WIP account endorsements

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

config/config.exs

@@ -258,7 +258,8 @@
   show_reactions: true,
   password_reset_token_validity: 60 * 60 * 24,
   profile_directory: true,
-  privileged_staff: false
+  privileged_staff: false,
+  max_endorsed_users: 20
 
 config :pleroma, :welcome,
   direct_message: [

config/description.exs

@@ -742,6 +742,16 @@
           3
         ]
       },
+      %{
+        key: :max_endorsed_users,
+        type: :integer,
+        description: "The maximum number of recommended accounts. 0 will disable the feature.",
+        suggestions: [
+          0,
+          1,
+          3
+        ]
+      },
       %{
         key: :autofollowed_nicknames,
         type: {:list, :string},

docs/development/API/differences_in_mastoapi_responses.md

@@ -377,12 +377,6 @@ Pleroma is generally compatible with the Mastodon 2.7.2 API, but some newer feat
 
 - `GET /api/v1/identity_proofs`: Returns an empty array, `[]`
 
-### Endorsements
-
-*Added in Mastodon 2.5.0*
-
-- `GET /api/v1/endorsements`: Returns an empty array, `[]`
-
 ### Featured tags
 
 *Added in Mastodon 3.0.0*

lib/pleroma/pagination.ex

@@ -94,8 +94,7 @@ defp cast_params(params) do
       offset: :integer,
       limit: :integer,
       skip_extra_order: :boolean,
-      skip_order: :boolean,
+      skip_order: :boolean
-      shuffle: :boolean,
     }
 
     changeset = cast({%{}, param_types}, params, Map.keys(param_types))
@@ -114,10 +113,6 @@ defp restrict(query, :max_id, %{max_id: max_id}, table_binding) do
     where(query, [{q, table_position(query, table_binding)}], q.id < ^max_id)
   end
 
-  defp restrict(query, :order, %{shuffle: true}, _) do
-    order_by(query, [u], fragment("RANDOM()"))
-  end
-
   defp restrict(query, :order, %{skip_order: true}, _), do: query
 
   defp restrict(%{order_bys: [_ | _]} = query, :order, %{skip_extra_order: true}, _), do: query

lib/pleroma/user.ex

@@ -82,7 +82,7 @@ defmodule Pleroma.User do
     endorsement: [
       endorser_endorsements: :endorsed_users,
       endorsee_endorsements: :endorser_users
-    ],
+    ]
   ]
 
   @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
@@ -1522,10 +1522,20 @@ def unblock(%User{} = blocker, %{ap_id: ap_id}) do
   end
 
   def endorse(%User{} = endorser, %User{} = target) do
-    if not following?(endorser, target) do
+    with max_endorsed_users <- Pleroma.Config.get([:instance, :max_endorsed_users], 0),
-      {:error, "Could not endorse: You are not following #{target.nickname}"}
+         endorsed_users <-
-    else
+           User.endorsed_users_relation(endorser)
-      UserRelationship.create_endorsement(endorser, target)
+           |> Pleroma.Repo.all() do
+      cond do
+        Enum.count(endorsed_users) >= max_endorsed_users ->
+          {:error, "You have already pinned the maximum number of users"}
+
+        not following?(endorser, target) ->
+          {:error, "Could not endorse: You are not following #{target.nickname}"}
+
+        true ->
+          UserRelationship.create_endorsement(endorser, target)
+      end
     end
   end
 

lib/pleroma/web/api_spec/operations/account_operation.ex

@@ -343,7 +343,15 @@ def endorse_operation do
       description: "Addds the given account to endorsed accounts list.",
       parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
       responses: %{
-        200 => Operation.response("Relationship", "application/json", AccountRelationship)
+        200 => Operation.response("Relationship", "application/json", AccountRelationship),
+        400 =>
+          Operation.response("Bad Request", "application/json", %Schema{
+            allOf: [ApiError],
+            title: "Unprocessable Entity",
+            example: %{
+              "error" => "You have already pinned the maximum number of users"
+            }
+          })
       }
     }
   end
@@ -453,10 +461,10 @@ def endorsements_operation do
       tags: ["Retrieve account information"],
       summary: "Endorsements",
       operationId: "AccountController.endorsements",
-      description: "Not implemented",
+      description: "Returns endorsed accounts",
       security: [%{"oAuth" => ["read:accounts"]}],
       responses: %{
-        200 => empty_array_response()
+        200 => Operation.response("Array of Accounts", "application/json", array_of_accounts())
       }
     }
   end

lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex

@@ -4,10 +4,10 @@
 
 defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
   alias OpenApiSpex.Operation
+  alias Pleroma.Web.ApiSpec.AccountOperation
   alias Pleroma.Web.ApiSpec.Schemas.AccountRelationship
   alias Pleroma.Web.ApiSpec.Schemas.ApiError
   alias Pleroma.Web.ApiSpec.Schemas.FlakeID
-  alias Pleroma.Web.ApiSpec.AccountOperation
   alias Pleroma.Web.ApiSpec.StatusOperation
 
   import Pleroma.Web.ApiSpec.Helpers
@@ -69,17 +69,7 @@ def endorsements_operation do
       summary: "Endorsements",
       description: "Returns endorsed accounts",
       operationId: "PleromaAPI.AccountController.endorsements",
-      parameters:
+      parameters: [with_relationships_param(), id_param()],
-        [
-          Operation.parameter(
-            :shuffle,
-            :query,
-            :boolean,
-            "Show endorsed accounts in random order"
-          ),
-          id_param()
-        ] ++ pagination_params(),
-      security: [%{"oAuth" => ["read:account"]}],
       responses: %{
         200 =>
           Operation.response(
@@ -87,7 +77,6 @@ def endorsements_operation do
             "application/json",
             AccountOperation.array_of_accounts()
           ),
-        403 => Operation.response("Forbidden", "application/json", ApiError),
         404 => Operation.response("Not Found", "application/json", ApiError)
       }
     }

