fix: shared inbox MUST NOT contain private stuff

This commit is contained in:
əlemi 2024-05-13 18:53:03 +02:00
parent d2f0ce0391
commit 401ef08af3
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -1,5 +1,6 @@
use apb::{server::Inbox, Activity, ActivityType}; use apb::{server::Inbox, Activity, ActivityType};
use axum::{extract::{Query, State}, http::StatusCode, Json}; use axum::{extract::{Query, State}, http::StatusCode, Json};
use sea_orm::{sea_query::IntoCondition, ColumnTrait};
use crate::{errors::UpubError, server::{auth::{AuthIdentity, Identity}, Context}, url}; use crate::{errors::UpubError, server::{auth::{AuthIdentity, Identity}, Context}, url};
@ -19,7 +20,8 @@ pub async fn page(
) -> crate::Result<JsonLD<serde_json::Value>> { ) -> crate::Result<JsonLD<serde_json::Value>> {
crate::server::builders::paginate( crate::server::builders::paginate(
url!(ctx, "/inbox/page"), url!(ctx, "/inbox/page"),
auth.filter_condition(), crate::model::addressing::Column::Actor.eq(apb::target::PUBLIC)
.into_condition(),
ctx.db(), ctx.db(),
page, page,
auth.my_id(), auth.my_id(),