hide users that can not publish posts

fixes #230
This commit is contained in:
Matthias Pfefferle 2022-12-27 14:03:10 +01:00
parent 7d5b8e7a82
commit 9acd0732d4
6 changed files with 46 additions and 5 deletions

View file

@ -38,6 +38,11 @@ class Activitypub {
return $template; return $template;
} }
// check if user can publish posts
if ( \is_author() && ! user_can( \get_the_author_meta( 'ID' ), 'publish_posts' ) ) {
return $template;
}
if ( \is_author() ) { if ( \is_author() ) {
$json_template = \dirname( __FILE__ ) . '/../templates/author-json.php'; $json_template = \dirname( __FILE__ ) . '/../templates/author-json.php';
} elseif ( \is_singular() ) { } elseif ( \is_singular() ) {

View file

@ -101,6 +101,9 @@ class Followers {
$params['user_id'] = array( $params['user_id'] = array(
'required' => true, 'required' => true,
'type' => 'integer', 'type' => 'integer',
'validate_callback' => function( $param, $request, $key ) {
return user_can( $param, 'publish_posts' );
},
); );
return $params; return $params;

View file

@ -99,6 +99,9 @@ class Following {
$params['user_id'] = array( $params['user_id'] = array(
'required' => true, 'required' => true,
'type' => 'integer', 'type' => 'integer',
'validate_callback' => function( $param, $request, $key ) {
return user_can( $param, 'publish_posts' );
},
); );
return $params; return $params;

View file

@ -33,7 +33,7 @@ class Inbox {
array( array(
'methods' => \WP_REST_Server::EDITABLE, 'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'shared_inbox_post' ), 'callback' => array( '\Activitypub\Rest\Inbox', 'shared_inbox_post' ),
'args' => self::shared_inbox_request_parameters(), 'args' => self::shared_inbox_post_parameters(),
'permission_callback' => '__return_true', 'permission_callback' => '__return_true',
), ),
) )
@ -46,12 +46,13 @@ class Inbox {
array( array(
'methods' => \WP_REST_Server::EDITABLE, 'methods' => \WP_REST_Server::EDITABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_post' ), 'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_post' ),
'args' => self::user_inbox_request_parameters(), 'args' => self::user_inbox_post_parameters(),
'permission_callback' => '__return_true', 'permission_callback' => '__return_true',
), ),
array( array(
'methods' => \WP_REST_Server::READABLE, 'methods' => \WP_REST_Server::READABLE,
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_get' ), 'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_get' ),
'args' => self::user_inbox_get_parameters(),
'permission_callback' => '__return_true', 'permission_callback' => '__return_true',
), ),
) )
@ -195,7 +196,7 @@ class Inbox {
* *
* @return array list of parameters * @return array list of parameters
*/ */
public static function user_inbox_request_parameters() { public static function user_inbox_get_parameters() {
$params = array(); $params = array();
$params['page'] = array( $params['page'] = array(
@ -205,6 +206,32 @@ class Inbox {
$params['user_id'] = array( $params['user_id'] = array(
'required' => true, 'required' => true,
'type' => 'integer', 'type' => 'integer',
'validate_callback' => function( $param, $request, $key ) {
return user_can( $param, 'publish_posts' );
},
);
return $params;
}
/**
* The supported parameters
*
* @return array list of parameters
*/
public static function user_inbox_post_parameters() {
$params = array();
$params['page'] = array(
'type' => 'integer',
);
$params['user_id'] = array(
'required' => true,
'type' => 'integer',
'validate_callback' => function( $param, $request, $key ) {
return user_can( $param, 'publish_posts' );
},
); );
$params['id'] = array( $params['id'] = array(
@ -243,7 +270,7 @@ class Inbox {
* *
* @return array list of parameters * @return array list of parameters
*/ */
public static function shared_inbox_request_parameters() { public static function shared_inbox_post_parameters() {
$params = array(); $params = array();
$params['page'] = array( $params['page'] = array(

View file

@ -138,6 +138,9 @@ class Outbox {
$params['user_id'] = array( $params['user_id'] = array(
'required' => true, 'required' => true,
'type' => 'integer', 'type' => 'integer',
'validate_callback' => function( $param, $request, $key ) {
return user_can( $param, 'publish_posts' );
},
); );
return $params; return $params;

View file

@ -59,7 +59,7 @@ class Webfinger {
$user = \get_user_by( 'login', \esc_sql( $resource_identifier ) ); $user = \get_user_by( 'login', \esc_sql( $resource_identifier ) );
if ( ! $user ) { if ( ! $user || ! user_can( $user, 'publish_posts' ) ) {
return new \WP_Error( 'activitypub_user_not_found', \__( 'User not found', 'activitypub' ), array( 'status' => 404 ) ); return new \WP_Error( 'activitypub_user_not_found', \__( 'User not found', 'activitypub' ), array( 'status' => 404 ) );
} }