[chore] Add interaction filter to complement existing visibility filter (#3111)

* [chore] Add interaction filter to complement existing visibility filter

* pass in ptr to visibility and interaction filters to Processor{} to ensure shared

* use int constants for for match type, cache db calls in filterctx

* function name typo 😇

---------

Co-authored-by: kim <grufwub@gmail.com>

cmd/gotosocial/action/server/server.go

@@ -36,6 +36,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/api"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/spam"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
@@ -190,10 +191,19 @@ var Start action.GTSAction = func(ctx context.Context) error {
 	oauthServer := oauth.New(ctx, dbService)
 	typeConverter := typeutils.NewConverter(state)
 	visFilter := visibility.NewFilter(state)
+	intFilter := interaction.NewFilter(state)
 	spamFilter := spam.NewFilter(state)
 	federatingDB := federatingdb.New(state, typeConverter, visFilter, spamFilter)
 	transportController := transport.NewController(state, federatingDB, &federation.Clock{}, client)
-	federator := federation.NewFederator(state, federatingDB, transportController, typeConverter, visFilter, mediaManager)
+	federator := federation.NewFederator(
+		state,
+		federatingDB,
+		transportController,
+		typeConverter,
+		visFilter,
+		intFilter,
+		mediaManager,
+	)
 
 	// Decide whether to create a noop email
 	// sender (won't send emails) or a real one.
@@ -268,6 +278,8 @@ var Start action.GTSAction = func(ctx context.Context) error {
 		mediaManager,
 		state,
 		emailSender,
+		visFilter,
+		intFilter,
 	)
 
 	// Initialize the specialized workers pools.

internal/api/client/admin/reportsget_test.go

@@ -532,19 +532,22 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
         "interaction_policy": {
           "can_favourite": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reply": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reblog": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           }
@@ -774,19 +777,22 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
         "interaction_policy": {
           "can_favourite": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reply": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reblog": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           }
@@ -1016,19 +1022,22 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
         "interaction_policy": {
           "can_favourite": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reply": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           },
           "can_reblog": {
             "always": [
-              "public"
+              "public",
+              "me"
             ],
             "with_approval": []
           }

internal/api/client/statuses/statusboost_test.go

@@ -173,43 +173,42 @@ func (suite *StatusBoostTestSuite) TestPostBoostOwnFollowersOnly() {
 }
 
 // try to boost a status that's not boostable / visible to us
-// TODO: sort this out with new interaction policies
+func (suite *StatusBoostTestSuite) TestPostUnboostable() {
-// func (suite *StatusBoostTestSuite) TestPostUnboostable() {
+	t := suite.testTokens["local_account_1"]
-// 	t := suite.testTokens["local_account_1"]
+	oauthToken := oauth.DBTokenToToken(t)
-// 	oauthToken := oauth.DBTokenToToken(t)
 
-// 	targetStatus := suite.testStatuses["local_account_2_status_4"]
+	targetStatus := suite.testStatuses["local_account_2_status_4"]
 
-// 	// setup
+	// setup
-// 	recorder := httptest.NewRecorder()
+	recorder := httptest.NewRecorder()
-// 	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
-// 	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
-// 	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
+	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
-// 	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
-// 	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
-// 	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
+	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
-// 	ctx.Request.Header.Set("accept", "application/json")
+	ctx.Request.Header.Set("accept", "application/json")
 
-// 	// normally the router would populate these params from the path values,
+	// normally the router would populate these params from the path values,
-// 	// but because we're calling the function directly, we need to set them manually.
+	// but because we're calling the function directly, we need to set them manually.
-// 	ctx.Params = gin.Params{
+	ctx.Params = gin.Params{
-// 		gin.Param{
+		gin.Param{
-// 			Key:   statuses.IDKey,
+			Key:   statuses.IDKey,
-// 			Value: targetStatus.ID,
+			Value: targetStatus.ID,
-// 		},
+		},
-// 	}
+	}
 
-// 	suite.statusModule.StatusBoostPOSTHandler(ctx)
+	suite.statusModule.StatusBoostPOSTHandler(ctx)
 
-// 	// check response
+	// check response
-// 	suite.Equal(http.StatusNotFound, recorder.Code) // we 404 unboostable statuses
+	suite.Equal(http.StatusForbidden, recorder.Code)
 
-// 	result := recorder.Result()
+	result := recorder.Result()
-// 	defer result.Body.Close()
+	defer result.Body.Close()
-// 	b, err := ioutil.ReadAll(result.Body)
+	b, err := ioutil.ReadAll(result.Body)
-// 	suite.NoError(err)
+	suite.NoError(err)
-// 	suite.Equal(`{"error":"Not Found"}`, string(b))
+	suite.Equal(`{"error":"Forbidden: you do not have permission to boost this status"}`, string(b))
-// }
+}
 
 // try to boost a status that's not visible to the user
 func (suite *StatusBoostTestSuite) TestPostNotVisible() {

internal/api/client/statuses/statusfave_test.go

@@ -89,43 +89,42 @@ func (suite *StatusFaveTestSuite) TestPostFave() {
 }
 
 // try to fave a status that's not faveable
-// TODO: replace this when interaction policies enforced.
+func (suite *StatusFaveTestSuite) TestPostUnfaveable() {
-// func (suite *StatusFaveTestSuite) TestPostUnfaveable() {
+	t := suite.testTokens["admin_account"]
-// 	t := suite.testTokens["local_account_1"]
+	oauthToken := oauth.DBTokenToToken(t)
-// 	oauthToken := oauth.DBTokenToToken(t)
 
-// 	targetStatus := suite.testStatuses["local_account_2_status_3"] // this one is unlikeable and unreplyable
+	targetStatus := suite.testStatuses["local_account_1_status_3"] // this one is unlikeable
 
-// 	// setup
+	// setup
-// 	recorder := httptest.NewRecorder()
+	recorder := httptest.NewRecorder()
-// 	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
-// 	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
-// 	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
+	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
-// 	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["admin_account"])
-// 	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["admin_account"])
-// 	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
+	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
-// 	ctx.Request.Header.Set("accept", "application/json")
+	ctx.Request.Header.Set("accept", "application/json")
 
-// 	// normally the router would populate these params from the path values,
+	// normally the router would populate these params from the path values,
-// 	// but because we're calling the function directly, we need to set them manually.
+	// but because we're calling the function directly, we need to set them manually.
-// 	ctx.Params = gin.Params{
+	ctx.Params = gin.Params{
-// 		gin.Param{
+		gin.Param{
-// 			Key:   statuses.IDKey,
+			Key:   statuses.IDKey,
-// 			Value: targetStatus.ID,
+			Value: targetStatus.ID,
-// 		},
+		},
-// 	}
+	}
 
-// 	suite.statusModule.StatusFavePOSTHandler(ctx)
+	suite.statusModule.StatusFavePOSTHandler(ctx)
 
-// 	// check response
+	// check response
-// 	suite.EqualValues(http.StatusForbidden, recorder.Code)
+	suite.EqualValues(http.StatusForbidden, recorder.Code)
 
-// 	result := recorder.Result()
+	result := recorder.Result()
-// 	defer result.Body.Close()
+	defer result.Body.Close()
-// 	b, err := ioutil.ReadAll(result.Body)
+	b, err := ioutil.ReadAll(result.Body)
-// 	assert.NoError(suite.T(), err)
+	assert.NoError(suite.T(), err)
-// 	assert.Equal(suite.T(), `{"error":"Forbidden: status is not faveable"}`, string(b))
+	assert.Equal(suite.T(), `{"error":"Forbidden: you do not have permission to fave this status"}`, string(b))
-// }
+}
 
 func TestStatusFaveTestSuite(t *testing.T) {
 	suite.Run(t, new(StatusFaveTestSuite))

internal/api/client/statuses/statusmute_test.go

@@ -151,19 +151,22 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -236,19 +239,22 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }

internal/api/wellknown/webfinger/webfingerget_test.go

@@ -35,6 +35,8 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/api/wellknown/webfinger"
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 	"github.com/superseriousbusiness/gotosocial/testrig"
@@ -85,7 +87,19 @@ func (suite *WebfingerGetTestSuite) funkifyAccountDomain(host string, accountDom
 	config.SetAccountDomain(accountDomain)
 	testrig.StopWorkers(&suite.state)
 	testrig.StartNoopWorkers(&suite.state)
-	suite.processor = processing.NewProcessor(cleaner.New(&suite.state), suite.tc, suite.federator, testrig.NewTestOauthServer(suite.db), testrig.NewTestMediaManager(&suite.state), &suite.state, suite.emailSender)
+
+	suite.processor = processing.NewProcessor(
+		cleaner.New(&suite.state),
+		suite.tc,
+		suite.federator,
+		testrig.NewTestOauthServer(suite.db),
+		testrig.NewTestMediaManager(&suite.state),
+		&suite.state,
+		suite.emailSender,
+		visibility.NewFilter(&suite.state),
+		interaction.NewFilter(&suite.state),
+	)
+
 	suite.webfingerModule = webfinger.New(suite.processor)
 	testrig.StartNoopWorkers(&suite.state)
 

internal/federation/dereferencing/announce.go

@@ -69,12 +69,6 @@ func (d *Dereferencer) EnrichAnnounce(
 		return nil, err
 	}
 
-	// Generate an ID for the boost wrapper status.
-	boost.ID, err = id.NewULIDFromTime(boost.CreatedAt)
-	if err != nil {
-		return nil, gtserror.Newf("error generating id: %w", err)
-	}
-
 	// Set boost_of_uri again in case the
 	// original URI was an indirect link.
 	boost.BoostOfURI = target.URI
@@ -92,6 +86,24 @@ func (d *Dereferencer) EnrichAnnounce(
 	boost.Visibility = target.Visibility
 	boost.Federated = target.Federated
 
+	// Ensure this Announce is permitted by the Announcee.
+	permit, err := d.isPermittedStatus(ctx, requestUser, nil, boost)
+	if err != nil {
+		return nil, gtserror.Newf("error checking permitted status %s: %w", boost.URI, err)
+	}
+
+	if !permit {
+		// Return a checkable error type that can be ignored.
+		err := gtserror.Newf("dropping unpermitted status: %s", boost.URI)
+		return nil, gtserror.SetNotPermitted(err)
+	}
+
+	// Generate an ID for the boost wrapper status.
+	boost.ID, err = id.NewULIDFromTime(boost.CreatedAt)
+	if err != nil {
+		return nil, gtserror.Newf("error generating id: %w", err)
+	}
+
 	// Store the boost wrapper status in database.
 	switch err = d.state.DB.PutStatus(ctx, boost); {
 	case err == nil:

internal/federation/dereferencing/dereferencer.go

@@ -22,6 +22,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -83,7 +84,8 @@ type Dereferencer struct {
 	converter           *typeutils.Converter
 	transportController transport.Controller
 	mediaManager        *media.Manager
-	visibility          *visibility.Filter
+	visFilter           *visibility.Filter
+	intFilter           *interaction.Filter
 
