mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-31 11:42:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] Only allow boosting post from non-interaction-policy-aware instance if public or unlisted (#3396)

Browse source
This commit is contained in:
tobi 2024-10-05 19:15:02 +02:00 committed by GitHub
commit c023bd30f3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
internal/filter/interaction/interactable.go
View file

@ -306,7 +306,7 @@ func (f *Filter) StatusBoostable(
status.InteractionPolicy.CanAnnounce, status.InteractionPolicy.CanAnnounce,
) )
// If status is local and has no policy set, // If status has no policy set but it's local,
// check against the default policy for this // check against the default policy for this
// visibility, as we're interaction-policy aware. // visibility, as we're interaction-policy aware.
case *status.Local: case *status.Local:
@ -318,13 +318,21 @@ func (f *Filter) StatusBoostable(
policy.CanAnnounce, policy.CanAnnounce,
) )
// Otherwise, assume the status is from an // Status is from an instance that does not use
// instance that does not use / does not care // or does not care about interaction policies.
// about interaction policies, and just return OK. // We can boost it if it's unlisted or public.
default: case status.Visibility == gtsmodel.VisibilityPublic ||
status.Visibility == gtsmodel.VisibilityUnlocked:
return &gtsmodel.PolicyCheckResult{ return &gtsmodel.PolicyCheckResult{
Permission: gtsmodel.PolicyPermissionPermitted, Permission: gtsmodel.PolicyPermissionPermitted,
}, nil }, nil
// Not permitted by any of the
// above checks, so it's forbidden.
default:
return &gtsmodel.PolicyCheckResult{
Permission: gtsmodel.PolicyPermissionForbidden,
}, nil
} }
} }