[#2791] AccountView: renamed :force option to :skip_visibility_check.

This commit is contained in:
Ivan Tashkinov 2020-07-23 15:08:30 +03:00
parent 6f5f7af607
commit 9ea51a6de5
12 changed files with 44 additions and 29 deletions

View file

@ -729,7 +729,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
"actor" => "actor" =>
AccountView.render( AccountView.render(
"show.json", "show.json",
%{user: activity_actor, force: true} %{user: activity_actor, skip_visibility_check: true}
) )
} }

View file

@ -105,7 +105,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
end end
def merge_account_views(%User{} = user) do def merge_account_views(%User{} = user) do
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}) MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user})) |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
end end

View file

@ -24,7 +24,7 @@ defmodule Pleroma.Web.ChatChannel do
if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
author = User.get_cached_by_nickname(user_name) author = User.get_cached_by_nickname(user_name)
author_json = AccountView.render("show.json", user: author, force: true) author_json = AccountView.render("show.json", user: author, skip_visibility_check: true)
message = ChatChannelState.add_message(%{text: text, author: author_json}) message = ChatChannelState.add_message(%{text: text, author: author_json})

View file

@ -39,11 +39,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
@doc """ @doc """
Renders specified user account. Renders specified user account.
:force option skips visibility check and renders any user (local or remote) :skip_visibility_check option skips visibility check and renders any user (local or remote)
regardless of [:pleroma, :restrict_unauthenticated] setting. regardless of [:pleroma, :restrict_unauthenticated] setting.
:for option specifies the requester and can be a User record or nil. :for option specifies the requester and can be a User record or nil.
Only use `user: user, for: user` when `user` is the actual requester of own profile.
""" """
def render("show.json", %{user: _user, force: true} = opts) do def render("show.json", %{user: _user, skip_visibility_check: true} = opts) do
do_render("show.json", opts) do_render("show.json", opts)
end end
@ -56,7 +57,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
end end
def render("show.json", _) do def render("show.json", _) do
raise "In order to prevent account accessibility issues, :force or :for option is required." raise "In order to prevent account accessibility issues, " <>
":skip_visibility_check or :for option is required."
end end
def render("mention.json", %{user: user}) do def render("mention.json", %{user: user}) do

View file

@ -38,7 +38,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
if Map.has_key?(account_view_opts, :for) do if Map.has_key?(account_view_opts, :for) do
account_view_opts account_view_opts
else else
Map.put(account_view_opts, :force, true) Map.put(account_view_opts, :skip_visibility_check, true)
end end
end end
end end

View file

@ -1179,7 +1179,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity_with_object.object.data["published"], "published" => activity_with_object.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account, force: true}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %Activity{ assert %Activity{

View file

@ -710,7 +710,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
"id" => activity.data["id"], "id" => activity.data["id"],
"content" => "test post", "content" => "test post",
"published" => object.data["published"], "published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user, force: true}) "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
} }
message = %{ message = %{

View file

@ -482,7 +482,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
"id" => activity_ap_id, "id" => activity_ap_id,
"content" => content, "content" => content,
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_account, force: true}) "actor" =>
AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
} }
assert %{ assert %{

View file

@ -24,12 +24,15 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}), MastodonAPI.AccountView.render("show.json", %{
user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user}) AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [], statuses: [],
@ -59,12 +62,15 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
content: nil, content: nil,
actor: actor:
Map.merge( Map.merge(
MastodonAPI.AccountView.render("show.json", %{user: user, force: true}), MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
AdminAPI.AccountView.render("show.json", %{user: user}) AdminAPI.AccountView.render("show.json", %{user: user})
), ),
account: account:
Map.merge( Map.merge(
MastodonAPI.AccountView.render("show.json", %{user: other_user, force: true}), MastodonAPI.AccountView.render("show.json", %{
user: other_user,
skip_visibility_check: true
}),
AdminAPI.AccountView.render("show.json", %{user: other_user}) AdminAPI.AccountView.render("show.json", %{user: other_user})
), ),
statuses: [StatusView.render("show.json", %{activity: activity})], statuses: [StatusView.render("show.json", %{activity: activity})],