 	// in-progress dereferencing media / emoji
 	derefMedia    map[string]*media.ProcessingMedia
@@ -102,12 +104,14 @@ type Dereferencer struct {
 	handshakesMu sync.Mutex
 }
 
-// NewDereferencer returns a Dereferencer initialized with the given parameters.
+// NewDereferencer returns a Dereferencer
+// initialized with the given parameters.
 func NewDereferencer(
 	state *state.State,
 	converter *typeutils.Converter,
 	transportController transport.Controller,
 	visFilter *visibility.Filter,
+	intFilter *interaction.Filter,
 	mediaManager *media.Manager,
 ) Dereferencer {
 	return Dereferencer{
@@ -115,7 +119,8 @@ func NewDereferencer(
 		converter:           converter,
 		transportController: transportController,
 		mediaManager:        mediaManager,
-		visibility:          visFilter,
+		visFilter:           visFilter,
+		intFilter:           intFilter,
 		derefMedia:          make(map[string]*media.ProcessingMedia),
 		derefEmojis:         make(map[string]*media.ProcessingEmoji),
 		handshakes:          make(map[string][]*url.URL),

internal/federation/dereferencing/dereferencer_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/superseriousbusiness/activity/streams/vocab"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -79,8 +80,19 @@ func (suite *DereferencerStandardTestSuite) SetupTest() {
 	suite.state.Storage = suite.storage
 
 	visFilter := visibility.NewFilter(&suite.state)
+	intFilter := interaction.NewFilter(&suite.state)
 	media := testrig.NewTestMediaManager(&suite.state)
-	suite.dereferencer = dereferencing.NewDereferencer(&suite.state, converter, testrig.NewTestTransportController(&suite.state, suite.client), visFilter, media)
+	suite.dereferencer = dereferencing.NewDereferencer(
+		&suite.state,
+		converter,
+		testrig.NewTestTransportController(
+			&suite.state,
+			suite.client,
+		),
+		visFilter,
+		intFilter,
+		media,
+	)
 	testrig.StandardDBSetup(suite.db, nil)
 }
 

internal/federation/dereferencing/status.go

@@ -502,7 +502,8 @@ func (d *Dereferencer) enrichStatus(
 	latestStatus.Local = status.Local
 
 	// Check if this is a permitted status we should accept.
-	permit, err := d.isPermittedStatus(ctx, status, latestStatus)
+	// Function also sets "PendingApproval" bool as necessary.
+	permit, err := d.isPermittedStatus(ctx, requestUser, status, latestStatus)
 	if err != nil {
 		return nil, nil, gtserror.Newf("error checking permissibility for status %s: %w", uri, err)
 	}
@@ -560,86 +561,6 @@ func (d *Dereferencer) enrichStatus(
 	return latestStatus, apubStatus, nil
 }
 
-// isPermittedStatus returns whether the given status
-// is permitted to be stored on this instance, checking
-// whether the author is suspended, and passes visibility
-// checks against status being replied-to (if any).
-func (d *Dereferencer) isPermittedStatus(
-	ctx context.Context,
-	existing *gtsmodel.Status,
-	status *gtsmodel.Status,
-) (
-	permitted bool, // is permitted?
-	err error,
-) {
-
-	// our failure condition handling
-	// at the end of this function for
-	// the case of permission = false.
-	onFail := func() (bool, error) {
-		if existing != nil {
-			log.Infof(ctx, "deleting unpermitted: %s", existing.URI)
-
-			// Delete existing status from database as it's no longer permitted.
-			if err := d.state.DB.DeleteStatusByID(ctx, existing.ID); err != nil {
-				log.Errorf(ctx, "error deleting %s after permissivity fail: %v", existing.URI, err)
-			}
-		}
-		return false, nil
-	}
-
-	if !status.Account.SuspendedAt.IsZero() {
-		// The status author is suspended,
-		// this shouldn't have reached here
-		// but it's a fast check anyways.
-		return onFail()
-	}
-
-	if status.InReplyToURI == "" {
-		// This status isn't in
-		// reply to anything!
-		return true, nil
-	}
-
-	if status.InReplyTo == nil {
-		// If no inReplyTo has been set,
-		// we return here for now as we
-		// can't perform further checks.
-		//
-		// Worst case we allow something
-		// through, and later on during
-		// refetch it will get deleted.
-		return true, nil
-	}
-
-	if status.InReplyTo.BoostOfID != "" {
-		// We do not permit replies to
-		// boost wrapper statuses. (this
-		// shouldn't be able to happen).
-		return onFail()
-	}
-
-	// Default to true
-	permitted = true
-
-	if *status.InReplyTo.Local {
-		// Check visibility of inReplyTo to status author.
-		permitted, err = d.visibility.StatusVisible(ctx,
-			status.Account,
-			status.InReplyTo,
-		)
-		if err != nil {
-			return false, gtserror.Newf("error checking in-reply-to visibility: %w", err)
-		}
-	}
-
-	if permitted {
-		return true, nil
-	}
-
-	return onFail()
-}
-
 func (d *Dereferencer) fetchStatusMentions(
 	ctx context.Context,
 	requestUser string,

internal/federation/dereferencing/status_permitted.go

@@ -0,0 +1,216 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package dereferencing
+
+import (
+	"context"
+
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+)
+
+// isPermittedStatus returns whether the given status
+// is permitted to be stored on this instance, checking:
+//
+//   - author is not suspended
+//   - status passes visibility checks
+//   - status passes interaction policy checks
+//
+// If status is not permitted to be stored, the function
+// will clean up after itself by removing the status.
+//
+// If status is a reply or a boost, and the author of
+// the given status is only permitted to reply or boost
+// pending approval, then "PendingApproval" will be set
+// to "true" on status. Callers should check this
+// and handle it as appropriate.
+func (d *Dereferencer) isPermittedStatus(
+	ctx context.Context,
+	requestUser string,
+	existing *gtsmodel.Status,
+	status *gtsmodel.Status,
+) (
+	bool, // is permitted?
+	error,
+) {
+	// our failure condition handling
+	// at the end of this function for
+	// the case of permission = false.
+	onFalse := func() (bool, error) {
+		if existing != nil {
+			log.Infof(ctx, "deleting unpermitted: %s", existing.URI)
+
+			// Delete existing status from database as it's no longer permitted.
+			if err := d.state.DB.DeleteStatusByID(ctx, existing.ID); err != nil {
+				log.Errorf(ctx, "error deleting %s after permissivity fail: %v", existing.URI, err)
+			}
+		}
+		return false, nil
+	}
+
+	if status.Account.IsSuspended() {
+		// The status author is suspended,
+		// this shouldn't have reached here
+		// but it's a fast check anyways.
+		log.Debugf(ctx,
+			"status author %s is suspended",
+			status.AccountURI,
+		)
+		return onFalse()
+	}
+
+	if inReplyTo := status.InReplyTo; inReplyTo != nil {
+		return d.isPermittedReply(
+			ctx,
+			requestUser,
+			status,
+			inReplyTo,
+			onFalse,
+		)
+	} else if boostOf := status.BoostOf; boostOf != nil {
+		return d.isPermittedBoost(
+			ctx,
+			requestUser,
+			status,
+			boostOf,
+			onFalse,
+		)
+	}
+
+	// Nothing else stopping this.
+	return true, nil
+}
+
+func (d *Dereferencer) isPermittedReply(
+	ctx context.Context,
+	requestUser string,
+	status *gtsmodel.Status,
+	inReplyTo *gtsmodel.Status,
+	onFalse func() (bool, error),
+) (bool, error) {
+	if inReplyTo.BoostOfID != "" {
+		// We do not permit replies to
+		// boost wrapper statuses. (this
+		// shouldn't be able to happen).
+		log.Info(ctx, "rejecting reply to boost wrapper status")
+		return onFalse()
+	}
+
+	// Check visibility of local
+	// inReplyTo to replying account.
+	if inReplyTo.IsLocal() {
+		visible, err := d.visFilter.StatusVisible(ctx,
+			status.Account,
+			inReplyTo,
+		)
+		if err != nil {
+			err := gtserror.Newf("error checking inReplyTo visibility: %w", err)
+			return false, err
+		}
+
+		// Our status is not visible to the
+		// account trying to do the reply.
+		if !visible {
+			return onFalse()
+		}
+	}
+
+	// Check interaction policy of inReplyTo.
+	replyable, err := d.intFilter.StatusReplyable(ctx,
+		status.Account,
+		inReplyTo,
+	)
+	if err != nil {
+		err := gtserror.Newf("error checking status replyability: %w", err)
+		return false, err
+	}
+
+	if replyable.Forbidden() {
+		// Replier is not permitted
+		// to do this interaction.
+		return onFalse()
+	}
+
+	// TODO in next PR: check conditional /
+	// with approval and deref Accept.
+	if !replyable.Permitted() {
+		return onFalse()
+	}
+
+	return true, nil
+}
+
+func (d *Dereferencer) isPermittedBoost(
+	ctx context.Context,
+	requestUser string,
+	status *gtsmodel.Status,
+	boostOf *gtsmodel.Status,
+	onFalse func() (bool, error),
+) (bool, error) {
+	if boostOf.BoostOfID != "" {
+		// We do not permit boosts of
+		// boost wrapper statuses. (this
+		// shouldn't be able to happen).
+		log.Info(ctx, "rejecting boost of boost wrapper status")
+		return onFalse()
+	}
+
+	// Check visibility of local
+	// boostOf to boosting account.
+	if boostOf.IsLocal() {
+		visible, err := d.visFilter.StatusVisible(ctx,
+			status.Account,
+			boostOf,
+		)
+		if err != nil {
+			err := gtserror.Newf("error checking boostOf visibility: %w", err)
+			return false, err
+		}
+
+		// Our status is not visible to the
+		// account trying to do the boost.
+		if !visible {
+			return onFalse()
+		}
+	}
+
+	// Check interaction policy of boostOf.
+	boostable, err := d.intFilter.StatusBoostable(ctx,
+		status.Account,
+		boostOf,
+	)
+	if err != nil {
+		err := gtserror.Newf("error checking status boostability: %w", err)
+		return false, err
+	}
+
+	if boostable.Forbidden() {
+		// Booster is not permitted
+		// to do this interaction.
+		return onFalse()
+	}
+
+	// TODO in next PR: check conditional /
+	// with approval and deref Accept.
+	if !boostable.Permitted() {
+		return onFalse()
+	}
+
+	return true, nil
+}

internal/federation/federatingactor_test.go

@@ -28,6 +28,7 @@ import (
 
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
@@ -68,6 +69,7 @@ func (suite *FederatingActorTestSuite) TestSendNoRemoteFollowers() {
 		tc,
 		suite.typeconverter,
 		visibility.NewFilter(&suite.state),
+		interaction.NewFilter(&suite.state),
 		testrig.NewTestMediaManager(&suite.state),
 	)
 
@@ -122,6 +124,7 @@ func (suite *FederatingActorTestSuite) TestSendRemoteFollower() {
 		tc,
 		suite.typeconverter,
 		visibility.NewFilter(&suite.state),
+		interaction.NewFilter(&suite.state),
 		testrig.NewTestMediaManager(&suite.state),
 	)
 

internal/federation/federator.go

@@ -22,6 +22,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
 	"github.com/superseriousbusiness/gotosocial/internal/federation/federatingdb"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -52,6 +53,7 @@ func NewFederator(
 	transportController transport.Controller,
 	converter *typeutils.Converter,
 	visFilter *visibility.Filter,
+	intFilter *interaction.Filter,
 	mediaManager *media.Manager,
 ) *Federator {
 	clock := &Clock{}
@@ -62,7 +64,14 @@ func NewFederator(
 		converter:           converter,
 		transportController: transportController,
 		mediaManager:        mediaManager,
-		Dereferencer:        dereferencing.NewDereferencer(state, converter, transportController, visFilter, mediaManager),
+		Dereferencer: dereferencing.NewDereferencer(
+			state,
+			converter,
+			transportController,
+			visFilter,
+			intFilter,
+			mediaManager,
+		),
 	}
 	actor := newFederatingActor(f, f, federatingDB, clock)
 	f.actor = actor

internal/filter/interaction/filter.go

@@ -0,0 +1,34 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package interaction
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/state"
+)
+
+// Filter packages up logic for checking whether
+// an interaction is permitted within set policies.
+type Filter struct {
+	state *state.State
+}
+
+// NewFilter returns a new Filter
+// that will use the provided state.
+func NewFilter(state *state.State) *Filter {
+	return &Filter{state: state}
+}

internal/filter/interaction/interactable.go

@@ -0,0 +1,561 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package interaction
+
+import (
+	"context"
+	"fmt"
+	"slices"
+
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
+)
+
+type matchType int
+
+const (
+	none     matchType = 0
+	implicit matchType = 1
+	explicit matchType = 2
+)
+
+// startedThread returns true if requester started
+// the thread that the given status is part of.
+// Ie., requester created the first post in the thread.
+func (f *Filter) startedThread(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (bool, error) {
+	parents, err := f.state.DB.GetStatusParents(ctx, status)
+	if err != nil {
+		return false, fmt.Errorf("db error getting parents of %s: %w", status.ID, err)
+	}
+
+	if len(parents) == 0 {
+		// No parents available. Just check
+		// if this status belongs to requester.
+		return status.AccountID == requester.ID, nil
+	}
+
+	// Check if OG status owned by requester.
+	return parents[0].AccountID == requester.ID, nil
+}
+
+// StatusLikeable checks if the given status
+// is likeable by the requester account.
+//
+// Callers to this function should have already
+// checked the visibility of status to requester,
+// including taking account of blocks, as this
+// function does not do visibility checks, only
+// interaction policy checks.
+func (f *Filter) StatusLikeable(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (*gtsmodel.PolicyCheckResult, error) {
+	if requester.ID == status.AccountID {
+		// Status author themself can
+		// always like their own status,
+		// no need for further checks.
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: util.Ptr(gtsmodel.PolicyValueAuthor),
+		}, nil
+	}
+
+	switch {
+	// If status has policy set, check against that.
+	case status.InteractionPolicy != nil:
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			status.InteractionPolicy.CanLike,
+		)
+
+	// If status is local and has no policy set,
+	// check against the default policy for this
+	// visibility, as we're interaction-policy aware.
+	case *status.Local:
+		policy := gtsmodel.DefaultInteractionPolicyFor(status.Visibility)
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			policy.CanLike,
+		)
+
+	// Otherwise, assume the status is from an
+	// instance that does not use / does not care
+	// about interaction policies, and just return OK.
+	default:
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionPermitted,
+		}, nil
+	}
+}
+
+// StatusReplyable checks if the given status
+// is replyable by the requester account.
+//
+// Callers to this function should have already
+// checked the visibility of status to requester,
+// including taking account of blocks, as this
+// function does not do visibility checks, only
+// interaction policy checks.
+func (f *Filter) StatusReplyable(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (*gtsmodel.PolicyCheckResult, error) {
+	if util.PtrOrValue(status.PendingApproval, false) {
+		// Target status is pending approval,
+		// check who started this thread.
+		startedThread, err := f.startedThread(
+			ctx,
+			requester,
+			status,
+		)
+		if err != nil {
+			err := gtserror.Newf("error checking thread ownership: %w", err)
+			return nil, err
+		}
+
+		if !startedThread {
+			// If status is itself still pending approval,
+			// and the requester didn't start this thread,
+			// then buddy, any status that tries to reply
+			// to it must be pending approval too. We do
+			// this to prevent someone replying to a status
+			// with a policy set that causes that reply to
+			// require approval, *THEN* replying to their
+			// own reply (which may not have a policy set)
+			// and having the reply-to-their-own-reply go
+			// through as Permitted. None of that!
+			return &gtsmodel.PolicyCheckResult{
+				Permission: gtsmodel.PolicyPermissionWithApproval,
+			}, nil
+		}
+	}
+
+	if requester.ID == status.AccountID {
+		// Status author themself can
+		// always reply to their own status,
+		// no need for further checks.
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: util.Ptr(gtsmodel.PolicyValueAuthor),
+		}, nil
+	}
+
+	// If requester is replied to by this status,
+	// then just return OK, it's functionally equivalent
+	// to them being mentioned, and easier to check!
+	if status.InReplyToAccountID == requester.ID {
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: util.Ptr(gtsmodel.PolicyValueMentioned),
+		}, nil
+	}
+
+	// Check if requester mentioned by this status.
+	//
+	// Prefer checking by ID, fall back to URI, URL,
+	// or NameString for not-yet enriched statuses.
+	mentioned := slices.ContainsFunc(
+		status.Mentions,
+		func(m *gtsmodel.Mention) bool {
+			switch {
+
+			// Check by ID - most accurate.
+			case m.TargetAccountID != "":
+				return m.TargetAccountID == requester.ID
+
+			// Check by URI - also accurate.
+			case m.TargetAccountURI != "":
+				return m.TargetAccountURI == requester.URI
+
+			// Check by URL - probably accurate.
+			case m.TargetAccountURL != "":
+				return m.TargetAccountURL == requester.URL
+
+			// Fall back to checking by namestring.
+			case m.NameString != "":
+				username, host, err := util.ExtractNamestringParts(m.NameString)
+				if err != nil {
+					log.Debugf(ctx, "error checking if mentioned: %v", err)
+					return false
+				}
+
+				if requester.IsLocal() {
+					// Local requester has empty string
+					// domain so check using config.
+					return username == requester.Username &&
+						(host == config.GetHost() || host == config.GetAccountDomain())
+				}
+
+				// Remote requester has domain set.
+				return username == requester.Username &&
+					host == requester.Domain
+
+			default:
+				// Not mentioned.
+				return false
+			}
+		},
+	)
+
+	if mentioned {
+		// A mentioned account can always
+		// reply, no need for further checks.
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: util.Ptr(gtsmodel.PolicyValueMentioned),
+		}, nil
+	}
+
+	switch {
+	// If status has policy set, check against that.
+	case status.InteractionPolicy != nil:
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			status.InteractionPolicy.CanReply,
+		)
+
+	// If status is local and has no policy set,
+	// check against the default policy for this
+	// visibility, as we're interaction-policy aware.
+	case *status.Local:
+		policy := gtsmodel.DefaultInteractionPolicyFor(status.Visibility)
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			policy.CanReply,
+		)
+
+	// Otherwise, assume the status is from an
+	// instance that does not use / does not care
+	// about interaction policies, and just return OK.
+	default:
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionPermitted,
+		}, nil
+	}
+}
+
+// StatusBoostable checks if the given status
+// is boostable by the requester account.
+//
+// Callers to this function should have already
+// checked the visibility of status to requester,
+// including taking account of blocks, as this
+// function does not do visibility checks, only
+// interaction policy checks.
+func (f *Filter) StatusBoostable(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (*gtsmodel.PolicyCheckResult, error) {
+	if status.Visibility == gtsmodel.VisibilityDirect {
+		log.Trace(ctx, "direct statuses are not boostable")
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionForbidden,
+		}, nil
+	}
+
+	if requester.ID == status.AccountID {
+		// Status author themself can
+		// always boost non-directs,
+		// no need for further checks.
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: util.Ptr(gtsmodel.PolicyValueAuthor),
+		}, nil
+	}
+
+	switch {
+	// If status has policy set, check against that.
+	case status.InteractionPolicy != nil:
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			status.InteractionPolicy.CanAnnounce,
+		)
+
+	// If status is local and has no policy set,
+	// check against the default policy for this
+	// visibility, as we're interaction-policy aware.
+	case *status.Local:
+		policy := gtsmodel.DefaultInteractionPolicyFor(status.Visibility)
+		return f.checkPolicy(
+			ctx,
+			requester,
+			status,
+			policy.CanAnnounce,
+		)
+
+	// Otherwise, assume the status is from an
+	// instance that does not use / does not care
+	// about interaction policies, and just return OK.
+	default:
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionPermitted,
+		}, nil
+	}
+}
+
+func (f *Filter) checkPolicy(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+	rules gtsmodel.PolicyRules,
+) (*gtsmodel.PolicyCheckResult, error) {
+
+	// Wrap context to be able to
+	// cache some database calls.
+	fctx := new(filterctx)
+	fctx.Context = ctx
+
+	// Check if requester matches a PolicyValue
+	// to be always allowed to do this.
+	matchAlways, matchAlwaysValue, err := f.matchPolicy(fctx,
+		requester,
+		status,
+		rules.Always,
+	)
+	if err != nil {
+		return nil, gtserror.Newf("error checking policy match: %w", err)
+	}
+
+	// Check if requester matches a PolicyValue
+	// to be allowed to do this pending approval.
+	matchWithApproval, _, err := f.matchPolicy(fctx,
+		requester,
+		status,
+		rules.WithApproval,
+	)
+	if err != nil {
+		return nil, gtserror.Newf("error checking policy approval match: %w", err)
+	}
+
+	switch {
+
+	// Prefer explicit match,
+	// prioritizing "always".
+	case matchAlways == explicit:
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: &matchAlwaysValue,
+		}, nil
+
+	case matchWithApproval == explicit:
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionWithApproval,
+		}, nil
+
+	// Then try implicit match,
+	// prioritizing "always".
+	case matchAlways == implicit:
+		return &gtsmodel.PolicyCheckResult{
+			Permission:         gtsmodel.PolicyPermissionPermitted,
+			PermittedMatchedOn: &matchAlwaysValue,
+		}, nil
+
+	case matchWithApproval == implicit:
+		return &gtsmodel.PolicyCheckResult{
+			Permission: gtsmodel.PolicyPermissionWithApproval,
+		}, nil
+	}
+
+	// No match.
+	return &gtsmodel.PolicyCheckResult{
+		Permission: gtsmodel.PolicyPermissionForbidden,
+	}, nil
+}
+
+// matchPolicy returns whether requesting account
+// matches any of the policy values for given status,
+// returning the policy it matches on and match type.
+// uses a *filterctx to cache certain db results.
+func (f *Filter) matchPolicy(
+	ctx *filterctx,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+	policyValues []gtsmodel.PolicyValue,
+) (
+	matchType,
+	gtsmodel.PolicyValue,
+	error,
+) {
+	var (
+		match = none
+		value gtsmodel.PolicyValue
+	)
+
+	for _, p := range policyValues {
+		switch p {
+
+		// Check if anyone
+		// can do this.
+		case gtsmodel.PolicyValuePublic:
+			match = implicit
+			value = gtsmodel.PolicyValuePublic
+
+		// Check if follower
+		// of status owner.
+		case gtsmodel.PolicyValueFollowers:
+			inFollowers, err := f.inFollowers(ctx,
+				requester,
+				status,
+			)
+			if err != nil {
+				return 0, "", err
+			}
+			if inFollowers {
+				match = implicit
+				value = gtsmodel.PolicyValueFollowers
+			}
+
+		// Check if followed
+		// by status owner.
+		case gtsmodel.PolicyValueFollowing:
+			inFollowing, err := f.inFollowing(ctx,
+				requester,
+				status,
+			)
+			if err != nil {
+				return 0, "", err
+			}
+			if inFollowing {
+				match = implicit
+				value = gtsmodel.PolicyValueFollowing
+			}
+
+		// Check if replied-to by or
+		// mentioned in the status.
+		case gtsmodel.PolicyValueMentioned:
+			if (status.InReplyToAccountID == requester.ID) ||
+				status.MentionsAccount(requester.ID) {
+				// Return early as we've
+				// found an explicit match.
+				match = explicit
+				value = gtsmodel.PolicyValueMentioned
+				return match, value, nil
+			}
+
+		// Check if PolicyValue specifies
+		// requester explicitly.
+		default:
+			if string(p) == requester.URI {
+				// Return early as we've
+				// found an explicit match.
+				match = explicit
+				value = gtsmodel.PolicyValue(requester.URI)
+				return match, value, nil
+			}
+		}
+	}
+
+	// Return either "" or "implicit",
+	// and the policy value matched
+	// against (if set).
+	return match, value, nil
+}
+
+// inFollowers returns whether requesting account is following
+// status author, uses *filterctx type for db result caching.
+func (f *Filter) inFollowers(
+	ctx *filterctx,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (
+	bool,
+	error,
+) {
+	if ctx.inFollowersOnce == 0 {
+		var err error
+
+		// Load the 'inFollowers' result from database.
+		ctx.inFollowers, err = f.state.DB.IsFollowing(ctx,
+			requester.ID,
+			status.AccountID,
+		)
+		if err != nil {
+			return false, gtserror.Newf("error checking follow status: %w", err)
+		}
+
+		// Mark value as stored.
+		ctx.inFollowersOnce = 1
+	}
+
+	// Return stored value.
+	return ctx.inFollowers, nil
+}
+
+// inFollowing returns whether status author is following
+// requesting account, uses *filterctx for db result caching.
+func (f *Filter) inFollowing(
+	ctx *filterctx,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (
+	bool,
+	error,
+) {
+	if ctx.inFollowingOnce == 0 {
+		var err error
+
+		// Load the 'inFollowers' result from database.
+		ctx.inFollowing, err = f.state.DB.IsFollowing(ctx,
+			status.AccountID,
+			requester.ID,
+		)
+		if err != nil {
+			return false, gtserror.Newf("error checking follow status: %w", err)
+		}
+
+		// Mark value as stored.
+		ctx.inFollowingOnce = 1
+	}
+
+	// Return stored value.
+	return ctx.inFollowing, nil
+}
+
+// filterctx wraps a context.Context to also
+// store loadable data relevant to a fillter
+// operation from the database, such that it
+// only needs to be loaded once IF required.
+type filterctx struct {
+	context.Context
+
+	inFollowers     bool
+	inFollowersOnce int32
+
+	inFollowing     bool
+	inFollowingOnce int32
+}

