From 9265a09a656196e2a94c73e32c7b79399411a79e Mon Sep 17 00:00:00 2001
From: Adelie Paull <1208865+i-am-a-paull@users.noreply.github.com>
Date: Mon, 2 May 2022 09:23:37 -0400
Subject: [bugfix] Allow self-boosting for any visibility but direct (#510)

* create visibility filter for boostability and allow self-boosting for any visbility but direct messages

* add a followers-only status to local_account_2

* fix typo in comment

* add license header, unwrap errors, be explicit about non-boostable visibility settings to avoid rogue boosting from miscoded clients, use ID compare for checking if self-boosting

* add tests for statusboostable filter

* fix tests that were affected by adding a new status to the test data

* fix the rest of tests affected by adding a status to the textrig data
---
 internal/visibility/filter.go               |   5 +
 internal/visibility/statusboostable.go      |  65 ++++++++++++
 internal/visibility/statusboostable_test.go | 155 ++++++++++++++++++++++++++++
 3 files changed, 225 insertions(+)
 create mode 100644 internal/visibility/statusboostable.go
 create mode 100644 internal/visibility/statusboostable_test.go

(limited to 'internal/visibility')

diff --git a/internal/visibility/filter.go b/internal/visibility/filter.go
index c8cd13681..3455b11b1 100644
--- a/internal/visibility/filter.go
+++ b/internal/visibility/filter.go
@@ -45,6 +45,11 @@ type Filter interface {
 	//
 	// This function will call StatusVisible internally, so it's not necessary to call it beforehand.
 	StatusPublictimelineable(ctx context.Context, targetStatus *gtsmodel.Status, timelineOwnerAccount *gtsmodel.Account) (bool, error)
+
+	// StatusBoostable returns true if targetStatus can be boosted by the requesting account.
+	//
+	// this function will call StatusVisible internally so it's not necessary to call it beforehand.
+	StatusBoostable(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error)
 }
 
 type filter struct {
diff --git a/internal/visibility/statusboostable.go b/internal/visibility/statusboostable.go
new file mode 100644
index 000000000..9eed9e3e9
--- /dev/null
+++ b/internal/visibility/statusboostable.go
@@ -0,0 +1,65 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package visibility
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+func (f *filter) StatusBoostable(ctx context.Context, targetStatus *gtsmodel.Status, requestingAccount *gtsmodel.Account) (bool, error) {
+	l := logrus.WithFields(logrus.Fields{
+		"func": "StatusBoostable",
+	})
+
+	// if the status isn't visible, it certainly isn't boostable
+	visible, err := f.StatusVisible(ctx, targetStatus, requestingAccount)
+	if err != nil {
+		return false, fmt.Errorf("error seeing if status %s is visible: %s", targetStatus.ID, err)
+	}
+	if !visible {
+		return false, errors.New("status is not visible")
+	}
+
+	// direct messages are never boostable, even if they're visible
+	if targetStatus.Visibility == gtsmodel.VisibilityDirect {
+		l.Trace("status is not boostable because it is a DM")
+		return false, nil
+	}
+
+	// the original account should always be able to boost its own non-DM statuses
+	if requestingAccount.ID == targetStatus.Account.ID {
+		l.Trace("status is boostable because author is booster")
+		return true, nil
+	}
+
+	// if status is followers-only and not the author's, it is not boostable
+	if targetStatus.Visibility == gtsmodel.VisibilityFollowersOnly {
+		l.Trace("status not boostable because it is followers-only")
+		return false, nil
+	}
+
+	// otherwise, status is as boostable as it says it is
+	l.Trace("defaulting to status.boostable value")
+	return targetStatus.Boostable, nil
+}
diff --git a/internal/visibility/statusboostable_test.go b/internal/visibility/statusboostable_test.go
new file mode 100644
index 000000000..f39467676
--- /dev/null
+++ b/internal/visibility/statusboostable_test.go
@@ -0,0 +1,155 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package visibility_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type StatusBoostableTestSuite struct {
+	FilterStandardTestSuite
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnPublicBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_1"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnUnlockedBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_2"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyNonInteractiveBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_3"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_4"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnFollowersOnlyBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_5"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOwnDirectNotBoostable() {
+	testStatus := suite.testStatuses["local_account_2_status_6"]
+	testAccount := suite.testAccounts["local_account_2"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherPublicBoostable() {
+	testStatus := suite.testStatuses["local_account_2_status_1"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherUnlistedBoostable() {
+	testStatus := suite.testStatuses["local_account_1_status_2"]
+	testAccount := suite.testAccounts["local_account_2"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.True(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherFollowersOnlyNotBoostable() {
+	testStatus := suite.testStatuses["local_account_2_status_7"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestOtherDirectNotBoostable() {
+	testStatus := suite.testStatuses["local_account_2_status_6"]
+	testAccount := suite.testAccounts["local_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.NoError(err)
+
+	suite.False(boostable)
+}
+
+func (suite *StatusBoostableTestSuite) TestRemoteFollowersOnlyNotVisibleError() {
+	testStatus := suite.testStatuses["local_account_1_status_5"]
+	testAccount := suite.testAccounts["remote_account_1"]
+	ctx := context.Background()
+
+	boostable, err := suite.filter.StatusBoostable(ctx, testStatus, testAccount)
+	suite.Assert().Error(err)
+
+	suite.False(boostable)
+}
+
+func TestStatusBoostableTestSuite(t *testing.T) {
+	suite.Run(t, new(StatusBoostableTestSuite))
+}
-- 
cgit v1.3