Restricted embedding of relationships where applicable (statuses / notifications / accounts rendering).

Added support for :skip_notifications for accounts listing (index.json).
Adjusted tests.
This commit is contained in:
Ivan Tashkinov 2020-05-01 18:45:24 +03:00
parent ed4e9e6435
commit d5cdc907e3
18 changed files with 94 additions and 70 deletions

View File

@ -387,56 +387,47 @@ defp render_timelines(user) do
favourites = ActivityPub.fetch_favourites(user) favourites = ActivityPub.fetch_favourites(user)
output_relationships =
!!Pleroma.Config.get([:extensions, :output_relationships_in_statuses_by_default])
Benchee.run( Benchee.run(
%{ %{
"Rendering home timeline" => fn -> "Rendering home timeline" => fn ->
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: home_activities, activities: home_activities,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: !output_relationships
}) })
end, end,
"Rendering direct timeline" => fn -> "Rendering direct timeline" => fn ->
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: direct_activities, activities: direct_activities,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: !output_relationships
}) })
end, end,
"Rendering public timeline" => fn -> "Rendering public timeline" => fn ->
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: public_activities, activities: public_activities,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: !output_relationships
}) })
end, end,
"Rendering tag timeline" => fn -> "Rendering tag timeline" => fn ->
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: tag_activities, activities: tag_activities,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: !output_relationships
}) })
end, end,
"Rendering notifications" => fn -> "Rendering notifications" => fn ->
Pleroma.Web.MastodonAPI.NotificationView.render("index.json", %{ Pleroma.Web.MastodonAPI.NotificationView.render("index.json", %{
notifications: notifications, notifications: notifications,
for: user, for: user
skip_relationships: !output_relationships
}) })
end, end,
"Rendering favourites timeline" => fn -> "Rendering favourites timeline" => fn ->
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: favourites, activities: favourites,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: !output_relationships
}) })
end end
}, },

View File

@ -240,8 +240,6 @@
extended_nickname_format: true, extended_nickname_format: true,
cleanup_attachments: false cleanup_attachments: false
config :pleroma, :extensions, output_relationships_in_statuses_by_default: true
config :pleroma, :feed, config :pleroma, :feed,
post_title: %{ post_title: %{
max_length: 100, max_length: 100,

View File

@ -67,8 +67,7 @@ def run(["render_timeline", nickname | _] = args) do
Pleroma.Web.MastodonAPI.StatusView.render("index.json", %{ Pleroma.Web.MastodonAPI.StatusView.render("index.json", %{
activities: activities, activities: activities,
for: user, for: user,
as: :activity, as: :activity
skip_relationships: true
}) })
end end
}, },

View File

@ -280,7 +280,7 @@ def list_instance_statuses(conn, %{"instance" => instance} = params) do
conn conn
|> put_view(Pleroma.Web.AdminAPI.StatusView) |> put_view(Pleroma.Web.AdminAPI.StatusView)
|> render("index.json", %{activities: activities, as: :activity, skip_relationships: false}) |> render("index.json", %{activities: activities, as: :activity})
end end
def list_user_statuses(conn, %{"nickname" => nickname} = params) do def list_user_statuses(conn, %{"nickname" => nickname} = params) do
@ -299,7 +299,7 @@ def list_user_statuses(conn, %{"nickname" => nickname} = params) do
conn conn
|> put_view(StatusView) |> put_view(StatusView)
|> render("index.json", %{activities: activities, as: :activity, skip_relationships: false}) |> render("index.json", %{activities: activities, as: :activity})
else else
_ -> {:error, :not_found} _ -> {:error, :not_found}
end end
@ -834,7 +834,7 @@ def list_statuses(%{assigns: %{user: _admin}} = conn, params) do
conn conn
|> put_view(Pleroma.Web.AdminAPI.StatusView) |> put_view(Pleroma.Web.AdminAPI.StatusView)
|> render("index.json", %{activities: activities, as: :activity, skip_relationships: false}) |> render("index.json", %{activities: activities, as: :activity})
end end
def status_update(%{assigns: %{user: admin}} = conn, %{"id" => id} = params) do def status_update(%{assigns: %{user: admin}} = conn, %{"id" => id} = params) do

View File

@ -7,8 +7,10 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
alias Pleroma.HTML alias Pleroma.HTML
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.AdminAPI
alias Pleroma.Web.AdminAPI.Report alias Pleroma.Web.AdminAPI.Report
alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.CommonAPI.Utils
alias Pleroma.Web.MastodonAPI
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
def render("index.json", %{reports: reports}) do def render("index.json", %{reports: reports}) do
@ -41,8 +43,7 @@ def render("show.json", %{report: report, user: user, account: account, statuses
statuses: statuses:
StatusView.render("index.json", %{ StatusView.render("index.json", %{
activities: statuses, activities: statuses,
as: :activity, as: :activity
skip_relationships: false
}), }),
state: report.data["state"], state: report.data["state"],
notes: render(__MODULE__, "index_notes.json", %{notes: report.report_notes}) notes: render(__MODULE__, "index_notes.json", %{notes: report.report_notes})
@ -72,8 +73,8 @@ def render("show_note.json", %{
end end
defp merge_account_views(%User{} = user) do defp merge_account_views(%User{} = user) do
Pleroma.Web.MastodonAPI.AccountView.render("show.json", %{user: user}) MastodonAPI.AccountView.render("show.json", %{user: user, skip_relationships: true})
|> Map.merge(Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end
defp merge_account_views(_), do: %{} defp merge_account_views(_), do: %{}

View File

@ -8,6 +8,8 @@ defmodule Pleroma.Web.AdminAPI.StatusView do
require Pleroma.Constants require Pleroma.Constants
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.AdminAPI
alias Pleroma.Web.MastodonAPI
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
def render("index.json", opts) do def render("index.json", opts) do
@ -22,8 +24,8 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity}
end end
defp merge_account_views(%User{} = user) do defp merge_account_views(%User{} = user) do
Pleroma.Web.MastodonAPI.AccountView.render("show.json", %{user: user}) MastodonAPI.AccountView.render("show.json", %{user: user, skip_relationships: true})
|> Map.merge(Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end
defp merge_account_views(_), do: %{} defp merge_account_views(_), do: %{}

View File

@ -22,7 +22,13 @@ def handle_in("new_msg", %{"text" => text}, %{assigns: %{user_name: user_name}}
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
author = User.get_cached_by_nickname(user_name) author = User.get_cached_by_nickname(user_name)
author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author)
author =
Pleroma.Web.MastodonAPI.AccountView.render("show.json",
user: author,
skip_relationships: true
)
message = ChatChannelState.add_message(%{text: text, author: author}) message = ChatChannelState.add_message(%{text: text, author: author})
broadcast!(socket, "new_msg", message) broadcast!(socket, "new_msg", message)

View File

@ -5,8 +5,6 @@
defmodule Pleroma.Web.ControllerHelper do defmodule Pleroma.Web.ControllerHelper do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Config
# As in Mastodon API, per https://api.rubyonrails.org/classes/ActiveModel/Type/Boolean.html # As in Mastodon API, per https://api.rubyonrails.org/classes/ActiveModel/Type/Boolean.html
@falsy_param_values [false, 0, "0", "f", "F", "false", "False", "FALSE", "off", "OFF"] @falsy_param_values [false, 0, "0", "f", "F", "false", "False", "FALSE", "off", "OFF"]
@ -106,13 +104,8 @@ def put_if_exist(map, _key, nil), do: map
def put_if_exist(map, key, value), do: Map.put(map, key, value) def put_if_exist(map, key, value), do: Map.put(map, key, value)
@doc "Whether to skip rendering `[:account][:pleroma][:relationship]`for statuses/notifications" @doc "Whether to skip `account.pleroma.relationship` rendering for statuses/notifications"
def skip_relationships?(params) do def skip_relationships?(params) do
if Config.get([:extensions, :output_relationships_in_statuses_by_default]) do
false
else
# BREAKING: older PleromaFE versions do not send this param but _do_ expect relationships.
not truthy_param?(params["with_relationships"]) not truthy_param?(params["with_relationships"])
end end
end end
end

