diff options
| author | lain <lain@soykaf.club> | 2020-08-13 15:37:42 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-08-13 15:37:42 +0200 |
| commit | 57ab69870708b6982f45453121dbaec212ad4e6e (patch) | |
| tree | 9139fc08d2b653a7fea8fb97613eacb8509228f0 | |
| parent | 2bc2b321b6b56cbb50b484181042ccaae3d8707c (diff) | |
UpdateValidator: Allow updating of your own objects.
| -rw-r--r-- | lib/pleroma/web/activity_pub/object_validators/update_validator.ex | 16 | ||||
| -rw-r--r-- | test/web/activity_pub/object_validators/update_validation_test.exs | 16 |
2 files changed, 30 insertions, 2 deletions
diff --git a/lib/pleroma/web/activity_pub/object_validators/update_validator.ex b/lib/pleroma/web/activity_pub/object_validators/update_validator.ex index b4ba5ede0..724df194b 100644 --- a/lib/pleroma/web/activity_pub/object_validators/update_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/update_validator.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do use Ecto.Schema + alias Pleroma.Object alias Pleroma.EctoType.ActivityPub.ObjectValidators import Ecto.Changeset @@ -42,13 +43,24 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do |> validate_data end + defp can_update?(actor_id, actor_id), do: true + + @updateable ~w{Article Note Page} + defp can_update?(actor_id, object_id) do + with %Object{data: %{"actor" => ^actor_id, "type" => type}} when type in @updateable <- + Object.get_cached_by_ap_id(object_id) do + true + else + _ -> false + end + end + # For now we only support updating users, and here the rule is easy: - # object id == actor id def validate_updating_rights(cng) do with actor = get_field(cng, :actor), object = get_field(cng, :object), {:ok, object_id} <- ObjectValidators.ObjectID.cast(object), - true <- actor == object_id do + true <- can_update?(actor, object_id) do cng else _e -> diff --git a/test/web/activity_pub/object_validators/update_validation_test.exs b/test/web/activity_pub/object_validators/update_validation_test.exs index 5e80cf731..377aab841 100644 --- a/test/web/activity_pub/object_validators/update_validation_test.exs +++ b/test/web/activity_pub/object_validators/update_validation_test.exs @@ -5,8 +5,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do use Pleroma.DataCase + alias Pleroma.Object alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.ObjectValidator + alias Pleroma.Web.CommonAPI import Pleroma.Factory @@ -40,5 +42,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do assert {:error, _cng} = ObjectValidator.validate(update, []) end + + test "validates a user updating their own note", %{user: user} do + {:ok, activity} = CommonAPI.post(user, %{status: "I love cafe"}) + + object = Object.normalize(activity) + + updated_object = + object.data + |> Map.put("content", "I love cofe") + + {:ok, update, []} = Builder.update(user, updated_object) + + assert {ok, _update, []} = ObjectValidator.validate(update, []) + end end end |