diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-06-14 14:14:02 -0400 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2025-06-14 14:14:02 -0400 |
| commit | 7a25ff3d65b1f3e74df10be43e238ab2c678841b (patch) | |
| tree | 95f2027476f79194f83e3ac7aacb8c4cdc05edda | |
| parent | merge: Show signup reason in user admin screen (resolves #1090) (!1114) (diff) | |
| download | sharkey-7a25ff3d65b1f3e74df10be43e238ab2c678841b.tar.gz sharkey-7a25ff3d65b1f3e74df10be43e238ab2c678841b.tar.bz2 sharkey-7a25ff3d65b1f3e74df10be43e238ab2c678841b.zip | |
check privacy settings in charts/user/following
Diffstat (limited to '')
| -rw-r--r-- | packages/backend/src/server/api/endpoints/charts/user/following.ts | 79 |
1 files changed, 78 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints/charts/user/following.ts b/packages/backend/src/server/api/endpoints/charts/user/following.ts index 20d0ecb25d..1d333f9a9b 100644 --- a/packages/backend/src/server/api/endpoints/charts/user/following.ts +++ b/packages/backend/src/server/api/endpoints/charts/user/following.ts @@ -8,6 +8,8 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import { getJsonSchema } from '@/core/chart/core.js'; import PerUserFollowingChart from '@/core/chart/charts/per-user-following.js'; import { schema } from '@/core/chart/charts/entities/per-user-following.js'; +import { CacheService } from '@/core/CacheService.js'; +import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['charts', 'users', 'following'], @@ -40,9 +42,84 @@ export const paramDef = { export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export constructor( private perUserFollowingChart: PerUserFollowingChart, + private readonly cacheService: CacheService, + private readonly roleService: RoleService, ) { super(meta, paramDef, async (ps, me) => { - return await this.perUserFollowingChart.getChart(ps.span, ps.limit, ps.offset ? new Date(ps.offset) : null, ps.userId); + const profile = await this.cacheService.userProfileCache.fetch(ps.userId); + + // These are structured weird to avoid un-necessary calls to roleService and cacheService + const iAmModeratorOrTarget = me && (me.id === ps.userId || await this.roleService.isModerator(me)); + const iAmFollowingOrTarget = me && (me.id === ps.userId || await this.cacheService.isFollowing(me.id, ps.userId)); + + const canViewFollowing = + profile.followingVisibility === 'public' + || iAmModeratorOrTarget + || (profile.followingVisibility === 'followers' && iAmFollowingOrTarget); + + const canViewFollowers = + profile.followersVisibility === 'public' + || iAmModeratorOrTarget + || (profile.followersVisibility === 'followers' && iAmFollowingOrTarget); + + if (!canViewFollowing && !canViewFollowers) { + return { + local: { + followings: { + total: [], + inc: [], + dec: [], + }, + followers: { + total: [], + inc: [], + dec: [], + }, + }, + remote: { + followings: { + total: [], + inc: [], + dec: [], + }, + followers: { + total: [], + inc: [], + dec: [], + }, + }, + }; + } + + const chart = await this.perUserFollowingChart.getChart(ps.span, ps.limit, ps.offset ? new Date(ps.offset) : null, ps.userId); + + if (!canViewFollowers) { + chart.local.followers = { + total: [], + inc: [], + dec: [], + }; + chart.remote.followers = { + total: [], + inc: [], + dec: [], + }; + } + + if (!canViewFollowing) { + chart.local.followings = { + total: [], + inc: [], + dec: [], + }; + chart.remote.followings = { + total: [], + inc: [], + dec: [], + }; + } + + return chart; }); } } |