View File

@ -86,7 +86,7 @@ defp resource_search(_, "accounts", query, options) do
users: accounts, users: accounts,
for: options[:for_user], for: options[:for_user],
as: :user, as: :user,
skip_relationships: false skip_relationships: true
) )
end end

View File

@ -13,15 +13,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
alias Pleroma.Web.MediaProxy alias Pleroma.Web.MediaProxy
def render("index.json", %{users: users} = opts) do def render("index.json", %{users: users} = opts) do
opts = Map.merge(%{skip_relationships: false}, opts)
reading_user = opts[:for] reading_user = opts[:for]
# Note: :skip_relationships option is currently intentionally not supported for accounts
relationships_opt = relationships_opt =
cond do cond do
Map.has_key?(opts, :relationships) -> Map.has_key?(opts, :relationships) ->
opts[:relationships] opts[:relationships]
is_nil(reading_user) -> is_nil(reading_user) || opts[:skip_relationships] ->
UserRelationship.view_relationships_option(nil, []) UserRelationship.view_relationships_option(nil, [])
true -> true ->
@ -158,6 +159,8 @@ def render("relationships.json", %{user: user, targets: targets} = opts) do
end end
defp do_render("show.json", %{user: user} = opts) do defp do_render("show.json", %{user: user} = opts) do
opts = Map.merge(%{skip_relationships: false}, opts)
user = User.sanitize_html(user, User.html_filter_policy(opts[:for])) user = User.sanitize_html(user, User.html_filter_policy(opts[:for]))
display_name = user.name || user.nickname display_name = user.name || user.nickname

View File

@ -15,6 +15,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationView do
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
def render("index.json", %{notifications: notifications, for: reading_user} = opts) do def render("index.json", %{notifications: notifications, for: reading_user} = opts) do
opts = Map.merge(%{skip_relationships: true}, opts)
activities = Enum.map(notifications, & &1.activity) activities = Enum.map(notifications, & &1.activity)
parent_activities = parent_activities =
@ -71,6 +73,8 @@ def render(
for: reading_user for: reading_user
} = opts } = opts
) do ) do
opts = Map.merge(%{skip_relationships: true}, opts)
actor = User.get_cached_by_ap_id(activity.data["actor"]) actor = User.get_cached_by_ap_id(activity.data["actor"])
parent_activity_fn = fn -> parent_activity_fn = fn ->

View File

@ -76,6 +76,8 @@ defp reblogged?(activity, user) do
end end
def render("index.json", opts) do def render("index.json", opts) do
opts = Map.merge(%{skip_relationships: true}, opts)
reading_user = opts[:for] reading_user = opts[:for]
# To do: check AdminAPIControllerTest on the reasons behind nil activities in the list # To do: check AdminAPIControllerTest on the reasons behind nil activities in the list
@ -125,6 +127,8 @@ def render(
"show.json", "show.json",
%{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts %{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts
) do ) do
opts = Map.merge(%{skip_relationships: true}, opts)
user = get_user(activity.data["actor"]) user = get_user(activity.data["actor"])
created_at = Utils.to_masto_date(activity.data["published"]) created_at = Utils.to_masto_date(activity.data["published"])
activity_object = Object.normalize(activity) activity_object = Object.normalize(activity)
@ -198,6 +202,8 @@ def render(
end end
def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do
opts = Map.merge(%{skip_relationships: true}, opts)
object = Object.normalize(activity) object = Object.normalize(activity)
user = get_user(activity.data["actor"]) user = get_user(activity.data["actor"])

