator.ex
index b81e078e3..6d0fa669a 100644
--- a/lib/pleroma/web/activity_pub/object_validators/accept_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/accept_validator.ex
@@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptValidator do
use Ecto.Schema
alias Pleroma.EctoType.ActivityPub.ObjectValidators
+ alias Pleroma.Activity
import Ecto.Changeset
import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
@@ -31,7 +32,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptValidator do
|> validate_required([:id, :type, :actor, :to, :cc, :object])
|> validate_inclusion(:type, ["Accept"])
|> validate_actor_presence()
- |> validate_object_presence()
+ |> validate_object_presence(allowed_types: ["Follow"])
+ |> validate_accept_rights()
end
def cast_and_validate(data) do
@@ -39,4 +41,16 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptValidator do
|> cast_data
|> validate_data
end
+
+ def validate_accept_rights(cng) do
+ with object_id when is_binary(object_id) <- get_field(cng, :object),
+ %Activity{data: %{"object" => followed_actor}} <- Activity.get_by_ap_id(object_id),
+ true <- followed_actor == get_field(cng, :actor) do
+ cng
+ else
+ _e ->
+ cng
+ |> add_error(:actor, "can't accept the given activity")
+ end
+ end
end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-28 00:14:17 +0000