Ensure quoted user is given access to see the post (#35665)

2025-09-05 17:31:12 +00:00 · 2025-08-04 18:06:59 +02:00 · 2025-08-04 18:06:59 +02:00 · cb0b608fa7
commit cb0b608fa7
parent 32791c9745
3 changed files with 10 additions and 7 deletions
--- a/app/lib/activitypub/activity/quote_request.rb
+++ b/app/lib/activitypub/activity/quote_request.rb
@ -27,6 +27,7 @@ class ActivityPub::Activity::QuoteRequest < ActivityPub::Activity
    # Sanity check
    return unless status.quote.quoted_status == quoted_status

+    status.quote.ensure_quoted_access
    status.quote.update!(activity_uri: @json['id'])
    status.quote.accept!

--- a/app/models/quote.rb
+++ b/app/models/quote.rb
@ -56,6 +56,12 @@ class Quote < ApplicationRecord
    accepted? || !legacy?
  end

+  def ensure_quoted_access
+    status.mentions.create!(account: quoted_account, silent: true)
+  rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotUnique
+    nil
+  end
+
  def schedule_refresh_if_stale!
    return unless quoted_status_id.present? && approval_uri.present? && updated_at <= BACKGROUND_REFRESH_INTERVAL.ago

--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@ -93,14 +93,10 @@ class PostStatusService < BaseService
  def attach_quote!(status)
    return if @quoted_status.nil?

-    # NOTE: for now this is only for convenience in testing, as we don't support the request flow nor serialize quotes in ActivityPub
-    # we only support incoming quotes so far
-
    status.quote = Quote.create(quoted_status: @quoted_status, status: status)
-    if @quoted_status.local? && StatusPolicy.new(@status.account, @quoted_status).quote?
-      # TODO: produce a QuoteAuthorization
-      status.quote.accept!
-    end
+    status.quote.ensure_quoted_access
+
+    status.quote.accept! if @quoted_status.local? && StatusPolicy.new(@status.account, @quoted_status).quote?
  end

  def safeguard_mentions!(status)