From c64a8aadc163fa78ef323a89b5b73ef495da7e00 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 21 Aug 2020 19:32:16 +0100
Subject: [PATCH] Check for allowed comments

---
 epicyon.py |  3 ++-
 inbox.py   | 36 ++++++++++++++++++++++++++++++++++++
 tests.py   | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+), 1 deletion(-)

diff --git a/epicyon.py b/epicyon.py
index a1915c138..e4c7f00b5 100644
--- a/epicyon.py
+++ b/epicyon.py
@@ -1765,7 +1765,8 @@ if args.testdata:
                      False, True, False, True, None, None, useBlurhash)
     createPublicPost(baseDir, nickname, domain, port, httpPrefix,
                      "Getting kinda spooky around here",
-                     False, True, False, True, None, None, useBlurhash, 'someone')
+                     False, True, False, True, None, None,
+                     useBlurhash, 'someone')
     createPublicPost(baseDir, nickname, domain, port, httpPrefix,
                      "And they would have gotten away with it too" +
                      "if it wasn't for those pesky hackers",
diff --git a/inbox.py b/inbox.py
index 1721105fb..4250f8d75 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1585,6 +1585,28 @@ def receiveUndoAnnounce(recentPostsCache: {},
     return True
 
 
+def jsonPostAllowsComments(postJsonObject: {}) -> bool:
+    """Returns true if the given post allows comments/replies
+    """
+    if 'commentsEnabled' in postJsonObject:
+        return postJsonObject['commentsEnabled']
+    if postJsonObject.get('object'):
+        if not isinstance(postJsonObject['object'], dict):
+            return False
+        if 'commentsEnabled' in postJsonObject['object']:
+            return postJsonObject['object']['commentsEnabled']
+    return True
+
+
+def postAllowsComments(postFilename: str) -> bool:
+    """Returns true if the given post allows comments/replies
+    """
+    postJsonObject = loadJson(postFilename)
+    if not postJsonObject:
+        return False
+    return jsonPostAllowsComments(postJsonObject)
+
+
 def populateReplies(baseDir: str, httpPrefix: str, domain: str,
                     messageJson: {}, maxReplies: int, debug: bool) -> bool:
     """Updates the list of replies for a post on this domain if
@@ -1625,6 +1647,10 @@ def populateReplies(baseDir: str, httpPrefix: str, domain: str,
         if debug:
             print('DEBUG: post may have expired - ' + replyTo)
         return False
+    if not postAllowsComments(postFilename):
+        if debug:
+            print('DEBUG: post does not allow comments - ' + replyTo)
+        return False
     # populate a text file containing the ids of replies
     postRepliesFilename = postFilename.replace('.json', '.replies')
     messageId = messageJson['id'].replace('/activity', '')
@@ -1720,6 +1746,16 @@ def validPostContent(baseDir: str, nickname: str, domain: str,
                   messageJson['object']['content']):
         print('REJECT: content filtered')
         return False
+    if messageJson['object'].get('inReplyTo'):
+        if isinstance(messageJson['object']['inReplyTo'], str):
+            originalPostId = messageJson['object']['inReplyTo']
+            postPostFilename = locatePost(baseDir, nickname, domain,
+                                          originalPostId)
+            if postPostFilename:
+                if not postAllowsComments(postPostFilename):
+                    print('REJECT: reply to post which does not ' +
+                          'allow comments: ' + originalPostId)
+                    return False
     print('ACCEPT: post content is valid')
     return True
 
diff --git a/tests.py b/tests.py
index b6ac4239b..69095aa43 100644
--- a/tests.py
+++ b/tests.py
@@ -62,6 +62,7 @@ from announce import sendAnnounceViaServer
 from media import getMediaPath
 from media import getAttachmentMediaType
 from delete import sendDeleteViaServer
+from inbox import jsonPostAllowsComments
 from inbox import validInbox
 from inbox import validInboxFilenames
 from content import htmlReplaceQuoteMarks
@@ -1981,8 +1982,41 @@ def runHtmlReplaceQuoteMarks():
     assert result == '“hello” <a href="somesite.html">“test” html</a>'
 
 
+def testJsonPostAllowsComments():
+    print('testJsonPostAllowsComments')
+    postJsonObject = {
+        "id": "123"
+    }
+    assert jsonPostAllowsComments(postJsonObject)
+    postJsonObject = {
+        "id": "123",
+        "commentsEnabled": False
+    }
+    assert not jsonPostAllowsComments(postJsonObject)
+    postJsonObject = {
+        "id": "123",
+        "commentsEnabled": True
+    }
+    assert jsonPostAllowsComments(postJsonObject)
+    postJsonObject = {
+        "id": "123",
+        "object": {
+            "commentsEnabled": True
+        }
+    }
+    assert jsonPostAllowsComments(postJsonObject)
+    postJsonObject = {
+        "id": "123",
+        "object": {
+            "commentsEnabled": False
+        }
+    }
+    assert not jsonPostAllowsComments(postJsonObject)
+
+
 def runAllTests():
     print('Running tests...')
+    testJsonPostAllowsComments()
     runHtmlReplaceQuoteMarks()
     testDangerousMarkup()
     testRemoveHtml()