Hide posts that user is not allowed to view from search results

This commit is contained in:
silverpill 2022-02-08 18:00:08 +00:00
parent a63da82b85
commit 7d89f65b37
3 changed files with 40 additions and 3 deletions

View file

@ -508,6 +508,33 @@ paths:
type: array
items:
$ref: '#/components/schemas/Status'
/api/v2/search:
get:
summary: Search for profiles or posts
parameters:
- name: q
in: query
description: The search query
required: true
schema:
type: string
responses:
200:
description: Successful operation
content:
application/json:
schema:
description: Search results
type: object
properties:
accounts:
type: array
items:
$ref: '#/components/schemas/Account'
statuses:
type: array
items:
$ref: '#/components/schemas/Status'
components:
securitySchemes:

View file

@ -9,6 +9,7 @@ use crate::config::Config;
use crate::errors::{ValidationError, HttpError};
use crate::mastodon_api::accounts::types::Account;
use crate::mastodon_api::statuses::types::Status;
use crate::models::posts::helpers::can_view_post;
use crate::models::posts::types::Post;
use crate::models::profiles::queries::{
search_profile,
@ -18,6 +19,7 @@ use crate::models::profiles::types::DbActorProfile;
use crate::models::users::types::{
validate_wallet_address,
WALLET_CURRENCY_CODE,
User,
};
use super::types::SearchResults;
@ -118,6 +120,7 @@ async fn search_note(
pub async fn search(
config: &Config,
current_user: &User,
db_client: &mut impl GenericClient,
search_query: &str,
) -> Result<SearchResults, HttpError> {
@ -130,7 +133,9 @@ pub async fn search(
SearchQuery::Url(url) => {
let maybe_post = search_note(config, db_client, url).await?;
if let Some(post) = maybe_post {
posts = vec![post];
if can_view_post(db_client, Some(current_user), &post).await? {
posts = vec![post];
};
};
},
SearchQuery::WalletAddress(address) => {

View file

@ -17,8 +17,13 @@ async fn search_view(
query_params: web::Query<SearchQueryParams>,
) -> Result<HttpResponse, HttpError> {
let db_client = &mut **get_database_client(&db_pool).await?;
get_current_user(db_client, auth.token()).await?;
let results = search(&config, db_client, query_params.q.trim()).await?;
let current_user = get_current_user(db_client, auth.token()).await?;
let results = search(
&config,
&current_user,
db_client,
query_params.q.trim(),
).await?;
Ok(HttpResponse::Ok().json(results))
}