internal/filter/visibility/boostable.go

@@ -1,57 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package visibility
-
-import (
-	"context"
-
-	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/log"
-)
-
-// StatusBoostable checks if given status is boostable by requester, checking boolean status visibility to requester and ultimately the AP status visibility setting.
-func (f *Filter) StatusBoostable(ctx context.Context, requester *gtsmodel.Account, status *gtsmodel.Status) (bool, error) {
-	if status.Visibility == gtsmodel.VisibilityDirect {
-		log.Trace(ctx, "direct statuses are not boostable")
-		return false, nil
-	}
-
-	// Check whether status is visible to requesting account.
-	visible, err := f.StatusVisible(ctx, requester, status)
-	if err != nil {
-		return false, err
-	}
-
-	if !visible {
-		log.Trace(ctx, "status not visible to requesting account")
-		return false, nil
-	}
-
-	if requester.ID == status.AccountID {
-		// Status author can always boost non-directs.
-		return true, nil
-	}
-
-	if status.Visibility == gtsmodel.VisibilityFollowersOnly ||
-		status.Visibility == gtsmodel.VisibilityMutualsOnly {
-		log.Trace(ctx, "unauthored %s status not boostable", status.Visibility)
-		return false, nil
-	}
-
-	return true, nil
-}

internal/filter/visibility/boostable_test.go

@@ -1,154 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package visibility_test
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/suite"
-)
-
-type StatusBoostableTestSuite struct {
-	FilterStandardTestSuite
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnPublicBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_1"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnUnlockedBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_2"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyNonInteractiveBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_3"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnMutualsOnlyBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_4"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnFollowersOnlyBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_5"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOwnDirectNotBoostable() {
-	testStatus := suite.testStatuses["local_account_2_status_6"]
-	testAccount := suite.testAccounts["local_account_2"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.False(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOtherPublicBoostable() {
-	testStatus := suite.testStatuses["local_account_2_status_1"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOtherUnlistedBoostable() {
-	testStatus := suite.testStatuses["local_account_1_status_2"]
-	testAccount := suite.testAccounts["local_account_2"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.True(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOtherFollowersOnlyNotBoostable() {
-	testStatus := suite.testStatuses["local_account_2_status_7"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.False(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestOtherDirectNotBoostable() {
-	testStatus := suite.testStatuses["local_account_2_status_6"]
-	testAccount := suite.testAccounts["local_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.False(boostable)
-}
-
-func (suite *StatusBoostableTestSuite) TestRemoteFollowersOnlyNotVisible() {
-	testStatus := suite.testStatuses["local_account_1_status_5"]
-	testAccount := suite.testAccounts["remote_account_1"]
-	ctx := context.Background()
-
-	boostable, err := suite.filter.StatusBoostable(ctx, testAccount, testStatus)
-	suite.NoError(err)
-
-	suite.False(boostable)
-}
-
-func TestStatusBoostableTestSuite(t *testing.T) {
-	suite.Run(t, new(StatusBoostableTestSuite))
-}

internal/filter/visibility/status.go

@@ -25,6 +25,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 // StatusesVisible calls StatusVisible for each status in the statuses slice, and returns a slice of only statuses which are visible to the requester.
@@ -41,8 +42,15 @@ func (f *Filter) StatusesVisible(ctx context.Context, requester *gtsmodel.Accoun
 	return filtered, errs.Combine()
 }
 
-// StatusVisible will check if given status is visible to requester, accounting for requester with no auth (i.e is nil), suspensions, disabled local users, account blocks and status privacy.
+// StatusVisible will check if status is visible to requester,
-func (f *Filter) StatusVisible(ctx context.Context, requester *gtsmodel.Account, status *gtsmodel.Status) (bool, error) {
+// accounting for requester with no auth (i.e is nil), suspensions,
+// disabled local users, pending approvals, account blocks,
+// and status visibility settings.
+func (f *Filter) StatusVisible(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (bool, error) {
 	const vtype = cache.VisibilityTypeStatus
 
 	// By default we assume no auth.
@@ -75,8 +83,14 @@ func (f *Filter) StatusVisible(ctx context.Context, requester *gtsmodel.Account,
 	return visibility.Value, nil
 }
 
-// isStatusVisible will check if status is visible to requester. It is the "meat" of the logic to Filter{}.StatusVisible() which is called within cache loader callback.
+// isStatusVisible will check if status is visible to requester.
-func (f *Filter) isStatusVisible(ctx context.Context, requester *gtsmodel.Account, status *gtsmodel.Status) (bool, error) {
+// It is the "meat" of the logic to Filter{}.StatusVisible()
+// which is called within cache loader callback.
+func (f *Filter) isStatusVisible(
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (bool, error) {
 	// Ensure that status is fully populated for further processing.
 	if err := f.state.DB.PopulateStatus(ctx, status); err != nil {
 		return false, gtserror.Newf("error populating status %s: %w", status.ID, err)
@@ -90,6 +104,14 @@ func (f *Filter) isStatusVisible(ctx context.Context, requester *gtsmodel.Accoun
 		return false, nil
 	}
 
+	if util.PtrOrValue(status.PendingApproval, false) {
+		// Use a different visibility heuristic
+		// for pending approval statuses.
+		return f.isPendingStatusVisible(ctx,
+			requester, status,
+		)
+	}
+
 	if status.Visibility == gtsmodel.VisibilityPublic {
 		// This status will be visible to all.
 		return true, nil
@@ -176,6 +198,41 @@ func (f *Filter) isStatusVisible(ctx context.Context, requester *gtsmodel.Accoun
 	}
 }
 
+func (f *Filter) isPendingStatusVisible(
+	_ context.Context,
+	requester *gtsmodel.Account,
+	status *gtsmodel.Status,
+) (bool, error) {
+	if requester == nil {
+		// Any old tom, dick, and harry can't
+		// see pending-approval statuses,
+		// no matter what their visibility.
+		return false, nil
+	}
+
+	if status.AccountID == requester.ID {
+		// This is requester's status,
+		// so they can always see it.
+		return true, nil
+	}
+
+	if status.InReplyToAccountID == requester.ID {
+		// This status replies to requester,
+		// so they can always see it (else
+		// they can't approve it).
+		return true, nil
+	}
+
+	if status.BoostOfAccountID == requester.ID {
+		// This status boosts requester,
+		// so they can always see it.
+		return true, nil
+	}
+
+	// Nobody else can see this.
+	return false, nil
+}
+
 // areStatusAccountsVisible calls Filter{}.AccountVisible() on status author and the status boost-of (if set) author, returning visibility of status (and boost-of) to requester.
 func (f *Filter) areStatusAccountsVisible(ctx context.Context, requester *gtsmodel.Account, status *gtsmodel.Status) (bool, error) {
 	// Check whether status author's account is visible to requester.

internal/filter/visibility/status_test.go

@@ -23,6 +23,7 @@ import (
 
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 type StatusVisibleTestSuite struct {
@@ -156,6 +157,49 @@ func (suite *StatusVisibleTestSuite) TestStatusNotVisibleIfNotFollowingCached()
 	suite.False(visible)
 }
 
+func (suite *StatusVisibleTestSuite) TestVisiblePending() {
+	ctx := context.Background()
+
+	// Copy the test status and mark
+	// the copy as pending approval.
+	//
+	// This is a status from admin
+	// that replies to zork.
+	testStatus := new(gtsmodel.Status)
+	*testStatus = *suite.testStatuses["admin_account_status_3"]
+	testStatus.PendingApproval = util.Ptr(true)
+
+	for _, testCase := range []struct {
+		acct    *gtsmodel.Account
+		visible bool
+	}{
+		{
+			acct:    suite.testAccounts["admin_account"],
+			visible: true, // Own status, always visible.
+		},
+		{
+			acct:    suite.testAccounts["local_account_1"],
+			visible: true, // Reply to zork, always visible.
+		},
+		{
+			acct:    suite.testAccounts["local_account_2"],
+			visible: false, // None of their business.
+		},
+		{
+			acct:    suite.testAccounts["remote_account_1"],
+			visible: false, // None of their business.
+		},
+		{
+			acct:    nil,   // Unauthed request.
+			visible: false, // None of their business.
+		},
+	} {
+		visible, err := suite.filter.StatusVisible(ctx, testCase.acct, testStatus)
+		suite.NoError(err)
+		suite.Equal(testCase.visible, visible)
+	}
+}
+
 func TestStatusVisibleTestSuite(t *testing.T) {
 	suite.Run(t, new(StatusVisibleTestSuite))
 }

internal/gtsmodel/interactionpolicy.go

@@ -111,26 +111,74 @@ func (p PolicyValue) FeasibleForVisibility(v Visibility) bool {
 
 type PolicyValues []PolicyValue
 
-// PolicyResult represents the result of
+// PolicyPermission represents the permission
-// checking an Actor URI and interaction
+// state for a certain Actor URI and interaction
-// type against the conditions of an
+// type, in relation to a policy.
-// InteractionPolicy to determine if that
+type PolicyPermission int
-// interaction is permitted.
-type PolicyResult int
 
 const (
 	// Interaction is forbidden for this
 	// PolicyValue + interaction combination.
-	PolicyResultForbidden PolicyResult = iota
+	PolicyPermissionForbidden PolicyPermission = iota
 	// Interaction is conditionally permitted
 	// for this PolicyValue + interaction combo,
 	// pending approval by the item owner.
-	PolicyResultWithApproval
+	PolicyPermissionWithApproval
 	// Interaction is permitted for this
 	// PolicyValue + interaction combination.
-	PolicyResultPermitted
+	PolicyPermissionPermitted
 )
 
+// PolicyCheckResult encapsulates the results
+// of checking a certain Actor URI + type
+// of interaction against an interaction policy.
+type PolicyCheckResult struct {
+	// Permission permitted /
+	// with approval / forbidden.
+	Permission PolicyPermission
+
+	// Value that this check matched on.
+	// Only set if Permission = permitted.
+	PermittedMatchedOn *PolicyValue
+}
+
+// MatchedOnCollection returns true if this policy check
+// result turned up Permitted, and matched based on the
+// requester's presence in a followers or following collection.
+func (pcr *PolicyCheckResult) MatchedOnCollection() bool {
+	if !pcr.Permitted() {
+		// Not permitted at all
+		// so definitely didn't
+		// match on collection.
+		return false
+	}
+
+	if pcr.PermittedMatchedOn == nil {
+		return false
+	}
+
+	return *pcr.PermittedMatchedOn == PolicyValueFollowers ||
+		*pcr.PermittedMatchedOn == PolicyValueFollowing
+}
+
+// Permitted returns true if this policy
+// check resulted in Permission = permitted.
+func (pcr *PolicyCheckResult) Permitted() bool {
+	return pcr.Permission == PolicyPermissionPermitted
+}
+
+// Permitted returns true if this policy
+// check resulted in Permission = with approval.
+func (pcr *PolicyCheckResult) WithApproval() bool {
+	return pcr.Permission == PolicyPermissionWithApproval
+}
+
+// Permitted returns true if this policy
+// check resulted in Permission = forbidden.
+func (pcr *PolicyCheckResult) Forbidden() bool {
+	return pcr.Permission == PolicyPermissionForbidden
+}
+
 // An InteractionPolicy determines which
 // interactions will be accepted for an
 // item, and according to what rules.

internal/processing/account/account.go

@@ -38,7 +38,7 @@ type Processor struct {
 	state        *state.State
 	converter    *typeutils.Converter
 	mediaManager *media.Manager
-	filter       *visibility.Filter
+	visFilter    *visibility.Filter
 	formatter    *text.Formatter
 	federator    *federation.Federator
 	parseMention gtsmodel.ParseMentionFunc
@@ -52,7 +52,7 @@ func New(
 	converter *typeutils.Converter,
 	mediaManager *media.Manager,
 	federator *federation.Federator,
-	filter *visibility.Filter,
+	visFilter *visibility.Filter,
 	parseMention gtsmodel.ParseMentionFunc,
 ) Processor {
 	return Processor{
@@ -60,7 +60,7 @@ func New(
 		state:        state,
 		converter:    converter,
 		mediaManager: mediaManager,
-		filter:       filter,
+		visFilter:    visFilter,
 		formatter:    text.NewFormatter(state.DB),
 		federator:    federator,
 		parseMention: parseMention,

internal/processing/account/bookmarks.go

@@ -64,7 +64,7 @@ func (p *Processor) BookmarksGet(ctx context.Context, requestingAccount *gtsmode
 			return nil, gtserror.NewErrorInternalError(err) // A real error has occurred.
 		}
 
-		visible, err := p.filter.StatusVisible(ctx, requestingAccount, status)
+		visible, err := p.visFilter.StatusVisible(ctx, requestingAccount, status)
 		if err != nil {
 			log.Errorf(ctx, "error checking bookmarked status visibility: %s", err)
 			continue

internal/processing/account/lists.go

@@ -42,7 +42,7 @@ func (p *Processor) ListsGet(ctx context.Context, requestingAccount *gtsmodel.Ac
 		return nil, gtserror.NewErrorInternalError(fmt.Errorf("db error: %w", err))
 	}
 
-	visible, err := p.filter.AccountVisible(ctx, requestingAccount, targetAccount)
+	visible, err := p.visFilter.AccountVisible(ctx, requestingAccount, targetAccount)
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(fmt.Errorf("db error: %w", err))
 	}

internal/processing/account/statuses.go

@@ -92,7 +92,7 @@ func (p *Processor) StatusesGet(
 
 	// Filtering + serialization process is the same for
 	// both pinned status queries and 'normal' ones.
-	filtered, err := p.filter.StatusesVisible(ctx, requestingAccount, statuses)
+	filtered, err := p.visFilter.StatusesVisible(ctx, requestingAccount, statuses)
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
 	}

internal/processing/admin/admin_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
@@ -114,6 +115,8 @@ func (suite *AdminStandardTestSuite) SetupTest() {
 		suite.mediaManager,
 		&suite.state,
 		suite.emailSender,
+		visibility.NewFilter(&suite.state),
+		interaction.NewFilter(&suite.state),
 	)
 
 	testrig.StartWorkers(&suite.state, suite.processor.Workers())

internal/processing/common/account.go

@@ -55,7 +55,7 @@ func (p *Processor) GetTargetAccountBy(
 	}
 
 	// Check whether target account is visible to requesting account.
-	visible, err = p.filter.AccountVisible(ctx, requester, target)
+	visible, err = p.visFilter.AccountVisible(ctx, requester, target)
 	if err != nil {
 		return nil, false, gtserror.NewErrorInternalError(err)
 	}
@@ -241,7 +241,7 @@ func (p *Processor) getVisibleAPIAccounts(
 		}
 
 		// Check whether this account is visible to requesting account.
-		visible, err := p.filter.AccountVisible(ctx, requester, account)
+		visible, err := p.visFilter.AccountVisible(ctx, requester, account)
 		if err != nil {
 			l.Errorf("error checking account visibility: %v", err)
 			continue

internal/processing/common/common.go

@@ -33,7 +33,7 @@ type Processor struct {
 	media     *media.Manager
 	converter *typeutils.Converter
 	federator *federation.Federator
-	filter    *visibility.Filter
+	visFilter *visibility.Filter
 }
 
 // New returns a new Processor instance.
@@ -42,13 +42,13 @@ func New(
 	media *media.Manager,
 	converter *typeutils.Converter,
 	federator *federation.Federator,
-	filter *visibility.Filter,
+	visFilter *visibility.Filter,
 ) Processor {
 	return Processor{
 		state:     state,
 		media:     media,
 		converter: converter,
 		federator: federator,
-		filter:    filter,
+		visFilter: visFilter,
 	}
 }

internal/processing/common/status.go

@@ -63,7 +63,7 @@ func (p *Processor) GetTargetStatusBy(
 	}
 
 	// Check whether target status is visible to requesting account.
-	visible, err = p.filter.StatusVisible(ctx, requester, target)
+	visible, err = p.visFilter.StatusVisible(ctx, requester, target)
 	if err != nil {
 		return nil, false, gtserror.NewErrorInternalError(err)
 	}

internal/processing/fedi/fedi.go

@@ -32,7 +32,7 @@ type Processor struct {
 	state     *state.State
 	federator *federation.Federator
 	converter *typeutils.Converter
-	filter    *visibility.Filter
+	visFilter *visibility.Filter
 }
 
 // New returns a
@@ -42,13 +42,13 @@ func New(
 	common *common.Processor,
 	converter *typeutils.Converter,
 	federator *federation.Federator,
-	filter *visibility.Filter,
+	visFilter *visibility.Filter,
 ) Processor {
 	return Processor{
 		c:         common,
 		state:     state,
 		federator: federator,
 		converter: converter,
-		filter:    filter,
+		visFilter: visFilter,
 	}
 }

internal/processing/fedi/status.go

@@ -68,7 +68,7 @@ func (p *Processor) StatusGet(ctx context.Context, requestedUser string, statusI
 		return nil, gtserror.NewErrorNotFound(errors.New(text))
 	}
 
-	visible, err := p.filter.StatusVisible(ctx, requestingAcct, status)
+	visible, err := p.visFilter.StatusVisible(ctx, requestingAcct, status)
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
 	}
@@ -163,7 +163,7 @@ func (p *Processor) StatusRepliesGet(
 	}
 
 	// Reslice replies dropping all those invisible to requester.
-	replies, err = p.filter.StatusesVisible(ctx, requestingAcct, replies)
+	replies, err = p.visFilter.StatusesVisible(ctx, requestingAcct, replies)
 	if err != nil {
 		err := gtserror.Newf("error filtering status replies: %w", err)
 		return nil, gtserror.NewErrorInternalError(err)

internal/processing/processor.go

@@ -21,6 +21,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	mm "github.com/superseriousbusiness/gotosocial/internal/media"
@@ -173,11 +174,10 @@ func NewProcessor(
 	mediaManager *mm.Manager,
 	state *state.State,
 	emailSender email.Sender,
+	visFilter *visibility.Filter,
+	intFilter *interaction.Filter,
 ) *Processor {
-	var (
+	var parseMentionFunc = GetParseMentionFunc(state, federator)
-		parseMentionFunc = GetParseMentionFunc(state, federator)
-		filter           = visibility.NewFilter(state)
-	)
 
 	processor := &Processor{
 		converter:        converter,
@@ -191,26 +191,26 @@ func NewProcessor(
 	//
 	// Start with sub processors that will
 	// be required by the workers processor.
-	common := common.New(state, mediaManager, converter, federator, filter)
+	common := common.New(state, mediaManager, converter, federator, visFilter)
-	processor.account = account.New(&common, state, converter, mediaManager, federator, filter, parseMentionFunc)
+	processor.account = account.New(&common, state, converter, mediaManager, federator, visFilter, parseMentionFunc)
 	processor.media = media.New(&common, state, converter, federator, mediaManager, federator.TransportController())
 	processor.stream = stream.New(state, oauthServer)
 
 	// Instantiate the rest of the sub
 	// processors + pin them to this struct.
-	processor.account = account.New(&common, state, converter, mediaManager, federator, filter, parseMentionFunc)
+	processor.account = account.New(&common, state, converter, mediaManager, federator, visFilter, parseMentionFunc)
 	processor.admin = admin.New(&common, state, cleaner, federator, converter, mediaManager, federator.TransportController(), emailSender)
-	processor.conversations = conversations.New(state, converter, filter)
+	processor.conversations = conversations.New(state, converter, visFilter)
-	processor.fedi = fedi.New(state, &common, converter, federator, filter)
+	processor.fedi = fedi.New(state, &common, converter, federator, visFilter)
 	processor.filtersv1 = filtersv1.New(state, converter, &processor.stream)
 	processor.filtersv2 = filtersv2.New(state, converter, &processor.stream)
 	processor.list = list.New(state, converter)
 	processor.markers = markers.New(state, converter)
 	processor.polls = polls.New(&common, state, converter)
 	processor.report = report.New(state, converter)
-	processor.timeline = timeline.New(state, converter, filter)
+	processor.timeline = timeline.New(state, converter, visFilter)
-	processor.search = search.New(state, federator, converter, filter)
+	processor.search = search.New(state, federator, converter, visFilter)
-	processor.status = status.New(state, &common, &processor.polls, federator, converter, filter, parseMentionFunc)
+	processor.status = status.New(state, &common, &processor.polls, federator, converter, visFilter, intFilter, parseMentionFunc)
 	processor.user = user.New(state, converter, oauthServer, emailSender)
 
 	// The advanced migrations processor sequences advanced migrations from all other processors.
@@ -223,7 +223,7 @@ func NewProcessor(
 		state,
 		federator,
 		converter,
-		filter,
+		visFilter,
 		emailSender,
 		&processor.account,
 		&processor.media,

internal/processing/processor_test.go

@@ -25,6 +25,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
@@ -122,7 +123,17 @@ func (suite *ProcessingStandardTestSuite) SetupTest() {
 	suite.oauthServer = testrig.NewTestOauthServer(suite.db)
 	suite.emailSender = testrig.NewEmailSender("../../web/template/", nil)
 
-	suite.processor = processing.NewProcessor(cleaner.New(&suite.state), suite.typeconverter, suite.federator, suite.oauthServer, suite.mediaManager, &suite.state, suite.emailSender)
+	suite.processor = processing.NewProcessor(
+		cleaner.New(&suite.state),
+		suite.typeconverter,
+		suite.federator,
+		suite.oauthServer,
+		suite.mediaManager,
+		&suite.state,
+		suite.emailSender,
+		visibility.NewFilter(&suite.state),
+		interaction.NewFilter(&suite.state),
+	)
 	testrig.StartWorkers(&suite.state, suite.processor.Workers())
 
 	testrig.StandardDBSetup(suite.db, suite.testAccounts)

internal/processing/search/search.go

@@ -28,15 +28,15 @@ type Processor struct {
 	state     *state.State
 	federator *federation.Federator
 	converter *typeutils.Converter
-	filter    *visibility.Filter
+	visFilter *visibility.Filter
 }
 
 // New returns a new status processor.
-func New(state *state.State, federator *federation.Federator, converter *typeutils.Converter, filter *visibility.Filter) Processor {
+func New(state *state.State, federator *federation.Federator, converter *typeutils.Converter, visFilter *visibility.Filter) Processor {
 	return Processor{
 		state:     state,
 		federator: federator,
 		converter: converter,
-		filter:    filter,
+		visFilter: visFilter,
 	}
 }

internal/processing/search/util.go

@@ -103,7 +103,7 @@ func (p *Processor) packageStatuses(
 
 	for _, status := range statuses {
 		// Ensure requester can see result status.
-		visible, err := p.filter.StatusVisible(ctx, requestingAccount, status)
+		visible, err := p.visFilter.StatusVisible(ctx, requestingAccount, status)
 		if err != nil {
 			err = gtserror.Newf("error checking visibility of status %s for account %s: %w", status.ID, requestingAccount.ID, err)
 			return nil, gtserror.NewErrorInternalError(err)

internal/processing/status/boost.go

@@ -66,7 +66,7 @@ func (p *Processor) BoostCreate(
 	}
 
 	// Ensure valid boost target for requester.
-	boostable, err := p.filter.StatusBoostable(ctx,
+	policyResult, err := p.intFilter.StatusBoostable(ctx,
 		requester,
 		target,
 	)
@@ -75,12 +75,14 @@ func (p *Processor) BoostCreate(
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
-	if !boostable {
+	if policyResult.Forbidden() {
-		err := gtserror.New("status is not boostable")
+		const errText = "you do not have permission to boost this status"
-		return nil, gtserror.NewErrorNotFound(err)
+		err := gtserror.New(errText)
+		return nil, gtserror.NewErrorForbidden(err, errText)
 	}
 
-	// Status is visible and boostable.
+	// Status is visible and boostable
+	// (though maybe pending approval).
 	boost, err := p.converter.StatusToBoost(ctx,
 		target,
 		requester,
@@ -90,6 +92,29 @@ func (p *Processor) BoostCreate(
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
+	// Derive pendingApproval status.
+	var pendingApproval bool
+	switch {
+	case policyResult.WithApproval():
+		// We're allowed to do
+		// this pending approval.
+		pendingApproval = true
+
+	case policyResult.MatchedOnCollection():
+		// We're permitted to do this, but since
+		// we matched due to presence in a followers
+		// or following collection, we should mark
+		// as pending approval and wait for an accept.
+		pendingApproval = true
+
+	case policyResult.Permitted():
+		// We're permitted to do this
+		// based on another kind of match.
+		pendingApproval = false
+	}
+
+	boost.PendingApproval = &pendingApproval
+
 	// Store the new boost.
 	if err := p.state.DB.PutStatus(ctx, boost); err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
@@ -184,7 +209,7 @@ func (p *Processor) StatusBoostedBy(ctx context.Context, requestingAccount *gtsm
 		targetStatus = boostedStatus
 	}
 
-	visible, err := p.filter.StatusVisible(ctx, requestingAccount, targetStatus)
+	visible, err := p.visFilter.StatusVisible(ctx, requestingAccount, targetStatus)
 	if err != nil {
 		err = fmt.Errorf("BoostedBy: error seeing if status %s is visible: %s", targetStatus.ID, err)
 		return nil, gtserror.NewErrorNotFound(err)

internal/processing/status/context.go

@@ -341,7 +341,7 @@ func (p *Processor) ContextGet(
 	// Convert ancestors + filter
 	// out ones that aren't visible.
 	for _, status := range threadContext.ancestors {
-		if v, err := p.filter.StatusVisible(ctx, requester, status); err == nil && v {
+		if v, err := p.visFilter.StatusVisible(ctx, requester, status); err == nil && v {
 			status, err := convert(ctx, status, requester)
 			if err == nil {
 				apiContext.Ancestors = append(apiContext.Ancestors, *status)
@@ -352,7 +352,7 @@ func (p *Processor) ContextGet(
 	// Convert descendants + filter
 	// out ones that aren't visible.
 	for _, status := range threadContext.descendants {
-		if v, err := p.filter.StatusVisible(ctx, requester, status); err == nil && v {
+		if v, err := p.visFilter.StatusVisible(ctx, requester, status); err == nil && v {
 			status, err := convert(ctx, status, requester)
 			if err == nil {
 				apiContext.Descendants = append(apiContext.Descendants, *status)
@@ -453,7 +453,7 @@ func (p *Processor) WebContextGet(
 		// Ensure status is actually
 		// visible to just anyone, and
 		// hide / don't include it if not.
-		v, err := p.filter.StatusVisible(ctx, nil, status)
+		v, err := p.visFilter.StatusVisible(ctx, nil, status)
 		if err != nil || !v {
 			if !inReplies {
 				// Main thread entry hidden.

internal/processing/status/create.go

@@ -169,6 +169,8 @@ func (p *Processor) Create(
 
 func (p *Processor) processInReplyTo(ctx context.Context, requester *gtsmodel.Account, status *gtsmodel.Status, inReplyToID string) gtserror.WithCode {
 	if inReplyToID == "" {
+		// Not a reply.
+		// Nothing to do.
 		return nil
 	}
 
@@ -191,6 +193,45 @@ func (p *Processor) processInReplyTo(ctx context.Context, requester *gtsmodel.Ac
 		return errWithCode
 	}
 
+	// Ensure valid reply target for requester.
+	policyResult, err := p.intFilter.StatusReplyable(ctx,
+		requester,
+		inReplyTo,
+	)
+	if err != nil {
+		err := gtserror.Newf("error seeing if status %s is replyable: %w", status.ID, err)
+		return gtserror.NewErrorInternalError(err)
+	}
+
+	if policyResult.Forbidden() {
+		const errText = "you do not have permission to reply to this status"
+		err := gtserror.New(errText)
+		return gtserror.NewErrorForbidden(err, errText)
+	}
+
+	// Derive pendingApproval status.
+	var pendingApproval bool
+	switch {
+	case policyResult.WithApproval():
+		// We're allowed to do
+		// this pending approval.
+		pendingApproval = true
+
+	case policyResult.MatchedOnCollection():
+		// We're permitted to do this, but since
+		// we matched due to presence in a followers
+		// or following collection, we should mark
+		// as pending approval and wait for an accept.
+		pendingApproval = true
+
+	case policyResult.Permitted():
+		// We're permitted to do this
+		// based on another kind of match.
+		pendingApproval = false
+	}
+
+	status.PendingApproval = &pendingApproval
+
 	// Set status fields from inReplyTo.
 	status.InReplyToID = inReplyTo.ID
 	status.InReplyTo = inReplyTo

internal/processing/status/fave.go

@@ -72,28 +72,73 @@ func (p *Processor) getFaveableStatus(
 }
 
 // FaveCreate adds a fave for the requestingAccount, targeting the given status (no-op if fave already exists).
-func (p *Processor) FaveCreate(ctx context.Context, requestingAccount *gtsmodel.Account, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
+func (p *Processor) FaveCreate(
-	targetStatus, existingFave, errWithCode := p.getFaveableStatus(ctx, requestingAccount, targetStatusID)
+	ctx context.Context,
+	requester *gtsmodel.Account,
+	targetStatusID string,
+) (*apimodel.Status, gtserror.WithCode) {
+	status, existingFave, errWithCode := p.getFaveableStatus(ctx, requester, targetStatusID)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
 
 	if existingFave != nil {
 		// Status is already faveed.
-		return p.c.GetAPIStatus(ctx, requestingAccount, targetStatus)
+		return p.c.GetAPIStatus(ctx, requester, status)
 	}
 
-	// Create and store a new fave
+	// Ensure valid fave target for requester.
+	policyResult, err := p.intFilter.StatusLikeable(ctx,
+		requester,
+		status,
+	)
+	if err != nil {
+		err := gtserror.Newf("error seeing if status %s is likeable: %w", status.ID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if policyResult.Forbidden() {
+		const errText = "you do not have permission to fave this status"
+		err := gtserror.New(errText)
+		return nil, gtserror.NewErrorForbidden(err, errText)
+	}
+
+	// Derive pendingApproval status.
+	var pendingApproval bool
+	switch {
+	case policyResult.WithApproval():
+		// We're allowed to do
+		// this pending approval.
+		pendingApproval = true
+
+	case policyResult.MatchedOnCollection():
+		// We're permitted to do this, but since
+		// we matched due to presence in a followers
+		// or following collection, we should mark
+		// as pending approval and wait for an accept.
+		pendingApproval = true
+
+	case policyResult.Permitted():
+		// We're permitted to do this
+		// based on another kind of match.
+		pendingApproval = false
+	}
+
+	status.PendingApproval = &pendingApproval
+
+	// Create a new fave, marking it
+	// as pending approval if necessary.
 	faveID := id.NewULID()
 	gtsFave := &gtsmodel.StatusFave{
 		ID:              faveID,
-		AccountID:       requestingAccount.ID,
+		AccountID:       requester.ID,
-		Account:         requestingAccount,
+		Account:         requester,
-		TargetAccountID: targetStatus.AccountID,
+		TargetAccountID: status.AccountID,
-		TargetAccount:   targetStatus.Account,
+		TargetAccount:   status.Account,
-		StatusID:        targetStatus.ID,
+		StatusID:        status.ID,
-		Status:          targetStatus,
+		Status:          status,
-		URI:             uris.GenerateURIForLike(requestingAccount.Username, faveID),
+		URI:             uris.GenerateURIForLike(requester.Username, faveID),
+		PendingApproval: &pendingApproval,
 	}
 
 	if err := p.state.DB.PutStatusFave(ctx, gtsFave); err != nil {
@@ -106,11 +151,11 @@ func (p *Processor) FaveCreate(ctx context.Context, requestingAccount *gtsmodel.
 		APObjectType:   ap.ActivityLike,
 		APActivityType: ap.ActivityCreate,
 		GTSModel:       gtsFave,
-		Origin:         requestingAccount,
+		Origin:         requester,
-		Target:         targetStatus.Account,
+		Target:         status.Account,
 	})
 
-	return p.c.GetAPIStatus(ctx, requestingAccount, targetStatus)
+	return p.c.GetAPIStatus(ctx, requester, status)
 }
 
 // FaveRemove removes a fave for the requesting account, targeting the given status (no-op if fave doesn't exist).

internal/processing/status/status.go

@@ -19,6 +19,7 @@ package status
 
 import (
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/common"
@@ -35,7 +36,8 @@ type Processor struct {
 	state        *state.State
 	federator    *federation.Federator
 	converter    *typeutils.Converter
-	filter       *visibility.Filter
+	visFilter    *visibility.Filter
+	intFilter    *interaction.Filter
 	formatter    *text.Formatter
 	parseMention gtsmodel.ParseMentionFunc
 
@@ -50,7 +52,8 @@ func New(
 	polls *polls.Processor,
 	federator *federation.Federator,
 	converter *typeutils.Converter,
-	filter *visibility.Filter,
+	visFilter *visibility.Filter,
+	intFilter *interaction.Filter,
 	parseMention gtsmodel.ParseMentionFunc,
 ) Processor {
 	return Processor{
@@ -58,7 +61,8 @@ func New(
 		state:        state,
 		federator:    federator,
 		converter:    converter,
-		filter:       filter,
+		visFilter:    visFilter,
+		intFilter:    intFilter,
 		formatter:    text.NewFormatter(state.DB),
 		parseMention: parseMention,
 		polls:        polls,

internal/processing/status/status_test.go

@@ -21,6 +21,7 @@ import (
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
@@ -89,16 +90,30 @@ func (suite *StatusStandardTestSuite) SetupTest() {
 	suite.mediaManager = testrig.NewTestMediaManager(&suite.state)
 	suite.federator = testrig.NewTestFederator(&suite.state, suite.tc, suite.mediaManager)
 
-	filter := visibility.NewFilter(&suite.state)
+	visFilter := visibility.NewFilter(&suite.state)
+	intFilter := interaction.NewFilter(&suite.state)
 	testrig.StartTimelines(
 		&suite.state,
-		filter,
+		visFilter,
 		suite.typeConverter,
 	)
 
-	common := common.New(&suite.state, suite.mediaManager, suite.typeConverter, suite.federator, filter)
+	common := common.New(&suite.state, suite.mediaManager, suite.typeConverter, suite.federator, visFilter)
 	polls := polls.New(&common, &suite.state, suite.typeConverter)
-	suite.status = status.New(&suite.state, &common, &polls, suite.federator, suite.typeConverter, filter, processing.GetParseMentionFunc(&suite.state, suite.federator))
+
+	suite.status = status.New(
+		&suite.state,
+		&common,
+		&polls,
+		suite.federator,
+		suite.typeConverter,
+		visFilter,
+		intFilter,
+		processing.GetParseMentionFunc(
+			&suite.state,
+			suite.federator,
+		),
+	)
 
 	testrig.StandardDBSetup(suite.db, suite.testAccounts)
 	testrig.StandardStorageSetup(suite.storage, "../../../testrig/media")

internal/processing/stream/statusupdate_test.go

@@ -133,19 +133,22 @@ func (suite *StatusUpdateTestSuite) TestStreamNotification() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }

internal/processing/timeline/faved.go

@@ -45,7 +45,7 @@ func (p *Processor) FavedTimelineGet(ctx context.Context, authed *oauth.Auth, ma
 
 	items := make([]interface{}, 0, count)
 	for _, s := range statuses {
-		visible, err := p.filter.StatusVisible(ctx, authed.Account, s)
+		visible, err := p.visFilter.StatusVisible(ctx, authed.Account, s)
 		if err != nil {
 			log.Errorf(ctx, "error checking status visibility: %v", err)
 			continue

internal/processing/timeline/home.go

@@ -62,7 +62,7 @@ func HomeTimelineGrab(state *state.State) timeline.GrabFunction {
 }
 
 // HomeTimelineFilter returns a function that satisfies FilterFunction for home timelines.
-func HomeTimelineFilter(state *state.State, filter *visibility.Filter) timeline.FilterFunction {
+func HomeTimelineFilter(state *state.State, visFilter *visibility.Filter) timeline.FilterFunction {
 	return func(ctx context.Context, accountID string, item timeline.Timelineable) (shouldIndex bool, err error) {
 		status, ok := item.(*gtsmodel.Status)
 		if !ok {
@@ -76,7 +76,7 @@ func HomeTimelineFilter(state *state.State, filter *visibility.Filter) timeline.
 			return false, err
 		}
 
-		timelineable, err := filter.StatusHomeTimelineable(ctx, requestingAccount, status)
+		timelineable, err := visFilter.StatusHomeTimelineable(ctx, requestingAccount, status)
 		if err != nil {
 			err = gtserror.Newf("error checking hometimelineability of status %s for account %s: %w", status.ID, accountID, err)
 			return false, err

internal/processing/timeline/list.go

@@ -62,7 +62,7 @@ func ListTimelineGrab(state *state.State) timeline.GrabFunction {
 }
 
 // ListTimelineFilter returns a function that satisfies FilterFunction for list timelines.
-func ListTimelineFilter(state *state.State, filter *visibility.Filter) timeline.FilterFunction {
+func ListTimelineFilter(state *state.State, visFilter *visibility.Filter) timeline.FilterFunction {
 	return func(ctx context.Context, listID string, item timeline.Timelineable) (shouldIndex bool, err error) {
 		status, ok := item.(*gtsmodel.Status)
 		if !ok {
@@ -82,7 +82,7 @@ func ListTimelineFilter(state *state.State, filter *visibility.Filter) timeline.
 			return false, err
 		}
 
-		timelineable, err := filter.StatusHomeTimelineable(ctx, requestingAccount, status)
+		timelineable, err := visFilter.StatusHomeTimelineable(ctx, requestingAccount, status)
 		if err != nil {
 			err = gtserror.Newf("error checking hometimelineability of status %s for account %s: %w", status.ID, list.AccountID, err)
 			return false, err

internal/processing/timeline/notification.go

@@ -190,7 +190,7 @@ func (p *Processor) notifVisible(
 			return true, nil
 		}
 
-		visible, err := p.filter.AccountVisible(ctx, acct, n.OriginAccount)
+		visible, err := p.visFilter.AccountVisible(ctx, acct, n.OriginAccount)
 		if err != nil {
 			return false, err
 		}
@@ -203,7 +203,7 @@ func (p *Processor) notifVisible(
 	// If status is set, ensure it's
 	// visible to notif target.
 	if n.Status != nil {
-		visible, err := p.filter.StatusVisible(ctx, acct, n.Status)
+		visible, err := p.visFilter.StatusVisible(ctx, acct, n.Status)
 		if err != nil {
 			return false, err
 		}

internal/processing/timeline/public.go

@@ -98,7 +98,7 @@ outer:
 			// we end up filtering it out or not.
 			nextMaxIDValue = s.ID
 
-			timelineable, err := p.filter.StatusPublicTimelineable(ctx, requester, s)
+			timelineable, err := p.visFilter.StatusPublicTimelineable(ctx, requester, s)
 			if err != nil {
 				log.Errorf(ctx, "error checking status visibility: %v", err)
 				continue inner

internal/processing/timeline/tag.go

@@ -128,7 +128,7 @@ func (p *Processor) packageTagResponse(
 	compiledMutes := usermute.NewCompiledUserMuteList(mutes)
 
 	for _, s := range statuses {
-		timelineable, err := p.filter.StatusTagTimelineable(ctx, requestingAcct, s)
+		timelineable, err := p.visFilter.StatusTagTimelineable(ctx, requestingAcct, s)
 		if err != nil {
 			log.Errorf(ctx, "error checking status visibility: %v", err)
 			continue

internal/processing/timeline/timeline.go

@@ -26,13 +26,13 @@ import (
 type Processor struct {
 	state     *state.State
 	converter *typeutils.Converter
-	filter    *visibility.Filter
+	visFilter *visibility.Filter
 }
 
