From c36bca1adb6e22da56937cc15bedd8fc76fb2fb8 Mon Sep 17 00:00:00 2001
From: Jeremy Dormitzer <jeremy.dormitzer@gmail.com>
Date: Sat, 19 Jan 2019 17:22:58 -0500
Subject: [PATCH] Allow public access to objects with no defined audience

---
 src/Controllers/GetObjectController.php      | 13 ++++++++++
 test/Controllers/GetObjectControllerTest.php | 27 ++++++++++++++++++--
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/src/Controllers/GetObjectController.php b/src/Controllers/GetObjectController.php
index 2b647e0..3ffd0ca 100644
--- a/src/Controllers/GetObjectController.php
+++ b/src/Controllers/GetObjectController.php
@@ -48,6 +48,9 @@ class GetObjectController
     private function requestAuthorizedToView( Request $request,
                                               ActivityPubObject $object )
     {
+        if ( ! $this->hasAudience( $object ) ) {
+            return true;
+        }
         $audience = $this->getAudience( $object );
         if ( in_array( 'https://www.w3.org/ns/activitystreams#Public', $audience ) ) {
             return true;
@@ -56,6 +59,16 @@ class GetObjectController
             in_array( $request->attributes->get( 'actor' ), $audience );
     }
 
+    public function hasAudience( ActivityPubObject $object )
+    {
+        $arr = $object->asArray( 0 );
+        return array_key_exists( 'audience', $arr ) ||
+            array_key_exists( 'to', $arr ) ||
+            array_key_exists( 'bto', $arr ) ||
+            array_key_exists( 'cc', $arr ) ||
+            array_key_exists( 'bcc', $arr );
+    }
+
     /**
      * Returns an array of all of the $object's audience actors, i.e.
      * the contents of the to, bto, cc, bcc, and audience fields, as
diff --git a/test/Controllers/GetObjectControllerTest.php b/test/Controllers/GetObjectControllerTest.php
index 106b793..afc7af4 100644
--- a/test/Controllers/GetObjectControllerTest.php
+++ b/test/Controllers/GetObjectControllerTest.php
@@ -23,9 +23,9 @@ class GetObjectControllerTest extends TestCase
             'type' => 'Create',
         ),
         'https://example.com/objects/2' => array(
-            'id' => 'https://example.com/objects/1',
+            'id' => 'https://example.com/objects/2',
             'object' => array(
-                'id' => 'https://example.com/objects/2',
+                'id' => 'https://example.com/objects/3',
                 'type' => 'Note',
             ),
             'to' => array( 'https://example.com/actor/1' ),
@@ -34,6 +34,17 @@ class GetObjectControllerTest extends TestCase
                 'id' => 'https://example.com/actor/2',
             ),
         ),
+        'https://example.com/objects/3' => array(
+            'id' => 'https://example.com/objects/3',
+            'object' => array(
+                'id' => 'https://example.com/objects/2',
+                'type' => 'Note',
+            ),
+            'type' => 'Collection',
+            'actor' => array(
+                'id' => 'https://example.com/actor/2',
+            ),
+        ),
     );
 
     private $getObjectController;
@@ -115,5 +126,17 @@ class GetObjectControllerTest extends TestCase
         );
         $this->assertEquals( 'application/json', $response->headers->get( 'Content-Type' ) );
     }
+
+    public function testItAllowsAccessToNoAudienceObject()
+    {
+        $request = Request::create( 'https://example.com/objects/3' );
+        $response = $this->getObjectController->handle( $request );
+        $this->assertNotNull( $response );
+        $this->assertEquals(
+            json_encode( self::OBJECTS['https://example.com/objects/3'] ),
+            $response->getContent()
+        );
+        $this->assertEquals( 'application/json', $response->headers->get( 'Content-Type' ) );
+    }
 }
 ?>