View File

@ -66,7 +66,13 @@ def emoji_reactions_by(%{assigns: %{user: user}} = conn, %{"id" => activity_id}
%{ %{
name: emoji, name: emoji,
count: length(users), count: length(users),
accounts: AccountView.render("index.json", %{users: users, for: user, as: :user}), accounts:
AccountView.render("index.json", %{
users: users,
for: user,
as: :user,
skip_relationships: true
}),
me: !!(user && user.ap_id in user_ap_ids) me: !!(user && user.ap_id in user_ap_ids)
} }
end end

View File

@ -12,9 +12,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
import Pleroma.Factory import Pleroma.Factory
test "does NOT render account/pleroma/relationship if this is disabled by default" do test "does NOT render account/pleroma/relationship by default" do
clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
%{user: user, conn: conn} = oauth_access(["read:notifications"]) %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user) other_user = insert(:user)

View File

@ -1058,7 +1058,7 @@ test "replaces missing description with an empty string", %{conn: conn, user: us
end end
test "bookmarks" do test "bookmarks" do
bookmarks_uri = "/api/v1/bookmarks?with_relationships=true" bookmarks_uri = "/api/v1/bookmarks"
%{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"]) %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
author = insert(:user) author = insert(:user)

View File

@ -20,12 +20,10 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
describe "home" do describe "home" do
setup do: oauth_access(["read:statuses"]) setup do: oauth_access(["read:statuses"])
test "does NOT render account/pleroma/relationship if this is disabled by default", %{ test "does NOT render account/pleroma/relationship by default", %{
user: user, user: user,
conn: conn conn: conn
} do } do
clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
other_user = insert(:user) other_user = insert(:user)
{:ok, _} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, _} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
@ -41,7 +39,7 @@ test "does NOT render account/pleroma/relationship if this is disabled by defaul
end) end)
end end
test "the home timeline", %{user: user, conn: conn} do test "embeds account relationships with `with_relationships=true`", %{user: user, conn: conn} do
uri = "/api/v1/timelines/home?with_relationships=true" uri = "/api/v1/timelines/home?with_relationships=true"
following = insert(:user, nickname: "followed") following = insert(:user, nickname: "followed")
@ -69,13 +67,19 @@ test "the home timeline", %{user: user, conn: conn} do
} }
} }
}, },
"account" => %{"pleroma" => %{"relationship" => %{"following" => true}}} "account" => %{
"pleroma" => %{
"relationship" => %{"following" => true}
}
}
}, },
%{ %{
"content" => "post", "content" => "post",
"account" => %{ "account" => %{
"acct" => "followed", "acct" => "followed",
"pleroma" => %{"relationship" => %{"following" => true}} "pleroma" => %{
"relationship" => %{"following" => true}
}
} }
} }
] = json_response(ret_conn, :ok) ] = json_response(ret_conn, :ok)
@ -95,13 +99,19 @@ test "the home timeline", %{user: user, conn: conn} do
} }
} }
}, },
"account" => %{"pleroma" => %{"relationship" => %{"following" => true}}} "account" => %{
"pleroma" => %{
"relationship" => %{"following" => true}
}
}
}, },
%{ %{
"content" => "post", "content" => "post",
"account" => %{ "account" => %{
"acct" => "followed", "acct" => "followed",
"pleroma" => %{"relationship" => %{"following" => true}} "pleroma" => %{
"relationship" => %{"following" => true}
}
} }
} }
] = json_response(ret_conn, :ok) ] = json_response(ret_conn, :ok)

