forked from alemi/upub
fix: oops didnt actually fix the comparison
This commit is contained in:
parent
3781d38f95
commit
ec910693d9
1 changed files with 18 additions and 20 deletions
|
@ -62,30 +62,28 @@ pub async fn page<const OUTGOING: bool>(
|
||||||
let limit = page.batch.unwrap_or(20).min(50);
|
let limit = page.batch.unwrap_or(20).min(50);
|
||||||
let offset = page.offset.unwrap_or(0);
|
let offset = page.offset.unwrap_or(0);
|
||||||
|
|
||||||
let mut filter = Condition::all()
|
let (user, config) = model::actor::Entity::find_by_ap_id(&ctx.uid(&id))
|
||||||
.add(if OUTGOING { Follower } else { Following }.eq(ctx.uid(&id)));
|
|
||||||
|
|
||||||
let hidden = {
|
|
||||||
// TODO i could avoid this query if ctx.uid(id) == Identity::Local { id }
|
|
||||||
match model::actor::Entity::find_by_ap_id(&ctx.uid(&id))
|
|
||||||
.find_also_related(model::config::Entity)
|
.find_also_related(model::config::Entity)
|
||||||
.one(ctx.db())
|
.one(ctx.db())
|
||||||
.await?
|
.await?
|
||||||
.ok_or_else(ApiError::not_found)?
|
.ok_or_else(ApiError::not_found)?;
|
||||||
{
|
|
||||||
|
let hidden = match config {
|
||||||
// assume all remote users have private followers
|
// assume all remote users have private followers
|
||||||
// this because we get to see some of their "private" followers if they follow local users,
|
// this because we get to see some of their "private" followers if they follow local users,
|
||||||
// and there is no mechanism to broadcast privacy on/off, so we could be leaking followers. to
|
// and there is no mechanism to broadcast privacy on/off, so we could be leaking followers. to
|
||||||
// mitigate this, just assume them all private: local users can only see themselves and remote
|
// mitigate this, just assume them all private: local users can only see themselves and remote
|
||||||
// fetchers can only see relations from their instance (meaning likely zero because we only
|
// fetchers can only see relations from their instance (meaning likely zero because we only
|
||||||
// store relations for which at least one end is on local instance)
|
// store relations for which at least one end is on local instance)
|
||||||
(_, None) => true,
|
None => true,
|
||||||
(_, Some(config)) => {
|
Some(config) => {
|
||||||
if OUTGOING { !config.show_followers } else { !config.show_following }
|
if OUTGOING { !config.show_followers } else { !config.show_following }
|
||||||
},
|
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let mut filter = Condition::all()
|
||||||
|
.add(if OUTGOING { Follower } else { Following }.eq(user.internal));
|
||||||
|
|
||||||
if hidden {
|
if hidden {
|
||||||
match auth {
|
match auth {
|
||||||
Identity::Anonymous => return Err(ApiError::unauthorized()),
|
Identity::Anonymous => return Err(ApiError::unauthorized()),
|
||||||
|
|
Loading…
Reference in a new issue