From 4ce9f9bf08a59397645943df9fd8744b2c1ae5ce Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Fri, 6 Apr 2018 17:58:16 +0200
Subject: [PATCH] Dedicated permission to access library data via activity pub

---
 api/funkwhale_api/federation/permissions.py | 19 +++++++++
 api/tests/federation/test_permissions.py    | 45 +++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 api/funkwhale_api/federation/permissions.py
 create mode 100644 api/tests/federation/test_permissions.py

diff --git a/api/funkwhale_api/federation/permissions.py b/api/funkwhale_api/federation/permissions.py
new file mode 100644
index 000000000..370328eaa
--- /dev/null
+++ b/api/funkwhale_api/federation/permissions.py
@@ -0,0 +1,19 @@
+from django.conf import settings
+
+from rest_framework.permissions import BasePermission
+
+from . import actors
+
+
+class LibraryFollower(BasePermission):
+
+    def has_permission(self, request, view):
+        if not settings.FEDERATION_MUSIC_NEEDS_APPROVAL:
+            return True
+
+        actor = getattr(request, 'actor', None)
+        if actor is None:
+            return False
+
+        library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
+        return library.followers.filter(url=actor.url).exists()
diff --git a/api/tests/federation/test_permissions.py b/api/tests/federation/test_permissions.py
new file mode 100644
index 000000000..1a6977542
--- /dev/null
+++ b/api/tests/federation/test_permissions.py
@@ -0,0 +1,45 @@
+from rest_framework.views import APIView
+
+from funkwhale_api.federation import actors
+from funkwhale_api.federation import permissions
+
+
+def test_library_follower(
+        factories, api_request, anonymous_user, settings):
+    settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
+    view = APIView.as_view()
+    permission = permissions.LibraryFollower()
+    request = api_request.get('/')
+    setattr(request, 'user', anonymous_user)
+    check = permission.has_permission(request, view)
+
+    assert check is False
+
+
+def test_library_follower_actor_non_follower(
+        factories, api_request, anonymous_user, settings):
+    settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
+    actor = factories['federation.Actor']()
+    view = APIView.as_view()
+    permission = permissions.LibraryFollower()
+    request = api_request.get('/')
+    setattr(request, 'user', anonymous_user)
+    setattr(request, 'actor', actor)
+    check = permission.has_permission(request, view)
+
+    assert check is False
+
+
+def test_library_follower_actor_follower(
+        factories, api_request, anonymous_user, settings):
+    settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
+    library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
+    follow = factories['federation.Follow'](target=library)
+    view = APIView.as_view()
+    permission = permissions.LibraryFollower()
+    request = api_request.get('/')
+    setattr(request, 'user', anonymous_user)
+    setattr(request, 'actor', follow.actor)
+    check = permission.has_permission(request, view)
+
+    assert check is True
-- 
GitLab