t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: don't show posts from private profiles when quoted

Browse source 
fix: password updating (mod)
This commit is contained in:
trisua 2025-05-15 23:59:26 -04:00
parent 2ec56809b8
commit 03b252937b
8 changed files with 87 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

5
crates/app/src/routes/api/v1/auth/profile.rs
View file

@ -133,12 +133,13 @@ pub async fn update_user_password_request(
None => return Json(Error::NotAllowed.into()), None => return Json(Error::NotAllowed.into()),
}; };
if user.id != id && !user.permissions.check(FinePermission::MANAGE_USERS) { let can_force = user.permissions.check(FinePermission::MANAGE_USERS);
if user.id != id && !can_force {
return Json(Error::NotAllowed.into()); return Json(Error::NotAllowed.into());
} }
match data match data
.update_user_password(id, req.from, req.to, user, false) .update_user_password(id, req.from, req.to, user, can_force)
.await .await
{ {
Ok(_) => Json(ApiReturn { Ok(_) => Json(ApiReturn {

21
crates/app/src/routes/pages/communities.rs
View file

@ -351,7 +351,7 @@ pub async fn feed_request(
.get_posts_by_community(community.id, 12, props.page) .get_posts_by_community(community.id, 12, props.page)
.await .await
{ {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },
@ -359,7 +359,7 @@ pub async fn feed_request(
}; };
let pinned = match data.0.get_pinned_posts_by_community(community.id).await { let pinned = match data.0.get_pinned_posts_by_community(community.id).await {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },
@ -609,7 +609,7 @@ pub async fn post_request(
check_user_blocked_or_private!(user, owner, data, jar); check_user_blocked_or_private!(user, owner, data, jar);
// check repost // check repost
let reposting = data.0.get_post_reposting(&post, &ignore_users).await; let reposting = data.0.get_post_reposting(&post, &ignore_users, &user).await;
// check question // check question
let question = match data.0.get_post_question(&post, &ignore_users).await { let question = match data.0.get_post_question(&post, &ignore_users).await {
@ -634,7 +634,7 @@ pub async fn post_request(
}; };
let feed = match data.0.get_post_comments(post.id, 12, props.page).await { let feed = match data.0.get_post_comments(post.id, 12, props.page).await {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },
@ -730,7 +730,7 @@ pub async fn reposts_request(
check_user_blocked_or_private!(user, owner, data, jar); check_user_blocked_or_private!(user, owner, data, jar);
// check repost // check repost
let reposting = data.0.get_post_reposting(&post, &ignore_users).await; let reposting = data.0.get_post_reposting(&post, &ignore_users, &user).await;
// check question // check question
let question = match data.0.get_post_question(&post, &ignore_users).await { let question = match data.0.get_post_question(&post, &ignore_users).await {
@ -760,7 +760,7 @@ pub async fn reposts_request(
.get_quoting_posts_by_quoting(post.id, 12, props.page) .get_quoting_posts_by_quoting(post.id, 12, props.page)
.await .await
{ {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },
@ -768,7 +768,7 @@ pub async fn reposts_request(
} }
} else { } else {
match data.0.get_reposts_by_quoting(post.id, 12, props.page).await { match data.0.get_reposts_by_quoting(post.id, 12, props.page).await {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },
@ -882,7 +882,10 @@ pub async fn likes_request(
} }
// check repost // check repost
let reposting = data.0.get_post_reposting(&post, &ignore_users).await; let reposting = data
.0
.get_post_reposting(&post, &ignore_users, &Some(user.clone()))
.await;
// check question // check question
let question = match data.0.get_post_question(&post, &ignore_users).await { let question = match data.0.get_post_question(&post, &ignore_users).await {
@ -1095,7 +1098,7 @@ pub async fn question_request(
.get_posts_by_question(question.id, 12, props.page) .get_posts_by_question(question.id, 12, props.page)
.await .await
{ {
Ok(p) => match data.0.fill_posts(p, &ignore_users).await { Ok(p) => match data.0.fill_posts(p, &ignore_users, &user).await {
Ok(p) => p, Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)), Err(e) => return Err(Html(render_error(e, &jar, &data, &user).await)),
}, },

