From 1fec2ff78f11eabb1c9a33838e3ebeed997a82c4 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 18 May 2019 00:28:51 +0200 Subject: [PATCH] Prevent from publicly boosting one's own private toots (#10775) --- app/services/reblog_service.rb | 4 +++- spec/services/reblog_service_spec.rb | 12 ++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb index ff48d9c75c..1710640c81 100644 --- a/app/services/reblog_service.rb +++ b/app/services/reblog_service.rb @@ -18,7 +18,9 @@ class ReblogService < BaseService return reblog unless reblog.nil? - reblog = account.statuses.create!(reblog: reblogged_status, text: '', visibility: options[:visibility] || account.user&.setting_default_privacy) + visibility = options[:visibility] || account.user&.setting_default_privacy + visibility = reblogged_status.visibility if reblogged_status.hidden? + reblog = account.statuses.create!(reblog: reblogged_status, text: '', visibility: visibility) DistributionWorker.perform_async(reblog.id) Pubsubhubbub::DistributionWorker.perform_async(reblog.stream_entry.id) diff --git a/spec/services/reblog_service_spec.rb b/spec/services/reblog_service_spec.rb index 9e66c66436..9d84c41d5e 100644 --- a/spec/services/reblog_service_spec.rb +++ b/spec/services/reblog_service_spec.rb @@ -4,10 +4,9 @@ RSpec.describe ReblogService, type: :service do let(:alice) { Fabricate(:account, username: 'alice') } context 'creates a reblog with appropriate visibility' do - let(:bob) { Fabricate(:account, username: 'bob') } let(:visibility) { :public } let(:reblog_visibility) { :public } - let(:status) { Fabricate(:status, account: bob, visibility: visibility) } + let(:status) { Fabricate(:status, account: alice, visibility: visibility) } subject { ReblogService.new } @@ -22,6 +21,15 @@ RSpec.describe ReblogService, type: :service do expect(status.reblogs.first.visibility).to eq 'private' end end + + describe 'public reblogs of private toots should remain private' do + let(:visibility) { :private } + let(:reblog_visibility) { :public } + + it 'reblogs privately' do + expect(status.reblogs.first.visibility).to eq 'private' + end + end end context 'OStatus' do