Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
This commit is contained in:
parent
b9d7021c1b
commit
d4cf963749
|
@ -36,6 +36,6 @@ class ActivityPub::InboxesController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def process_payload
|
def process_payload
|
||||||
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'))
|
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -81,11 +81,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
@mentions << Mention.new(account: account, silent: true)
|
@mentions << Mention.new(account: account, silent: true)
|
||||||
|
|
||||||
# If there is at least one silent mention, then the status can be considered
|
# If there is at least one silent mention, then the status can be considered
|
||||||
# as a limited-audience status, and not strictly a direct message
|
# as a limited-audience status, and not strictly a direct message, but only
|
||||||
|
# if we considered a direct message in the first place
|
||||||
next unless @params[:visibility] == :direct
|
next unless @params[:visibility] == :direct
|
||||||
|
|
||||||
@params[:visibility] = :limited
|
@params[:visibility] = :limited
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# If the payload was delivered to a specific inbox, the inbox owner must have
|
||||||
|
# access to it, unless they already have access to it anyway
|
||||||
|
return if @options[:delivered_to_account_id].nil? || @mentions.any? { mention.account_id == @options[:delivered_to_account_id] }
|
||||||
|
|
||||||
|
@mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true)
|
||||||
|
|
||||||
|
return unless @param[:visibility] == :direct
|
||||||
|
|
||||||
|
@params[:visibility] = :limited
|
||||||
end
|
end
|
||||||
|
|
||||||
def attach_tags(status)
|
def attach_tags(status)
|
||||||
|
|
|
@ -5,7 +5,7 @@ class ActivityPub::ProcessingWorker
|
||||||
|
|
||||||
sidekiq_options backtrace: true
|
sidekiq_options backtrace: true
|
||||||
|
|
||||||
def perform(account_id, body)
|
def perform(account_id, body, delivered_to_account_id = nil)
|
||||||
ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true)
|
ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true, delivered_to_account_id: delivered_to_account_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue