Blocks: always see your own posts

This commit is contained in:
Alex Gleason 2020-10-10 01:21:57 -05:00
parent 1aabc0672e
commit d2364276a1
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
2 changed files with 45 additions and 5 deletions

View File

@ -791,10 +791,10 @@ defp restrict_replies(query, %{
where: where:
fragment( fragment(
""" """
?->>'type' != 'Create' -- This isn't a Create ?->>'type' != 'Create' -- This isn't a Create
OR ?->>'inReplyTo' is null -- this isn't a reply OR ?->>'inReplyTo' is null -- this isn't a reply
OR ? && array_remove(?, ?) -- The recipient is us or one of our friends, OR ? && array_remove(?, ?) -- The recipient is us or one of our friends,
-- unless they are the author (because authors -- unless they are the author (because authors
-- are also part of the recipients). This leads -- are also part of the recipients). This leads
-- to a bug that self-replies by friends won't -- to a bug that self-replies by friends won't
-- show up. -- show up.
@ -850,7 +850,10 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do
from( from(
[activity, object: o] in query, [activity, object: o] in query,
# You don't block the author
where: fragment("not (? = ANY(?))", activity.actor, ^blocked_ap_ids), where: fragment("not (? = ANY(?))", activity.actor, ^blocked_ap_ids),
# You don't block any recipients, and didn't author the post
where: where:
fragment( fragment(
"((not (? && ?)) or ? = ?)", "((not (? && ?)) or ? = ?)",
@ -859,12 +862,18 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do
activity.actor, activity.actor,
^user.ap_id ^user.ap_id
), ),
# You don't block the domain of any recipients, and didn't author the post
where: where:
fragment( fragment(
"recipients_contain_blocked_domains(?, ?) = false", "(recipients_contain_blocked_domains(?, ?) = false) or ? = ?",
activity.recipients, activity.recipients,
^domain_blocks ^domain_blocks,
activity.actor,
^user.ap_id
), ),
# It's not a boost of a user you block
where: where:
fragment( fragment(
"not (?->>'type' = 'Announce' and ?->'to' \\?| ?)", "not (?->>'type' = 'Announce' and ?->'to' \\?| ?)",
@ -872,6 +881,8 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do
activity.data, activity.data,
^blocked_ap_ids ^blocked_ap_ids
), ),
# You don't block the author's domain, and also don't follow the author
where: where:
fragment( fragment(
"(not (split_part(?, '/', 3) = ANY(?))) or ? = ANY(?)", "(not (split_part(?, '/', 3) = ANY(?))) or ? = ANY(?)",
@ -880,6 +891,8 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do
activity.actor, activity.actor,
^following_ap_ids ^following_ap_ids
), ),
# Same as above, but checks the Object
where: where:
fragment( fragment(
"(not (split_part(?->>'actor', '/', 3) = ANY(?))) or (?->>'actor') = ANY(?)", "(not (split_part(?->>'actor', '/', 3) = ANY(?))) or (?->>'actor') = ANY(?)",

View File

@ -622,6 +622,18 @@ test "doesn't return blocked activities" do
assert Enum.member?(activities, activity_one) assert Enum.member?(activities, activity_one)
end end
test "always see your own posts even when they address people you block" do
user = insert(:user)
blockee = insert(:user)
{:ok, _} = User.block(user, blockee)
{:ok, activity} = CommonAPI.post(user, %{status: "hey! @#{blockee.nickname}"})
activities = ActivityPub.fetch_activities([], %{blocking_user: user})
assert Enum.member?(activities, activity)
end
test "doesn't return transitive interactions concerning blocked users" do test "doesn't return transitive interactions concerning blocked users" do
blocker = insert(:user) blocker = insert(:user)
blockee = insert(:user) blockee = insert(:user)
@ -721,6 +733,21 @@ test "doesn't return activities from blocked domains" do
refute repeat_activity in activities refute repeat_activity in activities
end end
test "see your own posts even when they adress actors from blocked domains" do
user = insert(:user)
domain = "dogwhistle.zone"
domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
{:ok, user} = User.block_domain(user, domain)
{:ok, activity} = CommonAPI.post(user, %{status: "hey! @#{domain_user.nickname}"})
activities = ActivityPub.fetch_activities([], %{blocking_user: user})
assert Enum.member?(activities, activity)
end
test "does return activities from followed users on blocked domains" do test "does return activities from followed users on blocked domains" do
domain = "meanies.social" domain = "meanies.social"
domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"}) domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})