From 96da1fcb00512794245e88d31e5674014c9d55b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?KMY=EF=BC=88=E9=9B=AA=E3=81=82=E3=81=99=E3=81=8B=EF=BC=89?=
 <tt@kmycode.net>
Date: Mon, 22 Jan 2024 08:50:44 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=E3=83=89=E3=83=A1=E3=82=A4=E3=83=B3?=
 =?UTF-8?q?=E3=83=96=E3=83=AD=E3=83=83=E3=82=AF=E3=81=8COutbox=E3=81=AB?=
 =?UTF-8?q?=E3=81=8A=E3=81=84=E3=81=A6=E5=8B=95=E4=BD=9C=E3=81=97=E3=81=AA?=
 =?UTF-8?q?=E3=81=84=E5=95=8F=E9=A1=8C=20(#491)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/lib/account_statuses_filter.rb       |  7 ++-
 spec/lib/account_statuses_filter_spec.rb | 74 ++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 3 deletions(-)

diff --git a/app/lib/account_statuses_filter.rb b/app/lib/account_statuses_filter.rb
index d32f6d7463..719181b8b2 100644
--- a/app/lib/account_statuses_filter.rb
+++ b/app/lib/account_statuses_filter.rb
@@ -33,7 +33,8 @@ class AccountStatusesFilter
     available_visibilities -= [:unlisted] if (domain_block&.detect_invalid_subscription || misskey_software?) && @account.user&.setting_reject_unlisted_subscription
     available_visibilities -= [:login] if current_account.nil?
 
-    scope.merge!(scope.where(spoiler_text: ['', nil])) if domain_block&.reject_send_sensitive
+    scope.merge!(scope.where(sensitive: false)) if domain_block&.reject_send_sensitive
+
     scope.merge!(scope.where(searchability: available_searchabilities))
     scope.merge!(scope.where(visibility: available_visibilities))
 
@@ -153,9 +154,9 @@ class AccountStatusesFilter
   end
 
   def domain_block
-    return nil if @account.nil? || @account.local?
+    return nil if @current_account.nil? || @current_account.local?
 
-    @domain_block = DomainBlock.find_by(domain: @account.domain)
+    @domain_block = DomainBlock.find_by(domain: @current_account.domain)
   end
 
   def misskey_software?
diff --git a/spec/lib/account_statuses_filter_spec.rb b/spec/lib/account_statuses_filter_spec.rb
index f8380ca322..fd5357c1bb 100644
--- a/spec/lib/account_statuses_filter_spec.rb
+++ b/spec/lib/account_statuses_filter_spec.rb
@@ -267,6 +267,80 @@ RSpec.describe AccountStatusesFilter do
       it_behaves_like 'filter params'
     end
 
+    context 'when accessed by a remote account' do
+      let(:current_account) { Fabricate(:account, uri: 'https://example.com/', domain: 'example.com') }
+      let!(:sensitive_status_with_cw) { Fabricate(:status, account: account, visibility: :public, spoiler_text: 'CW', sensitive: true) }
+      let!(:sensitive_status_with_media) do
+        Fabricate(:status, account: account, visibility: :public, sensitive: true).tap do |status|
+          Fabricate(:media_attachment, account: account, status: status)
+        end
+      end
+
+      shared_examples 'as_like_public_visibility' do
+        it 'returns private statuses, replies, and reblogs' do
+          expect(results_unique_visibilities).to match_array %w(login unlisted public_unlisted public)
+
+          expect(results_in_reply_to_ids).to_not be_empty
+
+          expect(results_reblog_of_ids).to_not be_empty
+        end
+
+        context 'when there is a direct status mentioning the non-follower' do
+          let!(:direct_status) { status_with_mention!(:direct, current_account) }
+
+          it 'returns the direct status' do
+            expect(results_ids).to include(direct_status.id)
+          end
+        end
+
+        context 'when there is a direct status mentioning other user' do
+          let!(:direct_status) { status_with_mention!(:direct) }
+
+          it 'not returns the direct status' do
+            expect(results_ids).to_not include(direct_status.id)
+          end
+        end
+
+        context 'when there is a limited status mentioning the non-follower' do
+          let!(:limited_status) { status_with_mention!(:limited, current_account) }
+
+          it 'returns the limited status' do
+            expect(results_ids).to include(limited_status.id)
+          end
+        end
+
+        context 'when there is a limited status mentioning other user' do
+          let!(:limited_status) { status_with_mention!(:limited) }
+
+          it 'not returns the limited status' do
+            expect(results_ids).to_not include(limited_status.id)
+          end
+        end
+      end
+
+      it_behaves_like 'as_like_public_visibility'
+      it_behaves_like 'filter params'
+
+      it 'returns the sensitive status' do
+        expect(results_ids).to include(sensitive_status_with_cw.id)
+        expect(results_ids).to include(sensitive_status_with_media.id)
+      end
+
+      context 'when domain-blocked reject_media' do
+        before do
+          Fabricate(:domain_block, domain: 'example.com', severity: :noop, reject_send_sensitive: true)
+        end
+
+        it_behaves_like 'as_like_public_visibility'
+        it_behaves_like 'filter params'
+
+        it 'does not return the sensitive status' do
+          expect(results_ids).to_not include(sensitive_status_with_cw.id)
+          expect(results_ids).to_not include(sensitive_status_with_media.id)
+        end
+      end
+    end
+
     private
 
     def results_unique_visibilities