View file

@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user, force: true}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Favicon is nil when :instances_favicons is disabled" do test "Favicon is nil when :instances_favicons is disabled" do
@ -108,12 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
favicon: favicon:
"https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
} }
} = AccountView.render("show.json", %{user: user, force: true}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
Config.put([:instances_favicons, :enabled], false) Config.put([:instances_favicons, :enabled], false)
assert %{pleroma: %{favicon: nil}} = assert %{pleroma: %{favicon: nil}} =
AccountView.render("show.json", %{user: user, force: true}) AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent the user account for the account owner" do test "Represent the user account for the account owner" do
@ -190,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
} }
} }
assert expected == AccountView.render("show.json", %{user: user, force: true}) assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "Represent a Funkwhale channel" do test "Represent a Funkwhale channel" do
@ -199,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
"https://channels.tests.funkwhale.audio/federation/actors/compositions" "https://channels.tests.funkwhale.audio/federation/actors/compositions"
) )
assert represented = AccountView.render("show.json", %{user: user, force: true}) assert represented =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert represented.acct == "compositions@channels.tests.funkwhale.audio" assert represented.acct == "compositions@channels.tests.funkwhale.audio"
assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
end end
@ -224,7 +226,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert expected == AccountView.render("mention.json", %{user: user}) assert expected == AccountView.render("mention.json", %{user: user})
end end
test "demands :for or :force option for account rendering" do test "demands :for or :skip_visibility_check option for account rendering" do
clear_config([:restrict_unauthenticated, :profiles, :local], false) clear_config([:restrict_unauthenticated, :profiles, :local], false)
user = insert(:user) user = insert(:user)
@ -232,9 +234,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil}) assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user}) assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, force: true})
assert_raise RuntimeError, ~r/:force or :for option is required/, fn -> assert %{id: ^user_id} =
AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
AccountView.render("show.json", %{user: user}) AccountView.render("show.json", %{user: user})
end end
end end
@ -361,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
test "doesn't sanitize display names" do test "doesn't sanitize display names" do
user = insert(:user, name: "<marquee> username </marquee>") user = insert(:user, name: "<marquee> username </marquee>")
result = AccountView.render("show.json", %{user: user, force: true}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.display_name == "<marquee> username </marquee>" assert result.display_name == "<marquee> username </marquee>"
end end
test "never display nil user follow counts" do test "never display nil user follow counts" do
user = insert(:user, following_count: 0, follower_count: 0) user = insert(:user, following_count: 0, follower_count: 0)
result = AccountView.render("show.json", %{user: user, force: true}) result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
assert result.following_count == 0 assert result.following_count == 0
assert result.followers_count == 0 assert result.followers_count == 0
@ -391,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 0, followers_count: 0,
following_count: 0, following_count: 0,
pleroma: %{hide_follows_count: true, hide_followers_count: true} pleroma: %{hide_follows_count: true, hide_followers_count: true}
} = AccountView.render("show.json", %{user: user, force: true}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows when follows/followers are hidden" do test "shows when follows/followers are hidden" do
@ -404,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 1, followers_count: 1,
following_count: 1, following_count: 1,
pleroma: %{hide_follows: true, hide_followers: true} pleroma: %{hide_follows: true, hide_followers: true}
} = AccountView.render("show.json", %{user: user, force: true}) } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
end end
test "shows actual follower/following count to the account owner" do test "shows actual follower/following count to the account owner" do
@ -547,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
emoji: %{"joker_smile" => "https://evil.website/society.png"} emoji: %{"joker_smile" => "https://evil.website/society.png"}
) )
AccountView.render("show.json", %{user: user, force: true}) AccountView.render("show.json", %{user: user, skip_visibility_check: true})
|> Enum.all?(fn |> Enum.all?(fn
{key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
String.starts_with?(url, Pleroma.Web.base_url()) String.starts_with?(url, Pleroma.Web.base_url())

View file

@ -177,7 +177,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
id: to_string(note.id), id: to_string(note.id),
uri: object_data["id"], uri: object_data["id"],
url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note), url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
account: AccountView.render("show.json", %{user: user, force: true}), account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
in_reply_to_id: nil, in_reply_to_id: nil,
in_reply_to_account_id: nil, in_reply_to_account_id: nil,
card: nil, card: nil,

View file

@ -26,7 +26,8 @@ defmodule Pleroma.Web.PleromaAPI.ChatViewTest do
assert represented_chat == %{ assert represented_chat == %{
id: "#{chat.id}", id: "#{chat.id}",
account: AccountView.render("show.json", user: recipient, force: true), account:
AccountView.render("show.json", user: recipient, skip_visibility_check: true),
unread: 0, unread: 0,
last_message: nil, last_message: nil,
updated_at: Utils.to_masto_date(chat.updated_at) updated_at: Utils.to_masto_date(chat.updated_at)