Commit 70bcdf32 authored by lain's avatar lain
Browse files

Only search in public data for now.

This should be the data the user is allowed to see later, but this
will stop accidental private message leaks.
parent a9203ab3
...@@ -507,6 +507,7 @@ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do ...@@ -507,6 +507,7 @@ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
from( from(
a in Activity, a in Activity,
where: fragment("?->>'type' = 'Create'", a.data), where: fragment("?->>'type' = 'Create'", a.data),
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where: where:
fragment( fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
......
...@@ -193,6 +193,7 @@ def search(user, %{"q" => query} = params) do ...@@ -193,6 +193,7 @@ def search(user, %{"q" => query} = params) do
from( from(
a in Activity, a in Activity,
where: fragment("?->>'type' = 'Create'", a.data), where: fragment("?->>'type' = 'Create'", a.data),
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
where: where:
fragment( fragment(
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
......
...@@ -564,6 +564,13 @@ test "search", %{conn: conn} do ...@@ -564,6 +564,13 @@ test "search", %{conn: conn} do
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
{:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"}) {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
{:ok, _activity} =
CommonAPI.post(user, %{
"status" => "This is about 2hu, but private",
"visibility" => "private"
})
{:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"}) {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
conn = conn =
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment