fix(backend): 非公開の投稿に対して返信できないように (#12333)

* fix(backend): 非公開の投稿に対して返信できないように

* Update CHANGELOG.md

* fix: test
This commit is contained in:
zyoshoka 2023-11-15 11:10:45 +09:00 committed by GitHub
parent 3939360e55
commit aa6d0d4359
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 0 deletions

View File

@ -34,6 +34,7 @@
- Fix: 投稿通知がオンでもダイレクト投稿はユーザーに通知されないようにされました
- Fix: ユーザタイムラインの「ノート」選択時にリノートが混ざり込んでしまうことがある問題の修正 #12306
- Fix: ActivityPubに関するセキュリティの向上
- Fix: 非公開の投稿に対して返信できないように
## 2023.11.0

View File

@ -70,6 +70,12 @@ export const meta = {
id: '749ee0f6-d3da-459a-bf02-282e2da4292c',
},
cannotReplyToInvisibleNote: {
message: 'You cannot reply to an invisible Note.',
code: 'CANNOT_REPLY_TO_AN_INVISIBLE_NOTE',
id: 'b98980fa-3780-406c-a935-b6d0eeee10d1',
},
cannotReplyToPureRenote: {
message: 'You can not reply to a pure Renote.',
code: 'CANNOT_REPLY_TO_A_PURE_RENOTE',
@ -276,6 +282,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new ApiError(meta.errors.noSuchReplyTarget);
} else if (isPureRenote(reply)) {
throw new ApiError(meta.errors.cannotReplyToPureRenote);
} else if (!await this.noteEntityService.isVisibleForMe(reply, me.id)) {
throw new ApiError(meta.errors.cannotReplyToInvisibleNote);
}
// Check blocking

View File

@ -152,6 +152,7 @@ describe('Timelines', () => {
await api('/following/create', { userId: bob.id }, alice);
await api('/following/create', { userId: carol.id }, alice);
await api('/following/create', { userId: carol.id }, bob);
await api('/following/update', { userId: bob.id, withReplies: true }, alice);
await sleep(1000);
const carolNote = await post(carol, { text: 'hi', visibility: 'followers' });