Don't show statuses to blocked users

8 years ago · 1ed3bb3a02
parent d253b0dec6
commit 1ed3bb3a02
4 changed files with 44 additions and 6 deletions
--- a/.eslintrc
+++ b/.eslintrc
@ -15,7 +15,37 @@
    "sourceType": "module",

    "ecmaFeatures": {
-      "jsx": true
-    },
+      "arrowFunctions": true,
+      "jsx": true,
+      "destructuring": true,
+      "modules": true,
+      "spread": true
+    }
  },
+
+  "rules": {
+    "no-cond-assign": 2,
+    "no-console": 1,
+    "no-irregular-whitespace": 2,
+    "no-unreachable": 2,
+    "valid-typeof": 2,
+    "consistent-return": 2,
+    "dot-notation": 2,
+    "eqeqeq": 2,
+    "no-fallthrough": 2,
+    "no-unused-expressions": 2,
+    "strict": 0,
+    "no-catch-shadow": 2,
+    "indent": [1, 2],
+    "brace-style": 1,
+    "comma-spacing": [1, {"before": false, "after": true}],
+    "comma-style": [1, "last"],
+    "no-mixed-spaces-and-tabs": 1,
+    "no-nested-ternary": 1,
+    "no-trailing-spaces": 1,
+    "react/wrap-multilines": 2,
+    "react/self-closing-comp": 2,
+    "react/prop-types": 2,
+    "react/no-multi-comp": 0
+  }
 }
--- a/app/models/status.rb
+++ b/app/models/status.rb
@ -31,7 +31,6 @@ class Status < ApplicationRecord

  scope :remote, -> { where.not(uri: nil) }
  scope :local, -> { where(uri: nil) }
-  scope :permitted_for, ->(target_account, account) { account&.id == target_account.id || account&.following?(target_account) ? where('1=1') : where.not(visibility: :private) }

  cache_associated :account, :media_attachments, :tags, :stream_entry, mentions: :account, reblog: [:account, :stream_entry, :tags, :media_attachments, mentions: :account], thread: :account

@ -72,7 +71,7 @@ class Status < ApplicationRecord
  end

  def permitted?(other_account = nil)
-    private_visibility? ? (account.id == other_account&.id || other_account&.following?(account)) : true
+    private_visibility? ? (account.id == other_account&.id || other_account&.following?(account)) : other_account.nil? || !account.blocking?(other_account)
  end

  def ancestors(account = nil)
@ -145,6 +144,16 @@ class Status < ApplicationRecord
      end
    end

+    def permitted_for(target_account, account)
+      if account&.id == target_account.id || account&.following?(target_account)
+        where('1 = 1')
+      elsif !account.nil? && target_account.blocking?(account)
+        where('1 = 0')
+      else
+        where.not(visibility: :private)
+      end
+    end
+
    private

    def filter_timeline(query, account)
--- a/app/services/process_interaction_service.rb
+++ b/app/services/process_interaction_service.rb
@ -30,7 +30,7 @@ class ProcessInteractionService < BaseService

      case verb(xml)
      when :follow
-        follow!(account, target_account) unless target_account.locked?
+        follow!(account, target_account) unless target_account.locked? || target_account.blocking?(account)
      when :unfollow
        unfollow!(account, target_account)
      when :favorite
--- a/spec/controllers/api/v1/statuses_controller_spec.rb
+++ b/spec/controllers/api/v1/statuses_controller_spec.rb
@ -7,7 +7,6 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
  let(:token) { double acceptable?: true, resource_owner_id: user.id }

  before do
-    stub_request(:post, "https://pubsubhubbub.superfeedr.com/").to_return(:status => 200, :body => "", :headers => {})
    allow(controller).to receive(:doorkeeper_token) { token }
  end