diff options
| author | Hazel K <acomputerdog@gmail.com> | 2024-10-04 22:07:30 -0400 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2024-11-02 17:39:16 -0400 |
| commit | 3a72bf453a6e37a9bbf96892d126c261cb4475dd (patch) | |
| tree | a4aa5a81b83105b97b6cb000d30e2d8c87ef7fbb /packages/backend/src/server/api | |
| parent | Revert "fix incorrect populated object in followers endpoint" (diff) | |
| download | sharkey-3a72bf453a6e37a9bbf96892d126c261cb4475dd.tar.gz sharkey-3a72bf453a6e37a9bbf96892d126c261cb4475dd.tar.bz2 sharkey-3a72bf453a6e37a9bbf96892d126c261cb4475dd.zip | |
respect following privacy settings
Diffstat (limited to 'packages/backend/src/server/api')
| -rw-r--r-- | packages/backend/src/server/api/endpoints/federation/followers.ts | 17 | ||||
| -rw-r--r-- | packages/backend/src/server/api/endpoints/federation/following.ts | 17 |
2 files changed, 30 insertions, 4 deletions
diff --git a/packages/backend/src/server/api/endpoints/federation/followers.ts b/packages/backend/src/server/api/endpoints/federation/followers.ts index 42c0c29fa6..7a1056f772 100644 --- a/packages/backend/src/server/api/endpoints/federation/followers.ts +++ b/packages/backend/src/server/api/endpoints/federation/followers.ts @@ -5,7 +5,7 @@ import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; -import { MiBlocking, type FollowingsRepository } from '@/models/_.js'; +import { MiBlocking, MiUserProfile, MiFollowing, type FollowingsRepository } from '@/models/_.js'; import { QueryService } from '@/core/QueryService.js'; import { FollowingEntityService } from '@/core/entities/FollowingEntityService.js'; import { DI } from '@/di-symbols.js'; @@ -56,8 +56,21 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- .andWhere('following.followeeHost = :host', { host: ps.host }); if (!await this.roleService.isModerator(me)) { - query.leftJoin(MiBlocking, 'blocking', 'blocking."blockerId" = following."followeeId" AND blocking."blockeeId" = :me', { me: me.id }); + query.setParameter('me', me.id); + + // Make sure that the followee doesn't block us, as their profile is included in the response. + query.leftJoin(MiBlocking, 'blocking', 'blocking."blockerId" = following."followeeId" AND blocking."blockeeId" = :me'); query.andWhere('blocking.id IS NULL'); + + // Make sure that the followee hasn't hidden this connection. + query.leftJoin(MiUserProfile, 'followee', 'followee."userId" = following."followeeId"'); + query.leftJoin(MiFollowing, 'me_following_followee', 'me_following_followee."followerId" = :me AND me_following_followee."followeeId" = following."followerId"'); + query.andWhere('(followee."userId" = :me OR followee."followersVisibility" = \'public\' OR (followee."followersVisibility" = \'followers\' AND me_following_followee.id IS NOT NULL))'); + + // Make sure that the follower hasn't hidden this connection. + query.leftJoin(MiUserProfile, 'follower', 'follower."userId" = following."followerId"'); + query.leftJoin(MiFollowing, 'me_following_follower', 'me_following_follower."followerId" = :me AND me_following_follower."followeeId" = following."followerId"'); + query.andWhere('(follower."userId" = :me OR follower."followingVisibility" = \'public\' OR (follower."followingVisibility" = \'followers\' AND me_following_follower.id IS NOT NULL))'); } const followings = await query diff --git a/packages/backend/src/server/api/endpoints/federation/following.ts b/packages/backend/src/server/api/endpoints/federation/following.ts index 0b36ffa4e1..bc60ffcb69 100644 --- a/packages/backend/src/server/api/endpoints/federation/following.ts +++ b/packages/backend/src/server/api/endpoints/federation/following.ts @@ -5,7 +5,7 @@ import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; -import { MiBlocking, type FollowingsRepository } from '@/models/_.js'; +import { MiBlocking, MiUserProfile, MiFollowing, type FollowingsRepository } from '@/models/_.js'; import { QueryService } from '@/core/QueryService.js'; import { FollowingEntityService } from '@/core/entities/FollowingEntityService.js'; import { DI } from '@/di-symbols.js'; @@ -56,8 +56,21 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- .andWhere('following.followerHost = :host', { host: ps.host }); if (!await this.roleService.isModerator(me)) { - query.leftJoin(MiBlocking, 'blocking', 'blocking."blockerId" = following."followeeId" AND blocking."blockeeId" = :me', { me: me.id }); + query.setParameter('me', me.id); + + // Make sure that the followee doesn't block us, as their profile is included in the response. + query.leftJoin(MiBlocking, 'blocking', 'blocking."blockerId" = following."followeeId" AND blocking."blockeeId" = :me'); query.andWhere('blocking.id IS NULL'); + + // Make sure that the followee hasn't hidden this connection. + query.leftJoin(MiUserProfile, 'followee', 'followee."userId" = following."followeeId"'); + query.leftJoin(MiFollowing, 'me_following_followee', 'me_following_followee."followerId" = :me AND me_following_followee."followeeId" = following."followerId"'); + query.andWhere('(followee."userId" = :me OR followee."followersVisibility" = \'public\' OR (followee."followersVisibility" = \'followers\' AND me_following_followee.id IS NOT NULL))'); + + // Make sure that the follower hasn't hidden this connection. + query.leftJoin(MiUserProfile, 'follower', 'follower."userId" = following."followerId"'); + query.leftJoin(MiFollowing, 'me_following_follower', 'me_following_follower."followerId" = :me AND me_following_follower."followeeId" = following."followerId"'); + query.andWhere('(follower."userId" = :me OR follower."followingVisibility" = \'public\' OR (follower."followingVisibility" = \'followers\' AND me_following_follower.id IS NOT NULL))'); } const followings = await query |