Commit 1b06e6fd authored by minibikini's avatar minibikini
Browse files

only non-reblogs, self-authored, public statuses can be pinned

parent 28afcb7c
......@@ -165,8 +165,18 @@ def update(user) do
})
end
def pin(id_or_ap_id, user) do
with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do
with %Activity{
actor: ^user_ap_id,
data: %{
"type" => "Create",
"object" => %{
"to" => object_to,
"type" => "Note"
}
}
} = activity <- get_by_id_or_ap_id(id_or_ap_id),
true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"),
%{valid?: true} = info_changeset <-
Pleroma.User.Info.add_pinnned_activity(user.info, activity),
changeset <-
......
......@@ -107,6 +107,16 @@ test "pin status" do
assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
end
test "only self-authored can be pinned" do
Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
user_one = insert(:user)
user_two = insert(:user)
{:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
assert {:error, "Could not pin"} = CommonAPI.pin(activity.id, user_two)
end
test "max pinned statuses" do
Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
user = insert(:user)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment