Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices

Let's decide whether they are nonpublic by testing them when the notice is shown instead.
2016-03-02 12:18:16 +01:00 · 2016-03-02 12:18:16 +01:00 · 9534969c05
commit 9534969c05
parent a3b2118906
3 changed files with 15 additions and 12 deletions
--- a/classes/Notice.php
+++ b/classes/Notice.php
@ -508,11 +508,7 @@ class Notice extends Managed_DataObject
        $notice->profile_id = $profile_id;

        $autosource = common_config('public', 'autosource');
-
-        // Sandboxed are non-false, but not 1, either
-
-        if (!$profile->hasRight(Right::PUBLICNOTICE) ||
-            ($source && $autosource && in_array($source, $autosource))) {
+        if ($source && $autosource && in_array($source, $autosource)) {
            $notice->is_local = Notice::LOCAL_NONPUBLIC;
        } else {
            $notice->is_local = $is_local;
@ -822,12 +818,13 @@ class Notice extends Managed_DataObject
            }
        }

-        $autosource = common_config('public', 'autosource');
+        // NOTE: Sandboxed users previously got all the notices _during_
+        // sandbox period set to to is_local=Notice::LOCAL_NONPUBLIC here.
+        // Since then we have started just filtering _when_ it gets shown
+        // instead of creating a mixed jumble of differently scoped notices.

-        // Sandboxed are non-false, but not 1, either
-        if (!$actor->hasRight(Right::PUBLICNOTICE) ||
-                ($source && $autosource && in_array($source, $autosource))) {
-            // FIXME: ...what about remote nonpublic? Hmmm. That is, if we sandbox remote profiles...
+        $autosource = common_config('public', 'autosource');
+        if ($source && $autosource && in_array($source, $autosource)) {
            $stored->is_local = Notice::LOCAL_NONPUBLIC;
        } else {
            $stored->is_local = intval($is_local);
--- a/lib/filteringnoticestream.php
+++ b/lib/filteringnoticestream.php
@ -54,6 +54,9 @@ abstract class FilteringNoticeStream extends NoticeStream
        $this->upstream = $upstream;
    }

+    /**
+     * @return boolean  true if we allow it, false if we deny it
+     */
    abstract protected function filter(Notice $notice);

    function getNoticeIds($offset, $limit, $since_id, $max_id)
--- a/lib/moderatednoticestream.php
+++ b/lib/moderatednoticestream.php
@ -28,8 +28,11 @@ class ModeratedNoticeStream extends ScopingNoticeStream

        // If the notice author is sandboxed
        if ($notice->getProfile()->isSandboxed()) {
-            // and we're either not logged in OR we aren't some kind of privileged user that can see spam etc.
-            if (!$this->scoped instanceof Profile || !$this->scoped->hasRight(Right::REVIEWSPAM)) {
+            if (!$this->scoped instanceof Profile) {
+                // Non-logged in users don't get to see posts by sandboxed users
+                return false;
+            } elseif (!$notice->getProfile()->sameAs($this->scoped) && !$this->scoped->hasRight(Right::REVIEWSPAM)) {
+                // And if we are logged in, deny if scoped user is neither the author nor has the right to review spam
                return false;
            }
        }