Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API

This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
2019-04-24 20:01:42 +03:00 · 2019-04-24 20:01:42 +03:00 · 4baea6e6d9
commit 4baea6e6d9
parent 030a7876b4
9 changed files with 219 additions and 105 deletions
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@ -89,17 +89,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
      "following" => false,
      "follows_you" => false,
      "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
      "statusnet_profile_url" => user.ap_id,
      "cover_photo" => banner,
      "background_image" => nil,
      "is_local" => true,
      "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
      "hide_follows" => false,
      "hide_followers" => false,
      "fields" => [],
@ -112,6 +106,15 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
    assert represented == UserView.render("show.json", %{user: user})
  end

+  test "User exposes settings for themselves and only for themselves", %{user: user} do
+    as_user = UserView.render("show.json", %{user: user, for: user})
+    assert as_user["default_scope"] == user.info.default_scope
+    assert as_user["no_rich_text"] == user.info.no_rich_text
+    as_stranger = UserView.render("show.json", %{user: user})
+    refute as_stranger["default_scope"]
+    refute as_stranger["no_rich_text"]
+  end
+
  test "A user for a given other follower", %{user: user} do
    follower = insert(:user, %{following: [User.ap_followers(user)]})
    {:ok, user} = User.update_follower_count(user)
@ -137,17 +140,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
      "following" => true,
      "follows_you" => false,
      "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
      "statusnet_profile_url" => user.ap_id,
      "cover_photo" => banner,
      "background_image" => nil,
      "is_local" => true,
      "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
      "hide_follows" => false,
      "hide_followers" => false,
      "fields" => [],
@ -186,17 +183,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
      "following" => false,
      "follows_you" => true,
      "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
      "statusnet_profile_url" => follower.ap_id,
      "cover_photo" => banner,
      "background_image" => nil,
      "is_local" => true,
      "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
      "hide_follows" => false,
      "hide_followers" => false,
      "fields" => [],
@ -272,17 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
      "following" => false,
      "follows_you" => false,
      "statusnet_blocking" => true,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
      "statusnet_profile_url" => user.ap_id,
      "cover_photo" => banner,
      "background_image" => nil,
      "is_local" => true,
      "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
      "hide_follows" => false,
      "hide_followers" => false,
      "fields" => [],