From 1b79dce7bc53f0aa6ce07fdc178bb72b5caabe98 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 18 Jan 2021 20:15:57 +0400 Subject: [PATCH 1/2] Fix Reblog API Do not set visibility parameter to `public` by default and let CommonAPI to infer it from status. --- .../web/api_spec/operations/status_operation.ex | 2 +- test/pleroma/web/common_api_test.exs | 11 +++++++++++ .../controllers/status_controller_test.exs | 17 +++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/api_spec/operations/status_operation.ex b/lib/pleroma/web/api_spec/operations/status_operation.ex index 765fbd67b..fd29f5139 100644 --- a/lib/pleroma/web/api_spec/operations/status_operation.ex +++ b/lib/pleroma/web/api_spec/operations/status_operation.ex @@ -117,7 +117,7 @@ defmodule Pleroma.Web.ApiSpec.StatusOperation do request_body("Parameters", %Schema{ type: :object, properties: %{ - visibility: %Schema{allOf: [VisibilityScope], default: "public"} + visibility: %Schema{allOf: [VisibilityScope]} } }), responses: %{ diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 2ece92806..2f7dc38e4 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -744,6 +744,17 @@ defmodule Pleroma.Web.CommonAPITest do refute Visibility.visible_for_user?(announce_activity, nil) end + test "author can repeat own private statuses" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"}) + + {:ok, %Activity{} = announce_activity} = CommonAPI.repeat(activity.id, user) + + assert Visibility.is_private?(announce_activity) + refute Visibility.visible_for_user?(announce_activity, nil) + end + test "favoriting a status" do user = insert(:user) other_user = insert(:user) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 8a2267099..bfb44374e 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -954,6 +954,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert to_string(activity.id) == id end + + test "author can reblog own private status", %{conn: conn, user: user} do + {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"}) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses/#{activity.id}/reblog") + + assert %{ + "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}, + "reblogged" => true, + "visibility" => "private" + } = json_response_and_validate_schema(conn, 200) + + assert to_string(activity.id) == id + end end describe "unreblogging" do From 51d5951c022c401c767924bab97854c8f2143089 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 18 Jan 2021 21:01:00 +0400 Subject: [PATCH 2/2] Test that only author can reblog a private status --- test/pleroma/web/common_api_test.exs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 2f7dc38e4..7067f1b59 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -745,14 +745,19 @@ defmodule Pleroma.Web.CommonAPITest do end test "author can repeat own private statuses" do - user = insert(:user) + author = insert(:user) + follower = insert(:user) + CommonAPI.follow(follower, author) - {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"}) + {:ok, activity} = CommonAPI.post(author, %{status: "cofe", visibility: "private"}) - {:ok, %Activity{} = announce_activity} = CommonAPI.repeat(activity.id, user) + {:ok, %Activity{} = announce_activity} = CommonAPI.repeat(activity.id, author) assert Visibility.is_private?(announce_activity) refute Visibility.visible_for_user?(announce_activity, nil) + + assert Visibility.visible_for_user?(activity, follower) + assert {:error, :not_found} = CommonAPI.repeat(activity.id, follower) end test "favoriting a status" do