Merge branch 'feature/mastoapi-new-config' into 'develop'

Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API

This patch:
- Fixes `rights` in TwitterAPI ignoring `show_role` 
- Fixes exposing default scope of the user to anyone in Mastodon API
- Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674)

Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs

See merge request pleroma/pleroma!1093

1 files changed, 9 insertions, 24 deletions

diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index 36b461992..2f9b2af01 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -89,17 +89,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => false,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -112,6 +106,15 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
     assert represented == UserView.render("show.json", %{user: user})
   end
 
+  test "User exposes settings for themselves and only for themselves", %{user: user} do
+    as_user = UserView.render("show.json", %{user: user, for: user})
+    assert as_user["default_scope"] == user.info.default_scope
+    assert as_user["no_rich_text"] == user.info.no_rich_text
+    as_stranger = UserView.render("show.json", %{user: user})
+    refute as_stranger["default_scope"]
+    refute as_stranger["no_rich_text"]
+  end
+
   test "A user for a given other follower", %{user: user} do
     follower = insert(:user, %{following: [User.ap_followers(user)]})
     {:ok, user} = User.update_follower_count(user)
@@ -137,17 +140,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => true,
       "follows_you" => false,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -186,17 +183,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => true,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => follower.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -272,17 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => false,
       "statusnet_blocking" => true,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],