View File

@ -42,7 +42,12 @@ test "Mention notification" do
id: to_string(notification.id), id: to_string(notification.id),
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "mention", type: "mention",
account: AccountView.render("show.json", %{user: user, for: mentioned_user}), account:
AccountView.render("show.json", %{
user: user,
for: mentioned_user,
skip_relationships: true
}),
status: StatusView.render("show.json", %{activity: activity, for: mentioned_user}), status: StatusView.render("show.json", %{activity: activity, for: mentioned_user}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }
@ -62,7 +67,8 @@ test "Favourite notification" do
id: to_string(notification.id), id: to_string(notification.id),
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "favourite", type: "favourite",
account: AccountView.render("show.json", %{user: another_user, for: user}), account:
AccountView.render("show.json", %{user: another_user, for: user, skip_relationships: true}),
status: StatusView.render("show.json", %{activity: create_activity, for: user}), status: StatusView.render("show.json", %{activity: create_activity, for: user}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }
@ -82,7 +88,8 @@ test "Reblog notification" do
id: to_string(notification.id), id: to_string(notification.id),
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "reblog", type: "reblog",
account: AccountView.render("show.json", %{user: another_user, for: user}), account:
AccountView.render("show.json", %{user: another_user, for: user, skip_relationships: true}),
status: StatusView.render("show.json", %{activity: reblog_activity, for: user}), status: StatusView.render("show.json", %{activity: reblog_activity, for: user}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }
@ -100,7 +107,8 @@ test "Follow notification" do
id: to_string(notification.id), id: to_string(notification.id),
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "follow", type: "follow",
account: AccountView.render("show.json", %{user: follower, for: followed}), account:
AccountView.render("show.json", %{user: follower, for: followed, skip_relationships: true}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }
@ -143,8 +151,10 @@ test "Move notification" do
id: to_string(notification.id), id: to_string(notification.id),
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "move", type: "move",
account: AccountView.render("show.json", %{user: old_user, for: follower}), account:
target: AccountView.render("show.json", %{user: new_user, for: follower}), AccountView.render("show.json", %{user: old_user, for: follower, skip_relationships: true}),
target:
AccountView.render("show.json", %{user: new_user, for: follower, skip_relationships: true}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }
@ -169,7 +179,8 @@ test "EmojiReact notification" do
pleroma: %{is_seen: false}, pleroma: %{is_seen: false},
type: "pleroma:emoji_reaction", type: "pleroma:emoji_reaction",
emoji: "", emoji: "",
account: AccountView.render("show.json", %{user: other_user, for: user}), account:
AccountView.render("show.json", %{user: other_user, for: user, skip_relationships: true}),
status: StatusView.render("show.json", %{activity: activity, for: user}), status: StatusView.render("show.json", %{activity: activity, for: user}),
created_at: Utils.to_masto_date(notification.inserted_at) created_at: Utils.to_masto_date(notification.inserted_at)
} }

View File

@ -555,7 +555,7 @@ test "a rich media card with all relevant data renders correctly" do
end end
end end
test "embeds a relationship in the account" do test "does not embed a relationship in the account" do
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)
@ -566,11 +566,10 @@ test "embeds a relationship in the account" do
result = StatusView.render("show.json", %{activity: activity, for: other_user}) result = StatusView.render("show.json", %{activity: activity, for: other_user})
assert result[:account][:pleroma][:relationship] == assert result[:account][:pleroma][:relationship] == %{}
AccountView.render("relationship.json", %{user: other_user, target: user})
end end
test "embeds a relationship in the account in reposts" do test "does not embed a relationship in the account in reposts" do
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)
@ -583,11 +582,8 @@ test "embeds a relationship in the account in reposts" do
result = StatusView.render("show.json", %{activity: activity, for: user}) result = StatusView.render("show.json", %{activity: activity, for: user})
assert result[:account][:pleroma][:relationship] == assert result[:account][:pleroma][:relationship] == %{}
AccountView.render("relationship.json", %{user: user, target: other_user}) assert result[:reblog][:account][:pleroma][:relationship] == %{}
assert result[:reblog][:account][:pleroma][:relationship] ==
AccountView.render("relationship.json", %{user: user, target: user})
end end
test "visibility/list" do test "visibility/list" do