Add scope `Status.distributable_visibility` (#29950)

main-rebase-security-fix
Matt Jankowski 2024-04-16 09:16:54 -04:00 committed by GitHub
parent 0622107449
commit caad1e2628
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 9 additions and 8 deletions

View File

@ -46,7 +46,7 @@ class AccountsController < ApplicationController
end
def default_statuses
@account.statuses.where(visibility: [:public, :unlisted])
@account.statuses.distributable_visibility
end
def only_media_scope

View File

@ -31,7 +31,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
def set_replies
@replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
@replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
@replies = @replies.distributable_visibility.where(in_reply_to_id: @status.id)
@replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
end

View File

@ -23,7 +23,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::Base
end
def paginated_statuses
Status.where(reblog_of_id: @status.id).where(visibility: [:public, :unlisted]).paginate_by_max_id(
Status.where(reblog_of_id: @status.id).distributable_visibility.paginate_by_max_id(
limit_param(DEFAULT_ACCOUNTS_LIMIT),
params[:max_id],
params[:since_id]

View File

@ -35,7 +35,7 @@ class AccountStatusesFilter
return Status.none if account.unavailable?
if anonymous?
account.statuses.where(visibility: %i(public unlisted))
account.statuses.distributable_visibility
elsif author?
account.statuses.all # NOTE: #merge! does not work without the #all
elsif blocked?

View File

@ -16,7 +16,7 @@ class Admin::StatusFilter
end
def results
scope = @account.statuses.where(visibility: [:public, :unlisted])
scope = @account.statuses.distributable_visibility
params.each do |key, value|
next if IGNORED_PARAMS.include?(key.to_s)

View File

@ -62,7 +62,7 @@ class Announcement < ApplicationRecord
@statuses ||= if status_ids.nil?
[]
else
Status.where(id: status_ids, visibility: [:public, :unlisted])
Status.where(id: status_ids).distributable_visibility
end
end

View File

@ -12,7 +12,7 @@ module Status::ThreadingConcern
end
def self_replies(limit)
account.statuses.where(in_reply_to_id: id, visibility: [:public, :unlisted]).reorder(id: :asc).limit(limit)
account.statuses.distributable_visibility.where(in_reply_to_id: id).reorder(id: :asc).limit(limit)
end
private

View File

@ -74,6 +74,6 @@ class FeaturedTag < ApplicationRecord
end
def visible_tagged_account_statuses
account.statuses.where(visibility: %i(public unlisted)).tagged_with(tag)
account.statuses.distributable_visibility.tagged_with(tag)
end
end

View File

@ -121,6 +121,7 @@ class Status < ApplicationRecord
scope :tagged_with_none, lambda { |tag_ids|
where('NOT EXISTS (SELECT * FROM statuses_tags forbidden WHERE forbidden.status_id = statuses.id AND forbidden.tag_id IN (?))', tag_ids)
}
scope :distributable_visibility, -> { where(visibility: %i(public unlisted)) }
scope :list_eligible_visibility, -> { where(visibility: %i(public unlisted private)) }
after_create_commit :trigger_create_webhooks