Allow public access to objects with no defined audience

2019-01-19 17:22:58 -05:00 · 2019-01-19 17:22:58 -05:00 · c36bca1adb
commit c36bca1adb
parent e927d88c23
2 changed files with 38 additions and 2 deletions
--- a/src/Controllers/GetObjectController.php
+++ b/src/Controllers/GetObjectController.php
@ -48,6 +48,9 @@ class GetObjectController
    private function requestAuthorizedToView( Request $request,
                                              ActivityPubObject $object )
    {
+        if ( ! $this->hasAudience( $object ) ) {
+            return true;
+        }
        $audience = $this->getAudience( $object );
        if ( in_array( 'https://www.w3.org/ns/activitystreams#Public', $audience ) ) {
            return true;
@ -56,6 +59,16 @@ class GetObjectController
            in_array( $request->attributes->get( 'actor' ), $audience );
    }

+    public function hasAudience( ActivityPubObject $object )
+    {
+        $arr = $object->asArray( 0 );
+        return array_key_exists( 'audience', $arr ) ||
+            array_key_exists( 'to', $arr ) ||
+            array_key_exists( 'bto', $arr ) ||
+            array_key_exists( 'cc', $arr ) ||
+            array_key_exists( 'bcc', $arr );
+    }
+
    /**
     * Returns an array of all of the $object's audience actors, i.e.
     * the contents of the to, bto, cc, bcc, and audience fields, as
--- a/test/Controllers/GetObjectControllerTest.php
+++ b/test/Controllers/GetObjectControllerTest.php
@ -23,9 +23,9 @@ class GetObjectControllerTest extends TestCase
            'type' => 'Create',
        ),
        'https://example.com/objects/2' => array(
-            'id' => 'https://example.com/objects/1',
+            'id' => 'https://example.com/objects/2',
            'object' => array(
-                'id' => 'https://example.com/objects/2',
+                'id' => 'https://example.com/objects/3',
                'type' => 'Note',
            ),
            'to' => array( 'https://example.com/actor/1' ),
@ -34,6 +34,17 @@ class GetObjectControllerTest extends TestCase
                'id' => 'https://example.com/actor/2',
            ),
        ),
+        'https://example.com/objects/3' => array(
+            'id' => 'https://example.com/objects/3',
+            'object' => array(
+                'id' => 'https://example.com/objects/2',
+                'type' => 'Note',
+            ),
+            'type' => 'Collection',
+            'actor' => array(
+                'id' => 'https://example.com/actor/2',
+            ),
+        ),
    );

    private $getObjectController;
@ -115,5 +126,17 @@ class GetObjectControllerTest extends TestCase
        );
        $this->assertEquals( 'application/json', $response->headers->get( 'Content-Type' ) );
    }
+
+    public function testItAllowsAccessToNoAudienceObject()
+    {
+        $request = Request::create( 'https://example.com/objects/3' );
+        $response = $this->getObjectController->handle( $request );
+        $this->assertNotNull( $response );
+        $this->assertEquals(
+            json_encode( self::OBJECTS['https://example.com/objects/3'] ),
+            $response->getContent()
+        );
+        $this->assertEquals( 'application/json', $response->headers->get( 'Content-Type' ) );
+    }
 }
 ?>