Don't access remote events from non-federated instances when not logged
in Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
39017b63a9
commit
94df5bd1be
@ -5,6 +5,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
|
|||||||
|
|
||||||
alias Mobilizon.{Actors, Admin, Events}
|
alias Mobilizon.{Actors, Admin, Events}
|
||||||
alias Mobilizon.Actors.Actor
|
alias Mobilizon.Actors.Actor
|
||||||
|
alias Mobilizon.Config
|
||||||
alias Mobilizon.Events.{Event, EventParticipantStats}
|
alias Mobilizon.Events.{Event, EventParticipantStats}
|
||||||
alias Mobilizon.Users.User
|
alias Mobilizon.Users.User
|
||||||
|
|
||||||
@ -44,16 +45,31 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
|
|||||||
{:error, "Event with UUID #{uuid} not found"}
|
{:error, "Event with UUID #{uuid} not found"}
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_event(parent, %{uuid: uuid} = args, resolution) do
|
def find_event(parent, %{uuid: uuid} = args, %{context: context} = resolution) do
|
||||||
case {:has_event, Events.get_public_event_by_uuid_with_preload(uuid)} do
|
require Logger
|
||||||
{:has_event, %Event{} = event} ->
|
Logger.error(inspect(context))
|
||||||
{:ok, Map.put(event, :organizer_actor, Person.proxify_pictures(event.organizer_actor))}
|
|
||||||
|
|
||||||
|
with {:has_event, %Event{} = event} <-
|
||||||
|
{:has_event, Events.get_public_event_by_uuid_with_preload(uuid)},
|
||||||
|
{:access_valid, true} <-
|
||||||
|
{:access_valid, Map.has_key?(context, :current_user) || check_event_access(event)} do
|
||||||
|
{:ok, Map.put(event, :organizer_actor, Person.proxify_pictures(event.organizer_actor))}
|
||||||
|
else
|
||||||
{:has_event, _} ->
|
{:has_event, _} ->
|
||||||
find_private_event(parent, args, resolution)
|
find_private_event(parent, args, resolution)
|
||||||
|
|
||||||
|
{:access_valid, _} ->
|
||||||
|
{:error, "Event with UUID #{uuid} not found"}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_event_access(%Event{local: true}), do: true
|
||||||
|
|
||||||
|
def check_event_access(%Event{url: url}) do
|
||||||
|
relay_actor_id = Config.relay_actor_id()
|
||||||
|
Events.check_if_event_has_instance_follow(url, relay_actor_id)
|
||||||
|
end
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
List participants for event (through an event request)
|
List participants for event (through an event request)
|
||||||
"""
|
"""
|
||||||
|
@ -140,6 +140,7 @@ defmodule Mobilizon.Config do
|
|||||||
]
|
]
|
||||||
|
|
||||||
def anonymous_actor_id, do: get_cached_value(:anonymous_actor_id)
|
def anonymous_actor_id, do: get_cached_value(:anonymous_actor_id)
|
||||||
|
def relay_actor_id, do: get_cached_value(:relay_actor_id)
|
||||||
|
|
||||||
@spec get(module | atom) :: any
|
@spec get(module | atom) :: any
|
||||||
def get(key), do: get(key, nil)
|
def get(key), do: get(key, nil)
|
||||||
@ -202,6 +203,13 @@ defmodule Mobilizon.Config do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@spec create_cache(atom()) :: integer()
|
||||||
|
defp create_cache(:relay_actor_id) do
|
||||||
|
with {:ok, %Actor{id: actor_id}} <- Actors.get_or_create_internal_actor("relay") do
|
||||||
|
actor_id
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def clear_config_cache do
|
def clear_config_cache do
|
||||||
Cachex.clear(:config)
|
Cachex.clear(:config)
|
||||||
end
|
end
|
||||||
|
@ -12,7 +12,7 @@ defmodule Mobilizon.Events do
|
|||||||
|
|
||||||
alias Ecto.{Changeset, Multi}
|
alias Ecto.{Changeset, Multi}
|
||||||
|
|
||||||
alias Mobilizon.Actors.Actor
|
alias Mobilizon.Actors.{Actor, Follower}
|
||||||
alias Mobilizon.Addresses.Address
|
alias Mobilizon.Addresses.Address
|
||||||
|
|
||||||
alias Mobilizon.Events.{
|
alias Mobilizon.Events.{
|
||||||
@ -28,6 +28,7 @@ defmodule Mobilizon.Events do
|
|||||||
}
|
}
|
||||||
|
|
||||||
alias Mobilizon.Service.Workers
|
alias Mobilizon.Service.Workers
|
||||||
|
alias Mobilizon.Share
|
||||||
alias Mobilizon.Storage.{Page, Repo}
|
alias Mobilizon.Storage.{Page, Repo}
|
||||||
alias Mobilizon.Users.User
|
alias Mobilizon.Users.User
|
||||||
|
|
||||||
@ -228,6 +229,14 @@ defmodule Mobilizon.Events do
|
|||||||
|> Repo.one()
|
|> Repo.one()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@spec check_if_event_has_instance_follow(String.t(), integer()) :: boolean()
|
||||||
|
def check_if_event_has_instance_follow(event_uri, follower_actor_id) do
|
||||||
|
Share
|
||||||
|
|> join(:inner, [s], f in Follower, on: f.target_actor_id == s.actor_id)
|
||||||
|
|> where([s, f], f.actor_id == ^follower_actor_id and s.uri == ^event_uri)
|
||||||
|
|> Repo.exists?()
|
||||||
|
end
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
Gets an event by its UUID, with all associations loaded.
|
Gets an event by its UUID, with all associations loaded.
|
||||||
"""
|
"""
|
||||||
@ -379,6 +388,7 @@ defmodule Mobilizon.Events do
|
|||||||
|> filter_future_events(is_future)
|
|> filter_future_events(is_future)
|
||||||
|> filter_unlisted(is_unlisted)
|
|> filter_unlisted(is_unlisted)
|
||||||
|> filter_draft()
|
|> filter_draft()
|
||||||
|
|> filter_local_or_from_followed_instances_events()
|
||||||
|> Repo.all()
|
|> Repo.all()
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -461,6 +471,7 @@ defmodule Mobilizon.Events do
|
|||||||
name
|
name
|
||||||
|> normalize_search_string()
|
|> normalize_search_string()
|
||||||
|> events_for_search_query()
|
|> events_for_search_query()
|
||||||
|
|> filter_local_or_from_followed_instances_events()
|
||||||
|> Page.build_page(page, limit)
|
|> Page.build_page(page, limit)
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -1757,6 +1768,14 @@ defmodule Mobilizon.Events do
|
|||||||
|
|
||||||
defp filter_future_events(query, false), do: query
|
defp filter_future_events(query, false), do: query
|
||||||
|
|
||||||
|
defp filter_local_or_from_followed_instances_events(query) do
|
||||||
|
from(q in query,
|
||||||
|
left_join: s in Share,
|
||||||
|
on: s.uri == q.url,
|
||||||
|
where: q.local == true or not is_nil(s.uri)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
@spec filter_unlisted(Ecto.Query.t(), boolean) :: Ecto.Query.t()
|
@spec filter_unlisted(Ecto.Query.t(), boolean) :: Ecto.Query.t()
|
||||||
defp filter_unlisted(query, true) do
|
defp filter_unlisted(query, true) do
|
||||||
from(q in query, where: q.visibility in ^@public_visibility)
|
from(q in query, where: q.visibility in ^@public_visibility)
|
||||||
|
Loading…
Reference in New Issue
Block a user