From 32b1c3de0ed4a438c87aa96bee99fd22d291f910 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 1 Feb 2024 09:55:27 +0000 Subject: [PATCH 1/4] fix: Hide reactions of all remote users https://github.com/misskey-dev/misskey/issues/12964 --- .../src/core/entities/UserEntityService.ts | 2 +- .../src/server/api/endpoints/users/reactions.ts | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/core/entities/UserEntityService.ts b/packages/backend/src/core/entities/UserEntityService.ts index a09369409b3f..9d73dc607de8 100644 --- a/packages/backend/src/core/entities/UserEntityService.ts +++ b/packages/backend/src/core/entities/UserEntityService.ts @@ -409,7 +409,7 @@ export class UserEntityService implements OnModuleInit { }), pinnedPageId: profile!.pinnedPageId, pinnedPage: profile!.pinnedPageId ? this.pageEntityService.pack(profile!.pinnedPageId, me) : null, - publicReactions: profile!.publicReactions, + publicReactions: this.isLocalUser(user) ? profile!.publicReactions : false, // https://github.com/misskey-dev/misskey/issues/12964 followersVisibility: profile!.followersVisibility, followingVisibility: profile!.followingVisibility, twoFactorEnabled: profile!.twoFactorEnabled, diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts index 372ab80c4c64..9404fb944766 100644 --- a/packages/backend/src/server/api/endpoints/users/reactions.ts +++ b/packages/backend/src/server/api/endpoints/users/reactions.ts @@ -9,6 +9,8 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import { QueryService } from '@/core/QueryService.js'; import { NoteReactionEntityService } from '@/core/entities/NoteReactionEntityService.js'; import { DI } from '@/di-symbols.js'; +import { CacheService } from '@/core/CacheService.js'; +import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { ApiError } from '../../error.js'; export const meta = { @@ -34,6 +36,11 @@ export const meta = { code: 'REACTIONS_NOT_PUBLIC', id: '673a7dd2-6924-1093-e0c0-e68456ceae5c', }, + isRemoteUser: { + message: 'Currently unavailable to display reactions of remote users. See https://github.com/misskey-dev/misskey/issues/12964', + code: 'IS_REMOTE_USER', + id: '6b95fa98-8cf9-2350-e284-f0ffdb54a805', + }, }, } as const; @@ -59,12 +66,18 @@ export default class extends Endpoint { // eslint- @Inject(DI.noteReactionsRepository) private noteReactionsRepository: NoteReactionsRepository, + private cacheService: CacheService, + private userEntityService: UserEntityService, private noteReactionEntityService: NoteReactionEntityService, private queryService: QueryService, ) { super(meta, paramDef, async (ps, me) => { - const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId }); + const user = await this.cacheService.findUserById(ps.userId); + if (this.userEntityService.isRemoteUser(user)) { + throw new ApiError(meta.errors.isRemoteUser); + } + const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId }); if ((me == null || me.id !== ps.userId) && !profile.publicReactions) { throw new ApiError(meta.errors.reactionsNotPublic); } From 701a1b7ad2cf0293b01bcc698d83a967f29b63d1 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 1 Feb 2024 10:13:00 +0000 Subject: [PATCH 2/4] feat: Moderators can see reactions of all users https://github.com/misskey-dev/misskey/issues/13127 --- .../server/api/endpoints/users/reactions.ts | 19 ++++++++++++------- packages/frontend/src/pages/user/index.vue | 2 +- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts index 9404fb944766..ce3ff2df9173 100644 --- a/packages/backend/src/server/api/endpoints/users/reactions.ts +++ b/packages/backend/src/server/api/endpoints/users/reactions.ts @@ -12,6 +12,7 @@ import { DI } from '@/di-symbols.js'; import { CacheService } from '@/core/CacheService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { ApiError } from '../../error.js'; +import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['users', 'reactions'], @@ -70,16 +71,20 @@ export default class extends Endpoint { // eslint- private userEntityService: UserEntityService, private noteReactionEntityService: NoteReactionEntityService, private queryService: QueryService, + private roleService: RoleService, ) { super(meta, paramDef, async (ps, me) => { - const user = await this.cacheService.findUserById(ps.userId); - if (this.userEntityService.isRemoteUser(user)) { - throw new ApiError(meta.errors.isRemoteUser); - } + const iAmModerator = await this.roleService.isModerator(me); // Moderators can see reactions of all users + if (!iAmModerator) { + const user = await this.cacheService.findUserById(ps.userId); + if (this.userEntityService.isRemoteUser(user)) { + throw new ApiError(meta.errors.isRemoteUser); + } - const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId }); - if ((me == null || me.id !== ps.userId) && !profile.publicReactions) { - throw new ApiError(meta.errors.reactionsNotPublic); + const profile = await this.userProfilesRepository.findOneByOrFail({ userId: ps.userId }); + if ((me == null || me.id !== ps.userId) && !profile.publicReactions) { + throw new ApiError(meta.errors.reactionsNotPublic); + } } const query = this.queryService.makePaginationQuery(this.noteReactionsRepository.createQueryBuilder('reaction'), diff --git a/packages/frontend/src/pages/user/index.vue b/packages/frontend/src/pages/user/index.vue index 603f1bef33b0..e3fbc4f411e2 100644 --- a/packages/frontend/src/pages/user/index.vue +++ b/packages/frontend/src/pages/user/index.vue @@ -96,7 +96,7 @@ const headerTabs = computed(() => user.value ? [{ key: 'achievements', title: i18n.ts.achievements, icon: 'ti ti-medal', -}] : []), ...($i && ($i.id === user.value.id)) || user.value.publicReactions ? [{ +}] : []), ...($i && ($i.id === user.value.id || $i.isAdmin || $i.isModerator)) || user.value.publicReactions ? [{ key: 'reactions', title: i18n.ts.reaction, icon: 'ti ti-mood-happy', From 7a778a0d1adf3a1254b3251763cde35ad7d615e7 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 1 Feb 2024 10:15:38 +0000 Subject: [PATCH 3/4] modify CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9bfb12d25e52..0494f3db00e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,9 @@ - Feat: [mCaptcha](https://github.com/mCaptcha/mCaptcha)のサポートを追加 - Fix: リストライムラインの「リノートを表示」が正しく機能しない問題を修正 - Feat: Add support for TrueMail +- Fix: リモートユーザーのリアクション一覧がすべて見えてしまうのを修正 + * すべてのリモートユーザーのリアクション一覧を見えないようにします +- Enhance: モデレーターはすべてのユーザーのリアクション一覧を見られるように ### Client - Feat: 新しいゲームを追加 From 32444345c241ae46ded0c62d93a8bdf2289c9144 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 1 Feb 2024 10:21:18 +0000 Subject: [PATCH 4/4] fix iAmModerator --- packages/backend/src/server/api/endpoints/users/reactions.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts index ce3ff2df9173..69a842dbfbc3 100644 --- a/packages/backend/src/server/api/endpoints/users/reactions.ts +++ b/packages/backend/src/server/api/endpoints/users/reactions.ts @@ -11,8 +11,8 @@ import { NoteReactionEntityService } from '@/core/entities/NoteReactionEntitySer import { DI } from '@/di-symbols.js'; import { CacheService } from '@/core/CacheService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { ApiError } from '../../error.js'; import { RoleService } from '@/core/RoleService.js'; +import { ApiError } from '../../error.js'; export const meta = { tags: ['users', 'reactions'], @@ -74,7 +74,7 @@ export default class extends Endpoint { // eslint- private roleService: RoleService, ) { super(meta, paramDef, async (ps, me) => { - const iAmModerator = await this.roleService.isModerator(me); // Moderators can see reactions of all users + const iAmModerator = me ? await this.roleService.isModerator(me) : false; // Moderators can see reactions of all users if (!iAmModerator) { const user = await this.cacheService.findUserById(ps.userId); if (this.userEntityService.isRemoteUser(user)) {