lib/pleroma/web/common_api.ex

@@ -117,7 +117,8 @@ def follow(follower, followed) do
   def unfollow(follower, unfollowed) do
     with {:ok, follower, _follow_activity} <- User.unfollow(follower, unfollowed),
          {:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed),
-         {:ok, _subscription} <- User.unsubscribe(follower, unfollowed) do
+         {:ok, _subscription} <- User.unsubscribe(follower, unfollowed),
+         {:ok, _endorsement} <- User.unendorse(follower, unfollowed) do
       {:ok, follower}
     end
   end

lib/pleroma/web/mastodon_api/controllers/account_controller.ex

@@ -84,7 +84,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
 
   @relationship_actions [:follow, :unfollow]
-  @needs_account ~W(followers following lists follow unfollow mute unmute block unblock endorse unendorse endorse unendorse)a
+  @needs_account ~W(
+    followers following lists follow unfollow mute unmute block unblock note endorse unendorse
+  )a
 
   plug(
     RateLimiter,
@@ -450,16 +452,16 @@ def note(
     end
   end
 
-  @doc "POST /api/v1/accounts/:id/mute"
+  @doc "POST /api/v1/accounts/:id/pin"
   def endorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
     with {:ok, _user_relationships} <- User.endorse(endorser, endorsed) do
       render(conn, "relationship.json", user: endorser, target: endorsed)
     else
-      {:error, message} -> json_response(conn, :forbidden, %{error: message})
+      {:error, message} -> json_response(conn, :bad_request, %{error: message})
     end
   end
 
-  @doc "POST /api/v1/accounts/:id/unmute"
+  @doc "POST /api/v1/accounts/:id/unpin"
   def unendorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
     with {:ok, _user_relationships} <- User.unendorse(endorser, endorsed) do
       render(conn, "relationship.json", user: endorser, target: endorsed)

lib/pleroma/web/pleroma_api/controllers/account_controller.ex

@@ -53,7 +53,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
 
   plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
 
-  plug(:assign_account_by_id when action in [:favourites, :endorsements, :subscribe, :unsubscribe])
+  plug(
+    :assign_account_by_id
+    when action in [:favourites, :endorsements, :subscribe, :unsubscribe]
+  )
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaAccountOperation
 
@@ -106,7 +109,7 @@ def endorsements(%{assigns: %{user: for_user, account: user}} = conn, params) do
     users =
       user
       |> User.endorsed_users_relation(_restrict_deactivated = true)
-      |> fetch_paginated_endorsements(params)
+      |> Pleroma.Repo.all()
 
     conn
     |> add_link_headers(users)
@@ -118,16 +121,6 @@ def endorsements(%{assigns: %{user: for_user, account: user}} = conn, params) do
     )
   end
 
-  defp fetch_paginated_endorsements(user, %{shuffle: true} = params) do
-    user
-    |> Pleroma.Pagination.fetch_paginated(Map.put(params, :shuffle, true))
-  end
-
-  defp fetch_paginated_endorsements(user, params) do
-    user
-    |> Pleroma.Pagination.fetch_paginated(Map.put(params, :skip_order, true))
-  end
-
   @doc "POST /api/v1/pleroma/accounts/:id/subscribe"
   def subscribe(%{assigns: %{user: user, account: subscription_target}} = conn, _params) do
     with {:ok, _subscription} <- User.subscribe(user, subscription_target) do

test/pleroma/web/mastodon_api/controllers/account_controller_test.exs

@@ -1838,4 +1838,57 @@ test "create a note on a user" do
              |> get("/api/v1/accounts/relationships?id=#{other_user.id}")
              |> json_response_and_validate_schema(200)
   end
+
+  describe "account endorsements" do
+    setup do: oauth_access(["read:accounts", "write:accounts", "write:follows"])
+
+    setup do: clear_config([:instance, :max_endorsed_users], 1)
+
+    test "pin account", %{user: user, conn: conn} do
+      %{id: id1} = insert(:user)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/accounts/#{id1}/follow")
+      |> json_response_and_validate_schema(200)
+
+      assert %{"id" => ^id1, "endorsed" => true} =
+               conn
+               |> put_req_header("content-type", "application/json")
+               |> post("/api/v1/accounts/#{id1}/pin")
+               |> json_response_and_validate_schema(200)
+
+      assert [%{"id" => ^id1}] =
+               conn
+               |> put_req_header("content-type", "application/json")
+               |> get("/api/v1/endorsements")
+               |> json_response_and_validate_schema(200)
+    end
+
+    test "max pinned accounts", %{user: user, conn: conn} do
+      %{id: id1} = insert(:user)
+      %{id: id2} = insert(:user)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/accounts/#{id1}/follow")
+      |> json_response_and_validate_schema(200)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/accounts/#{id2}/follow")
+      |> json_response_and_validate_schema(200)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/accounts/#{id1}/pin")
+      |> json_response_and_validate_schema(200)
+
+      assert %{"error" => "You have already pinned the maximum number of users"} =
+               conn
+               |> assign(:user, user)
+               |> post("/api/v1/accounts/#{id2}/pin")
+               |> json_response_and_validate_schema(400)
+    end
+  end
 end