Merge commit from fork

* Refuse granting quote authorization for reblogs * Add validation to reject quotes of reblogs * Do not process quotes of reblogs as potentially valid quotes * Refuse to serve quoted reblogs over REST API
2025-10-21 15:00:28 +02:00
parent 2b9e4294fe
commit 405a49df44
8 changed files with 146 additions and 5 deletions
--- a/spec/models/concerns/status/interaction_policy_concern_spec.rb
+++ b/spec/models/concerns/status/interaction_policy_concern_spec.rb
@@ -15,6 +15,22 @@ RSpec.describe Status::InteractionPolicyConcern do
  describe '#quote_policy_for_account' do
    let(:account) { Fabricate(:account) }

+    context 'when the account is the author' do
+      let(:status) { Fabricate(:status, account: account, quote_approval_policy: 0) }
+
+      it 'returns :automatic' do
+        expect(status.quote_policy_for_account(account)).to eq :automatic
+      end
+
+      context 'when it is a reblog' do
+        let(:status) { Fabricate(:status, account: account, quote_approval_policy: 0, reblog: Fabricate(:status)) }
+
+        it 'returns :automatic' do
+          expect(status.quote_policy_for_account(account)).to eq :denied
+        end
+      end
+    end
+
    context 'when the account is not following the user' do
      it 'returns :manual because of the public entry in the manual policy' do
        expect(status.quote_policy_for_account(account)).to eq :manual