From b0a38c0caee2218b9e9f3b689f02ab22cc76a12c Mon Sep 17 00:00:00 2001
From: tamaina <tamaina@hotmail.co.jp>
Date: Thu, 1 Feb 2024 20:05:45 +0900
Subject: fix: Hide reactions of all remote users / feat: moderators can see
 reactions of all users (#13128)

* fix: Hide reactions of all remote users
https://github.com/misskey-dev/misskey/issues/12964

* feat: Moderators can see reactions of all users
https://github.com/misskey-dev/misskey/issues/13127

* modify CHANGELOG.md

* fix iAmModerator
---
 .../src/server/api/endpoints/users/reactions.ts    | 24 +++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'packages/backend/src/server/api/endpoints')

diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts
index 372ab80c4c..69a842dbfb 100644
--- a/packages/backend/src/server/api/endpoints/users/reactions.ts
+++ b/packages/backend/src/server/api/endpoints/users/reactions.ts
@@ -9,6 +9,9 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import { QueryService } from '@/core/QueryService.js';
 import { NoteReactionEntityService } from '@/core/entities/NoteReactionEntityService.js';
 import { DI } from '@/di-symbols.js';
+import { CacheService } from '@/core/CacheService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
 
 export const meta = {
@@ -34,6 +37,11 @@ export const meta = {
 			code: 'REACTIONS_NOT_PUBLIC',
 			id: '673a7dd2-6924-1093-e0c0-e68456ceae5c',
 		},
+		isRemoteUser: {
+			message: 'Currently unavailable to display reactions of remote users. See https://github.com/misskey-dev/misskey/issues/12964',
+			code: 'IS_REMOTE_USER',
+			id: '6b95fa98-8cf9-2350-e284-f0ffdb54a805',
+		},
 	},
 } as const;
 
@@ -59,14 +67,24 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		@Inject(DI.noteReactionsRepository)
 		private noteReactionsRepository: NoteReactionsRepository,
 
+		private cacheService: CacheService,
+		private userEntityService: UserEntityService,
 		private noteReactionEntityService: NoteReactionEntityService,
 		private queryService: QueryService,
+		private roleService: RoleService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
-			const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId });
+			const iAmModerator = me ? await this.roleService.isModerator(me) : false; // Moderators can see reactions of all users
+			if (!iAmModerator) {
+				const user = await this.cacheService.findUserById(ps.userId);
+				if (this.userEntityService.isRemoteUser(user)) {
+					throw new ApiError(meta.errors.isRemoteUser);
+				}
 
-			if ((me == null || me.id !== ps.userId) && !profile.publicReactions) {
-				throw new ApiError(meta.errors.reactionsNotPublic);
+				const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId });
+				if ((me == null || me.id !== ps.userId) && !profile.publicReactions) {
+					throw new ApiError(meta.errors.reactionsNotPublic);
+				}
 			}
 
 			const query = this.queryService.makePaginationQuery(this.noteReactionsRepository.createQueryBuilder('reaction'),
-- 
cgit v1.2.3-freya