12
crates/app/src/routes/pages/misc.rs
View file

@ -38,7 +38,11 @@ pub async fn index_request(
// all timeline for unauthenticated users // all timeline for unauthenticated users
// i'm only changing this for stripe // i'm only changing this for stripe
let list = match data.0.get_latest_posts(12, req.page).await { let list = match data.0.get_latest_posts(12, req.page).await {
Ok(l) => match data.0.fill_posts_with_community(l, 0, &Vec::new()).await { Ok(l) => match data
.0
.fill_posts_with_community(l, 0, &Vec::new(), &None)
.await
{
Ok(l) => l, Ok(l) => l,
Err(e) => return Html(render_error(e, &jar, &data, &None).await), Err(e) => return Html(render_error(e, &jar, &data, &None).await),
}, },
@ -64,7 +68,7 @@ pub async fn index_request(
{ {
Ok(l) => match data Ok(l) => match data
.0 .0
.fill_posts_with_community(l, user.id, &ignore_users) .fill_posts_with_community(l, user.id, &ignore_users, &Some(user.clone()))
.await .await
{ {
Ok(l) => l, Ok(l) => l,
@ -103,6 +107,7 @@ pub async fn popular_request(
l, l,
if let Some(ref ua) = user { ua.id } else { 0 }, if let Some(ref ua) = user { ua.id } else { 0 },
&ignore_users, &ignore_users,
&user,
) )
.await .await
{ {
@ -145,7 +150,7 @@ pub async fn following_request(
{ {
Ok(l) => match data Ok(l) => match data
.0 .0
.fill_posts_with_community(l, user.id, &ignore_users) .fill_posts_with_community(l, user.id, &ignore_users, &Some(user.clone()))
.await .await
{ {
Ok(l) => l, Ok(l) => l,
@ -186,6 +191,7 @@ pub async fn all_request(
l, l,
if let Some(ref ua) = user { ua.id } else { 0 }, if let Some(ref ua) = user { ua.id } else { 0 },
&ignore_users, &ignore_users,
&user,
) )
.await .await
{ {

3
crates/app/src/routes/pages/profile.rs
View file

@ -237,6 +237,7 @@ pub async fn posts_request(
p, p,
if let Some(ref ua) = user { ua.id } else { 0 }, if let Some(ref ua) = user { ua.id } else { 0 },
&ignore_users, &ignore_users,
&user,
) )
.await .await
{ {
@ -257,6 +258,7 @@ pub async fn posts_request(
p, p,
if let Some(ref ua) = user { ua.id } else { 0 }, if let Some(ref ua) = user { ua.id } else { 0 },
&ignore_users, &ignore_users,
&user,
) )
.await .await
{ {
@ -275,6 +277,7 @@ pub async fn posts_request(
p, p,
if let Some(ref ua) = user { ua.id } else { 0 }, if let Some(ref ua) = user { ua.id } else { 0 },
&ignore_users, &ignore_users,
&user,
) )
.await .await
{ {

9
crates/app/src/routes/pages/stacks.rs
View file

@ -68,7 +68,14 @@ pub async fn posts_request(
let ignore_users = data.0.get_userblocks_receivers(user.id).await; let ignore_users = data.0.get_userblocks_receivers(user.id).await;
let list = match data let list = match data
.0 .0
.get_stack_posts(user.id, stack.id, 12, req.page, &ignore_users) .get_stack_posts(
user.id,
stack.id,
12,
req.page,
&ignore_users,
&Some(user.clone()),
)
.await .await
{ {
Ok(l) => l, Ok(l) => l,

2
crates/core/src/database/auth.rs
View file

@ -387,7 +387,7 @@ impl DataManager {
force: bool, force: bool,
) -> Result<()> { ) -> Result<()> {
// verify password // verify password
if (hash_salted(from.clone(), user.salt.clone()) != user.password) && !force { if !user.check_password(from.clone()) && !force {
return Err(Error::MiscError("Password does not match".to_string())); return Err(Error::MiscError("Password does not match".to_string()));
} }

