Compare commits

...

3 commits

3 changed files with 67 additions and 29 deletions

View file

@ -235,7 +235,7 @@ func (d *Dereferencer) isPermittedReply(
// Status doesn't claim to be approved.
// Check interaction policy of inReplyTo
// to see if it doesn't require approval.
// to see what we need to do with it.
replyable, err := d.intFilter.StatusReplyable(ctx,
reply.Account,
inReplyTo,
@ -260,35 +260,52 @@ func (d *Dereferencer) isPermittedReply(
)
}
// Reply is permitted according to the interaction
// policy set on the replied-to status (if any).
if !replyable.MatchedOnCollection() {
// If we didn't match on a collection,
// then we don't require an acceptIRI,
// and we don't need to send an Accept;
// just permit the reply full stop.
if replyable.Permitted() &&
!replyable.MatchedOnCollection() {
// Reply is permitted and match was *not* made
// based on inclusion in a followers/following
// collection. Just permit the reply full stop
// as no approval / accept URI is necessary.
return true, nil
}
// Reply is permitted, but match was made based
// on inclusion in a followers/following collection.
// Reply is either permitted based on inclusion in a
// followers/following collection, *or* is permitted
// pending approval, though we know at this point
// that the status did not include an approvedBy URI.
if !inReplyTo.IsLocal() {
// If the replied-to status is remote, we should just
// drop this reply at this point, as we can't verify
// that the remote replied-to account approves it, and
// we can't verify the presence of a remote account
// in one of another remote account's collections.
//
// If the status is ours, mark it as PreApproved
// so the processor knows to create and send out
// an Accept for it immediately.
if inReplyTo.IsLocal() {
// It's possible we'll get an Accept from the replied-
// to account later, and we can store this reply then.
return false, nil
}
// Replied-to status is ours, so the
// replied-to account is ours as well.
if replyable.MatchedOnCollection() {
// If permission was granted based on inclusion in
// a followers/following collection, pre-approve the
// reply, as we ourselves can validate presence of the
// replier in the appropriate collection. Pre-approval
// lets the processor know it should send out an Accept
// straight away on behalf of the replied-to account.
reply.PendingApproval = util.Ptr(true)
reply.PreApproved = true
return true, nil
}
// For replies to remote statuses, which matched
// on a followers/following collection, but did not
// include an acceptIRI, we should just drop it.
// It's possible we'll get an Accept for it later
// and we can check everything again.
return false, nil
// Reply just requires approval from the local account
// it replies to. Set PendingApproval so the processor
// knows to create a pending interaction request.
reply.PendingApproval = util.Ptr(true)
return true, nil
}
// unpermittedByParent marks the given reply as rejected

View file

@ -19,6 +19,7 @@
import (
"context"
"errors"
"slices"
"strings"
@ -402,6 +403,10 @@ func (p *Processor) WebContextGet(
// We should mark the next **VISIBLE**
// reply as the first reply.
markNextVisibleAsFirstReply bool
// Map of statuses that didn't pass visi
// checks and won't be shown via the web.
hiddenStatuses = make(map[string]struct{})
)
for idx, status := range wholeThread {
@ -427,11 +432,16 @@ func (p *Processor) WebContextGet(
}
}
// Ensure status is actually
// visible to just anyone, and
// hide / don't include it if not.
// Ensure status is actually visible to just
// anyone, and hide / don't include it if not.
//
// Include a check to see if the parent status
// is hidden; if so, we shouldn't show the child
// as it leads to weird-looking threading where
// a status seems to reply to nothing.
_, parentHidden := hiddenStatuses[status.InReplyToID]
v, err := p.visFilter.StatusVisible(ctx, nil, status)
if err != nil || !v {
if err != nil || !v || parentHidden {
if !inReplies {
// Main thread entry hidden.
wCtx.ThreadHidden++
@ -439,12 +449,15 @@ func (p *Processor) WebContextGet(
// Reply hidden.
wCtx.ThreadRepliesHidden++
}
hiddenStatuses[status.ID] = struct{}{}
continue
}
// Prepare visible status to add to thread context.
webStatus, err := p.converter.StatusToWebStatus(ctx, status)
if err != nil {
hiddenStatuses[status.ID] = struct{}{}
continue
}
@ -512,9 +525,17 @@ func (p *Processor) WebContextGet(
wCtx.ThreadLength = threadLength
}
// Jot down number of hidden posts so template doesn't have to do it.
// Jot down number of "main" thread entries shown.
wCtx.ThreadShown = wCtx.ThreadLength - wCtx.ThreadHidden
// If there's no posts visible in the
// "main" thread we shouldn't show replies
// via the web as that's just weird.
if wCtx.ThreadShown < 1 {
const text = "no statuses visible in main thread"
return nil, gtserror.NewErrorNotFound(errors.New(text))
}
// Mark the last "main" visible status.
wCtx.Statuses[wCtx.ThreadShown-1].ThreadLastMain = true
@ -523,7 +544,7 @@ func (p *Processor) WebContextGet(
// part of the "main" thread.
wCtx.ThreadReplies = threadLength - wCtx.ThreadLength
// Jot down number of hidden replies so template doesn't have to do it.
// Jot down number of "replies" shown.
wCtx.ThreadRepliesShown = wCtx.ThreadReplies - wCtx.ThreadRepliesHidden
// Return the finished context.

View file

@ -91,7 +91,7 @@ Polls can have up to
<li><a href="#contact">Contact</a></li>
<li><a href="#features">Features</a></li>
<li><a href="#languages">Languages</a></li>
<li><a href="#signup">Register an Account on {{ .instance.Title -}}</li>
<li><a href="#signup">Register an Account on {{ .instance.Title -}}</a></li>
<li><a href="#rules">Rules</a></li>
<li><a href="#terms">Terms and Conditions</a></li>
<li><a href="#moderated-servers">Moderated Servers</a></li>