Hide posts that user is not allowed to view from search results

2022-02-08 18:00:08 +00:00 · 2022-02-08 18:00:08 +00:00 · 7d89f65b37
commit 7d89f65b37
parent a63da82b85
3 changed files with 40 additions and 3 deletions
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@ -508,6 +508,33 @@ paths:
                type: array
                items:
                  $ref: '#/components/schemas/Status'
+  /api/v2/search:
+    get:
+      summary: Search for profiles or posts
+      parameters:
+        - name: q
+          in: query
+          description: The search query
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Successful operation
+          content:
+            application/json:
+              schema:
+                description: Search results
+                type: object
+                properties:
+                  accounts:
+                    type: array
+                    items:
+                      $ref: '#/components/schemas/Account'
+                  statuses:
+                    type: array
+                    items:
+                      $ref: '#/components/schemas/Status'

 components:
  securitySchemes:
--- a/src/mastodon_api/search/helpers.rs
+++ b/src/mastodon_api/search/helpers.rs
@ -9,6 +9,7 @@ use crate::config::Config;
 use crate::errors::{ValidationError, HttpError};
 use crate::mastodon_api::accounts::types::Account;
 use crate::mastodon_api::statuses::types::Status;
+use crate::models::posts::helpers::can_view_post;
 use crate::models::posts::types::Post;
 use crate::models::profiles::queries::{
    search_profile,
@ -18,6 +19,7 @@ use crate::models::profiles::types::DbActorProfile;
 use crate::models::users::types::{
    validate_wallet_address,
    WALLET_CURRENCY_CODE,
+    User,
 };
 use super::types::SearchResults;

@ -118,6 +120,7 @@ async fn search_note(

 pub async fn search(
    config: &Config,
+    current_user: &User,
    db_client: &mut impl GenericClient,
    search_query: &str,
 ) -> Result<SearchResults, HttpError> {
@ -130,7 +133,9 @@ pub async fn search(
        SearchQuery::Url(url) => {
            let maybe_post = search_note(config, db_client, url).await?;
            if let Some(post) = maybe_post {
-                posts = vec![post];
+                if can_view_post(db_client, Some(current_user), &post).await? {
+                    posts = vec![post];
+                };
            };
        },
        SearchQuery::WalletAddress(address) => {
--- a/src/mastodon_api/search/views.rs
+++ b/src/mastodon_api/search/views.rs
@ -17,8 +17,13 @@ async fn search_view(
    query_params: web::Query<SearchQueryParams>,
 ) -> Result<HttpResponse, HttpError> {
    let db_client = &mut **get_database_client(&db_pool).await?;
-    get_current_user(db_client, auth.token()).await?;
-    let results = search(&config, db_client, query_params.q.trim()).await?;
+    let current_user = get_current_user(db_client, auth.token()).await?;
+    let results = search(
+        &config,
+        &current_user,
+        db_client,
+        query_params.q.trim(),
+    ).await?;
    Ok(HttpResponse::Ok().json(results))
 }