twitter api: add approve/deny endpoints

f8e09427 · kaniini · d116af3b · f8e09427 · f8e09427 · f8e09427
Commit f8e09427 authored Jun 07, 2018 by kaniini
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -248,6 +248,8 @@ def user_fetcher(username) do
    post("/statuses/destroy/:id", TwitterAPI.Controller, :delete_post)

    get("/pleroma/friend_requests", TwitterAPI.Controller, :friend_requests)
+    post("/pleroma/friendships/approve", TwitterAPI.Controller, :approve_friend_request)
+    post("/pleroma/friendships/deny", TwitterAPI.Controller, :deny_friend_request)

    post("/friendships/create", TwitterAPI.Controller, :follow)
    post("/friendships/destroy", TwitterAPI.Controller, :unfollow)

--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
  alias Pleroma.Web.CommonAPI
  alias Pleroma.{Repo, Activity, User, Notification}
  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Utils
  alias Ecto.Changeset

  require Logger
@@ -332,14 +333,53 @@ def friends(conn, params) do
  end

  def friend_requests(conn, params) do
-    with {:ok, user} <- TwitterAPI.get_user(conn.assigns.user, params),
+    with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params),
         {:ok, friend_requests} <- User.get_follow_requests(user) do
-      render(conn, UserView, "index.json", %{users: friend_requests, for: user})
+      render(conn, UserView, "index.json", %{users: friend_requests, for: conn.assigns[:user]})
    else
      _e -> bad_request_reply(conn, "Can't get friend requests")
    end
  end

+  def approve_friend_request(conn, %{"user_id" => uid} = params) do
+    with followed <- conn.assigns[:user],
+         uid when is_number(uid) <- String.to_integer(uid),
+         %User{} = follower <- Repo.get(User, uid),
+         {:ok, follower} <- User.maybe_follow(follower, followed),
+         %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+         {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"),
+         {:ok, _activity} <-
+           ActivityPub.accept(%{
+             to: [follower.ap_id],
+             actor: followed.ap_id,
+             object: follow_activity.data["id"],
+             type: "Accept"
+           }) do
+      render(conn, UserView, "show.json", %{user: follower, for: followed})
+    else
+      e -> bad_request_reply(conn, "Can't approve user: #{inspect(e)}")
+    end
+  end
+
+  def deny_friend_request(conn, %{"user_id" => uid} = params) do
+    with followed <- conn.assigns[:user],
+         uid when is_number(uid) <- String.to_integer(uid),
+         %User{} = follower <- Repo.get(User, uid),
+         %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+         {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"),
+         {:ok, _activity} <-
+           ActivityPub.reject(%{
+             to: [follower.ap_id],
+             actor: followed.ap_id,
+             object: follow_activity.data["id"],
+             type: "Reject"
+           }) do
+      render(conn, UserView, "show.json", %{user: follower, for: followed})
+    else
+      e -> bad_request_reply(conn, "Can't deny user: #{inspect(e)}")
+    end
+  end
+
  def friends_ids(%{assigns: %{user: user}} = conn, _params) do
    with {:ok, friends} <- User.get_friends(user) do
      ids =

--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -980,4 +980,50 @@ test "it lists friend requests" do
      assert other_user.id == relationship["id"]
    end
  end
+
+  describe "POST /api/pleroma/friendships/approve" do
+    test "it approves a friend request" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
+
+      assert relationship = json_response(conn, 200)
+      assert other_user.id == relationship["id"]
+      assert relationship["follows_you"] == true
+    end
+  end
+
+  describe "POST /api/pleroma/friendships/deny" do
+    test "it denies a friend request" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
+
+      assert relationship = json_response(conn, 200)
+      assert other_user.id == relationship["id"]
+      assert relationship["follows_you"] == false
+    end
+  end
 end