CommonAPI: Refactor visibility, forbid public to private replies.

2019-05-15 16:30:08 +02:00 · 2019-05-15 16:30:08 +02:00 · cbb3451023
commit cbb3451023
parent 153c15cdb2
6 changed files with 76 additions and 30 deletions
--- a/test/web/activity_pub/visibilty_test.exs
+++ b/test/web/activity_pub/visibilty_test.exs
@ -95,4 +95,16 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
    refute Visibility.visible_for_user?(private, unrelated)
    refute Visibility.visible_for_user?(direct, unrelated)
  end
+
+  test "get_visibility", %{
+    public: public,
+    private: private,
+    direct: direct,
+    unlisted: unlisted
+  } do
+    assert Visibility.get_visibility(public) == "public"
+    assert Visibility.get_visibility(private) == "private"
+    assert Visibility.get_visibility(direct) == "direct"
+    assert Visibility.get_visibility(unlisted) == "unlisted"
+  end
 end
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@ -87,6 +87,28 @@ defmodule Pleroma.Web.CommonAPITest do

      assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
    end
+
+    test "it does not allow replies to direct messages that are not direct messages themselves" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+
+      assert {:ok, _} =
+               CommonAPI.post(user, %{
+                 "status" => "suya..",
+                 "visibility" => "direct",
+                 "in_reply_to_status_id" => activity.id
+               })
+
+      Enum.each(["public", "private", "unlisted"], fn visibility ->
+        assert {:error, {:private_to_public, _}} =
+                 CommonAPI.post(user, %{
+                   "status" => "suya..",
+                   "visibility" => visibility,
+                   "in_reply_to_status_id" => activity.id
+                 })
+      end)
+    end
  end

  describe "reactions" do