diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts index 5cfbc2f1d..461a619dd 100644 --- a/server/controllers/activitypub/client.ts +++ b/server/controllers/activitypub/client.ts @@ -46,7 +46,7 @@ async function accountFollowersController (req: express.Request, res: express.Re const page = req.params.page || 1 const { start, count } = pageToStartAndCount(page, ACTIVITY_PUB.COLLECTION_ITEMS_PER_PAGE) - const result = await db.Account.listFollowerUrlsForApi(account.id, start, count) + const result = await db.Account.listAcceptedFollowerUrlsForApi(account.id, start, count) const activityPubResult = activityPubCollectionPagination(req.url, page, result) return res.json(activityPubResult) @@ -58,7 +58,7 @@ async function accountFollowingController (req: express.Request, res: express.Re const page = req.params.page || 1 const { start, count } = pageToStartAndCount(page, ACTIVITY_PUB.COLLECTION_ITEMS_PER_PAGE) - const result = await db.Account.listFollowingUrlsForApi(account.id, start, count) + const result = await db.Account.listAcceptedFollowingUrlsForApi(account.id, start, count) const activityPubResult = activityPubCollectionPagination(req.url, page, result) return res.json(activityPubResult) diff --git a/server/controllers/api/pods.ts b/server/controllers/api/pods.ts index f662f1c03..2231a05fa 100644 --- a/server/controllers/api/pods.ts +++ b/server/controllers/api/pods.ts @@ -11,6 +11,9 @@ import { setFollowingSort } from '../../middlewares/sort' import { followValidator } from '../../middlewares/validators/pods' import { followersSortValidator, followingSortValidator } from '../../middlewares/validators/sort' import { sendFollow } from '../../lib/activitypub/send-request' +import { authenticate } from '../../middlewares/oauth' +import { ensureUserHasRight } from '../../middlewares/user-right' +import { UserRight } from '../../../shared/models/users/user-right.enum' const podsRouter = express.Router() @@ -23,6 +26,8 @@ podsRouter.get('/following', ) podsRouter.post('/follow', + authenticate, + ensureUserHasRight(UserRight.MANAGE_PEERTUBE_FOLLOW), followValidator, setBodyHostsPort, asyncMiddleware(follow) diff --git a/server/lib/activitypub/send-request.ts b/server/lib/activitypub/send-request.ts index e6ef5f37a..c18a69784 100644 --- a/server/lib/activitypub/send-request.ts +++ b/server/lib/activitypub/send-request.ts @@ -85,7 +85,7 @@ export { // --------------------------------------------------------------------------- async function broadcastToFollowers (data: any, fromAccount: AccountInstance, t: Sequelize.Transaction) { - const result = await db.Account.listFollowerUrlsForApi(fromAccount.id, 0) + const result = await db.Account.listAcceptedFollowerUrlsForApi(fromAccount.id, 0) const jobPayload = { uris: result.data, diff --git a/server/models/account/account-interface.ts b/server/models/account/account-interface.ts index 73701f233..2468dc6e1 100644 --- a/server/models/account/account-interface.ts +++ b/server/models/account/account-interface.ts @@ -14,8 +14,8 @@ export namespace AccountMethods { export type LoadAccountByPodAndUUID = (uuid: string, podId: number, transaction: Sequelize.Transaction) => Bluebird export type LoadLocalAccountByNameAndPod = (name: string, host: string) => Bluebird export type ListOwned = () => Bluebird - export type ListFollowerUrlsForApi = (id: number, start: number, count?: number) => Promise< ResultList > - export type ListFollowingUrlsForApi = (id: number, start: number, count?: number) => Promise< ResultList > + export type ListAcceptedFollowerUrlsForApi = (id: number, start: number, count?: number) => Promise< ResultList > + export type ListAcceptedFollowingUrlsForApi = (id: number, start: number, count?: number) => Promise< ResultList > export type ListFollowingForApi = (id: number, start: number, count: number, sort: string) => Bluebird< ResultList > export type ListFollowersForApi = (id: number, start: number, count: number, sort: string) => Bluebird< ResultList > @@ -36,8 +36,8 @@ export interface AccountClass { loadByUrl: AccountMethods.LoadByUrl loadLocalAccountByNameAndPod: AccountMethods.LoadLocalAccountByNameAndPod listOwned: AccountMethods.ListOwned - listFollowerUrlsForApi: AccountMethods.ListFollowerUrlsForApi - listFollowingUrlsForApi: AccountMethods.ListFollowingUrlsForApi + listAcceptedFollowerUrlsForApi: AccountMethods.ListAcceptedFollowerUrlsForApi + listAcceptedFollowingUrlsForApi: AccountMethods.ListAcceptedFollowingUrlsForApi listFollowingForApi: AccountMethods.ListFollowingForApi listFollowersForApi: AccountMethods.ListFollowersForApi } diff --git a/server/models/account/account.ts b/server/models/account/account.ts index 7ce97b2fd..6ef29c8b7 100644 --- a/server/models/account/account.ts +++ b/server/models/account/account.ts @@ -33,8 +33,8 @@ let loadByUUID: AccountMethods.LoadByUUID let loadByUrl: AccountMethods.LoadByUrl let loadLocalAccountByNameAndPod: AccountMethods.LoadLocalAccountByNameAndPod let listOwned: AccountMethods.ListOwned -let listFollowerUrlsForApi: AccountMethods.ListFollowerUrlsForApi -let listFollowingUrlsForApi: AccountMethods.ListFollowingUrlsForApi +let listAcceptedFollowerUrlsForApi: AccountMethods.ListAcceptedFollowerUrlsForApi +let listAcceptedFollowingUrlsForApi: AccountMethods.ListAcceptedFollowingUrlsForApi let listFollowingForApi: AccountMethods.ListFollowingForApi let listFollowersForApi: AccountMethods.ListFollowersForApi let isOwned: AccountMethods.IsOwned @@ -201,8 +201,8 @@ export default function defineAccount (sequelize: Sequelize.Sequelize, DataTypes loadByUrl, loadLocalAccountByNameAndPod, listOwned, - listFollowerUrlsForApi, - listFollowingUrlsForApi, + listAcceptedFollowerUrlsForApi, + listAcceptedFollowingUrlsForApi, listFollowingForApi, listFollowersForApi ] @@ -365,12 +365,12 @@ listOwned = function () { return Account.findAll(query) } -listFollowerUrlsForApi = function (id: number, start: number, count?: number) { - return createListFollowForApiQuery('followers', id, start, count) +listAcceptedFollowerUrlsForApi = function (id: number, start: number, count?: number) { + return createListAcceptedFollowForApiQuery('followers', id, start, count) } -listFollowingUrlsForApi = function (id: number, start: number, count?: number) { - return createListFollowForApiQuery('following', id, start, count) +listAcceptedFollowingUrlsForApi = function (id: number, start: number, count?: number) { + return createListAcceptedFollowForApiQuery('following', id, start, count) } listFollowingForApi = function (id: number, start: number, count: number, sort: string) { @@ -506,7 +506,7 @@ loadAccountByPodAndUUID = function (uuid: string, podId: number, transaction: Se // ------------------------------ UTILS ------------------------------ -async function createListFollowForApiQuery (type: 'followers' | 'following', id: number, start: number, count?: number) { +async function createListAcceptedFollowForApiQuery (type: 'followers' | 'following', id: number, start: number, count?: number) { let firstJoin: string let secondJoin: string @@ -525,7 +525,7 @@ async function createListFollowForApiQuery (type: 'followers' | 'following', id: let query = 'SELECT ' + selection + ' FROM "Account" ' + 'INNER JOIN "AccountFollower" ON "AccountFollower"."' + firstJoin + '" = "Account"."id" ' + 'INNER JOIN "Account" AS "Follows" ON "Followers"."id" = "Follows"."' + secondJoin + '" ' + - 'WHERE "Account"."id" = $id ' + + 'WHERE "Account"."id" = $id AND "AccountFollower"."state" = \'accepted\' ' + 'LIMIT ' + start if (count !== undefined) query += ', ' + count diff --git a/shared/models/users/user-right.enum.ts b/shared/models/users/user-right.enum.ts index c8c710450..9d5ebbb16 100644 --- a/shared/models/users/user-right.enum.ts +++ b/shared/models/users/user-right.enum.ts @@ -1,9 +1,8 @@ export enum UserRight { ALL, MANAGE_USERS, - MANAGE_PODS, + MANAGE_PEERTUBE_FOLLOW, MANAGE_VIDEO_ABUSES, - MANAGE_REQUEST_SCHEDULERS, MANAGE_VIDEO_BLACKLIST, REMOVE_ANY_VIDEO, REMOVE_ANY_VIDEO_CHANNEL,