67
crates/core/src/database/posts.rs
View file

@ -83,6 +83,7 @@ impl DataManager {
&self, &self,
post: &Post, post: &Post,
ignore_users: &[usize], ignore_users: &[usize],
user: &Option<User>,
) -> Option<(User, Post)> { ) -> Option<(User, Post)> {
if let Some(ref repost) = post.context.repost { if let Some(ref repost) = post.context.repost {
if let Some(reposting) = repost.reposting { if let Some(reposting) = repost.reposting {
@ -95,6 +96,30 @@ impl DataManager {
return None; return None;
} }
// check private profile settings
let owner = match self.get_user_by_id(x.owner).await {
Ok(ua) => ua,
Err(_) => return None,
};
if let Some(ua) = user {
// TODO: maybe check community membership to see if we can MANAGE_POSTS in community
if owner.settings.private_profile
&& owner.id != ua.id
&& !ua.permissions.check(FinePermission::MANAGE_POSTS)
{
if self
.get_userfollow_by_initiator_receiver(owner.id, ua.id)
.await
.is_err()
{
// owner isn't following us, we aren't the owner, AND we don't have MANAGE_POSTS permission
return None;
}
}
}
// ...
x.mark_as_repost(); x.mark_as_repost();
Some(( Some((
match self.get_user_by_id(x.owner).await { match self.get_user_by_id(x.owner).await {
@ -141,6 +166,7 @@ impl DataManager {
&self, &self,
posts: Vec<Post>, posts: Vec<Post>,
ignore_users: &[usize], ignore_users: &[usize],
user: &Option<User>,
) -> Result<Vec<(Post, User, Option<(User, Post)>, Option<(Question, User)>)>> { ) -> Result<Vec<(Post, User, Option<(User, Post)>, Option<(Question, User)>)>> {
let mut out: Vec<(Post, User, Option<(User, Post)>, Option<(Question, User)>)> = Vec::new(); let mut out: Vec<(Post, User, Option<(User, Post)>, Option<(Question, User)>)> = Vec::new();
@ -152,20 +178,20 @@ impl DataManager {
continue; continue;
} }
if let Some(user) = users.get(&owner) { if let Some(ua) = users.get(&owner) {
out.push(( out.push((
post.clone(), post.clone(),
user.clone(), ua.clone(),
self.get_post_reposting(&post, ignore_users).await, self.get_post_reposting(&post, ignore_users, user).await,
self.get_post_question(&post, ignore_users).await?, self.get_post_question(&post, ignore_users).await?,
)); ));
} else { } else {
let user = self.get_user_by_id(owner).await?; let ua = self.get_user_by_id(owner).await?;
users.insert(owner, user.clone()); users.insert(owner, ua.clone());
out.push(( out.push((
post.clone(), post.clone(),
user, ua,
self.get_post_reposting(&post, ignore_users).await, self.get_post_reposting(&post, ignore_users, user).await,
self.get_post_question(&post, ignore_users).await?, self.get_post_question(&post, ignore_users).await?,
)); ));
} }
@ -180,6 +206,7 @@ impl DataManager {
posts: Vec<Post>, posts: Vec<Post>,
user_id: usize, user_id: usize,
ignore_users: &[usize], ignore_users: &[usize],
user: &Option<User>,
) -> Result< ) -> Result<
Vec<( Vec<(
Post, Post,
@ -209,51 +236,51 @@ impl DataManager {
let community = post.community; let community = post.community;
if let Some((user, community)) = seen_before.get(&(owner, community)) { if let Some((ua, community)) = seen_before.get(&(owner, community)) {
out.push(( out.push((
post.clone(), post.clone(),
user.clone(), ua.clone(),
community.to_owned(), community.to_owned(),
self.get_post_reposting(&post, ignore_users).await, self.get_post_reposting(&post, ignore_users, user).await,
self.get_post_question(&post, ignore_users).await?, self.get_post_question(&post, ignore_users).await?,
)); ));
} else { } else {
let user = self.get_user_by_id(owner).await?; let ua = self.get_user_by_id(owner).await?;
// check relationship // check relationship
if user.settings.private_profile && user.id != user_id { if ua.settings.private_profile && ua.id != user_id {
if user_id == 0 { if user_id == 0 {
continue; continue;
} }
if let Some(is_following) = seen_user_follow_statuses.get(&(user.id, user_id)) { if let Some(is_following) = seen_user_follow_statuses.get(&(ua.id, user_id)) {
if !is_following && (user.id != user_id) { if !is_following && (ua.id != user_id) {
// post owner is not following us // post owner is not following us
continue; continue;
} }
} else { } else {
if self if self
.get_userfollow_by_initiator_receiver(user.id, user_id) .get_userfollow_by_initiator_receiver(ua.id, user_id)
.await .await
.is_err() .is_err()
{ {
// post owner is not following us // post owner is not following us
seen_user_follow_statuses.insert((user.id, user_id), false); seen_user_follow_statuses.insert((ua.id, user_id), false);
continue; continue;
} }
seen_user_follow_statuses.insert((user.id, user_id), true); seen_user_follow_statuses.insert((ua.id, user_id), true);
} }
} }
// ... // ...
let community = self.get_community_by_id(community).await?; let community = self.get_community_by_id(community).await?;
seen_before.insert((owner, community.id), (user.clone(), community.clone())); seen_before.insert((owner, community.id), (ua.clone(), community.clone()));
out.push(( out.push((
post.clone(), post.clone(),
user, ua,
community, community,
self.get_post_reposting(&post, ignore_users).await, self.get_post_reposting(&post, ignore_users, user).await,
self.get_post_question(&post, ignore_users).await?, self.get_post_question(&post, ignore_users).await?,
)); ));
} }

4
crates/core/src/database/stacks.rs
View file

@ -43,6 +43,7 @@ impl DataManager {
batch: usize, batch: usize,
page: usize, page: usize,
ignore_users: &Vec<usize>, ignore_users: &Vec<usize>,
user: &Option<User>,
) -> Result< ) -> Result<
Vec<( Vec<(
Post, Post,
@ -61,6 +62,7 @@ impl DataManager {
.await?, .await?,
as_user_id, as_user_id,
ignore_users, ignore_users,
user,
) )
.await? .await?
} }
@ -73,6 +75,7 @@ impl DataManager {
self.get_latest_posts(batch, page).await?, self.get_latest_posts(batch, page).await?,
as_user_id, as_user_id,
&ignore_users, &ignore_users,
user,
) )
.await? .await?
} }
@ -81,6 +84,7 @@ impl DataManager {
self.get_popular_posts(batch, page, 604_800_000).await?, self.get_popular_posts(batch, page, 604_800_000).await?,
as_user_id, as_user_id,
&ignore_users, &ignore_users,
user,
) )
.await? .await?
} }