-func New(state *state.State, converter *typeutils.Converter, filter *visibility.Filter) Processor {
+func New(state *state.State, converter *typeutils.Converter, visFilter *visibility.Filter) Processor {
 	return Processor{
 		state:     state,
 		converter: converter,
-		filter:    filter,
+		visFilter: visFilter,
 	}
 }

internal/processing/workers/fromfediapi_test.go

@@ -45,8 +45,12 @@ func (suite *FromFediAPITestSuite) TestProcessFederationAnnounce() {
 	testStructs := suite.SetupTestStructs()
 	defer suite.TearDownTestStructs(testStructs)
 
-	boostedStatus := suite.testStatuses["local_account_1_status_1"]
+	boostedStatus := &gtsmodel.Status{}
-	boostingAccount := suite.testAccounts["remote_account_1"]
+	*boostedStatus = *suite.testStatuses["local_account_1_status_1"]
+
+	boostingAccount := &gtsmodel.Account{}
+	*boostingAccount = *suite.testAccounts["remote_account_1"]
+
 	announceStatus := &gtsmodel.Status{}
 	announceStatus.URI = "https://example.org/some-announce-uri"
 	announceStatus.BoostOfURI = boostedStatus.URI
@@ -64,13 +68,25 @@ func (suite *FromFediAPITestSuite) TestProcessFederationAnnounce() {
 		Receiving:      suite.testAccounts["local_account_1"],
 		Requesting:     boostingAccount,
 	})
-	suite.NoError(err)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
 
-	// side effects should be triggered
+	// Wait for side effects to trigger:
 	// 1. status should have an ID, and be in the database
-	suite.NotEmpty(announceStatus.ID)
+	if !testrig.WaitFor(func() bool {
-	_, err = testStructs.State.DB.GetStatusByID(context.Background(), announceStatus.ID)
+		if announceStatus.ID == "" {
-	suite.NoError(err)
+			return false
+		}
+
+		_, err = testStructs.State.DB.GetStatusByID(
+			context.Background(),
+			announceStatus.ID,
+		)
+		return err == nil
+	}) {
+		suite.FailNow("timed out waiting for announce to be in the database")
+	}
 
 	// 2. a notification should exist for the announce
 	where := []db.Where{
@@ -89,78 +105,89 @@ func (suite *FromFediAPITestSuite) TestProcessFederationAnnounce() {
 	suite.False(*notif.Read)
 }
 
-// Todo: fix this test up in interaction policies PR.
+func (suite *FromFediAPITestSuite) TestProcessReplyMention() {
-// func (suite *FromFediAPITestSuite) TestProcessReplyMention() {
+	testStructs := suite.SetupTestStructs()
-// 	testStructs := suite.SetupTestStructs()
+	defer suite.TearDownTestStructs(testStructs)
-// 	defer suite.TearDownTestStructs(testStructs)
 
-// 	repliedAccount := suite.testAccounts["local_account_1"]
+	repliedAccount := &gtsmodel.Account{}
-// 	repliedStatus := suite.testStatuses["local_account_1_status_1"]
+	*repliedAccount = *suite.testAccounts["local_account_1"]
-// 	replyingAccount := suite.testAccounts["remote_account_1"]
 
-// 	// Set the replyingAccount's last fetched_at
+	repliedStatus := &gtsmodel.Status{}
-// 	// date to something recent so no refresh is attempted,
+	*repliedStatus = *suite.testStatuses["local_account_1_status_1"]
-// 	// and ensure it isn't a suspended account.
-// 	replyingAccount.FetchedAt = time.Now()
-// 	replyingAccount.SuspendedAt = time.Time{}
-// 	replyingAccount.SuspensionOrigin = ""
-// 	err := testStructs.State.DB.UpdateAccount(context.Background(),
-// 		replyingAccount,
-// 		"fetched_at",
-// 		"suspended_at",
-// 		"suspension_origin",
-// 	)
-// 	suite.NoError(err)
 
-// 	// Get replying statusable to use from remote test statuses.
+	replyingAccount := &gtsmodel.Account{}
-// 	const replyingURI = "http://fossbros-anonymous.io/users/foss_satan/statuses/106221634728637552"
+	*replyingAccount = *suite.testAccounts["remote_account_1"]
-// 	replyingStatusable := testrig.NewTestFediStatuses()[replyingURI]
-// 	ap.AppendInReplyTo(replyingStatusable, testrig.URLMustParse(repliedStatus.URI))
 
-// 	// Open a websocket stream to later test the streamed status reply.
+	// Set the replyingAccount's last fetched_at
-// 	wssStream, errWithCode := testStructs.Processor.Stream().Open(context.Background(), repliedAccount, stream.TimelineHome)
+	// date to something recent so no refresh is attempted,
-// 	suite.NoError(errWithCode)
+	// and ensure it isn't a suspended account.
+	replyingAccount.FetchedAt = time.Now()
+	replyingAccount.SuspendedAt = time.Time{}
+	replyingAccount.SuspensionOrigin = ""
+	err := testStructs.State.DB.UpdateAccount(context.Background(),
+		replyingAccount,
+		"fetched_at",
+		"suspended_at",
+		"suspension_origin",
+	)
+	suite.NoError(err)
 
-// 	// Send the replied status off to the fedi worker to be further processed.
+	// Get replying statusable to use from remote test statuses.
-// 	err = testStructs.Processor.Workers().ProcessFromFediAPI(context.Background(), &messages.FromFediAPI{
+	const replyingURI = "http://fossbros-anonymous.io/users/foss_satan/statuses/106221634728637552"
-// 		APObjectType:   ap.ObjectNote,
+	replyingStatusable := testrig.NewTestFediStatuses()[replyingURI]
-// 		APActivityType: ap.ActivityCreate,
+	ap.AppendInReplyTo(replyingStatusable, testrig.URLMustParse(repliedStatus.URI))
-// 		APObject:       replyingStatusable,
-// 		Receiving:      repliedAccount,
-// 		Requesting:     replyingAccount,
-// 	})
-// 	suite.NoError(err)
 
-// 	// side effects should be triggered
+	// Open a websocket stream to later test the streamed status reply.
-// 	// 1. status should be in the database
+	wssStream, errWithCode := testStructs.Processor.Stream().Open(context.Background(), repliedAccount, stream.TimelineHome)
-// 	replyingStatus, err := testStructs.State.DB.GetStatusByURI(context.Background(), replyingURI)
+	suite.NoError(errWithCode)
-// 	suite.NoError(err)
 
-// 	// 2. a notification should exist for the mention
+	// Send the replied status off to the fedi worker to be further processed.
-// 	var notif gtsmodel.Notification
+	err = testStructs.Processor.Workers().ProcessFromFediAPI(context.Background(), &messages.FromFediAPI{
-// 	err = testStructs.State.DB.GetWhere(context.Background(), []db.Where{
+		APObjectType:   ap.ObjectNote,
-// 		{Key: "status_id", Value: replyingStatus.ID},
+		APActivityType: ap.ActivityCreate,
-// 	}, &notif)
+		APObject:       replyingStatusable,
-// 	suite.NoError(err)
+		Receiving:      repliedAccount,
-// 	suite.Equal(gtsmodel.NotificationMention, notif.NotificationType)
+		Requesting:     replyingAccount,
-// 	suite.Equal(replyingStatus.InReplyToAccountID, notif.TargetAccountID)
+	})
-// 	suite.Equal(replyingStatus.AccountID, notif.OriginAccountID)
+	if err != nil {
-// 	suite.Equal(replyingStatus.ID, notif.StatusID)
+		suite.FailNow(err.Error())
-// 	suite.False(*notif.Read)
+	}
 
-// 	ctx, _ := context.WithTimeout(context.Background(), time.Second*5)
+	// Wait for side effects to trigger:
-// 	msg, ok := wssStream.Recv(ctx)
+	// 1. status should be in the database
-// 	suite.True(ok)
+	var replyingStatus *gtsmodel.Status
+	if !testrig.WaitFor(func() bool {
+		replyingStatus, err = testStructs.State.DB.GetStatusByURI(context.Background(), replyingURI)
+		return err == nil
+	}) {
+		suite.FailNow("timed out waiting for replying status to be in the database")
+	}
 
-// 	suite.Equal(stream.EventTypeNotification, msg.Event)
+	// 2. a notification should exist for the mention
-// 	suite.NotEmpty(msg.Payload)
+	var notif gtsmodel.Notification
-// 	suite.EqualValues([]string{stream.TimelineHome}, msg.Stream)
+	err = testStructs.State.DB.GetWhere(context.Background(), []db.Where{
-// 	notifStreamed := &apimodel.Notification{}
+		{Key: "status_id", Value: replyingStatus.ID},
-// 	err = json.Unmarshal([]byte(msg.Payload), notifStreamed)
+	}, &notif)
-// 	suite.NoError(err)
+	suite.NoError(err)
-// 	suite.Equal("mention", notifStreamed.Type)
+	suite.Equal(gtsmodel.NotificationMention, notif.NotificationType)
-// 	suite.Equal(replyingAccount.ID, notifStreamed.Account.ID)
+	suite.Equal(replyingStatus.InReplyToAccountID, notif.TargetAccountID)
-// }
+	suite.Equal(replyingStatus.AccountID, notif.OriginAccountID)
+	suite.Equal(replyingStatus.ID, notif.StatusID)
+	suite.False(*notif.Read)
+
+	ctx, _ := context.WithTimeout(context.Background(), time.Second*5)
+	msg, ok := wssStream.Recv(ctx)
+	suite.True(ok)
+
+	suite.Equal(stream.EventTypeNotification, msg.Event)
+	suite.NotEmpty(msg.Payload)
+	suite.EqualValues([]string{stream.TimelineHome}, msg.Stream)
+	notifStreamed := &apimodel.Notification{}
+	err = json.Unmarshal([]byte(msg.Payload), notifStreamed)
+	suite.NoError(err)
+	suite.Equal("mention", notifStreamed.Type)
+	suite.Equal(replyingAccount.ID, notifStreamed.Account.ID)
+}
 
 func (suite *FromFediAPITestSuite) TestProcessFave() {
 	testStructs := suite.SetupTestStructs()
@@ -305,8 +332,11 @@ func (suite *FromFediAPITestSuite) TestProcessAccountDelete() {
 
 	ctx := context.Background()
 
-	deletedAccount := suite.testAccounts["remote_account_1"]
+	deletedAccount := &gtsmodel.Account{}
-	receivingAccount := suite.testAccounts["local_account_1"]
+	*deletedAccount = *suite.testAccounts["remote_account_1"]
+
+	receivingAccount := &gtsmodel.Account{}
+	*receivingAccount = *suite.testAccounts["local_account_1"]
 
 	// before doing the delete....
 	// make local_account_1 and remote_account_1 into mufos

internal/processing/workers/surface.go

@@ -36,7 +36,7 @@ type Surface struct {
 	State         *state.State
 	Converter     *typeutils.Converter
 	Stream        *stream.Processor
-	Filter        *visibility.Filter
+	VisFilter     *visibility.Filter
 	EmailSender   email.Sender
 	Conversations *conversations.Processor
 }

internal/processing/workers/surfacenotify_test.go

@@ -42,7 +42,7 @@ func (suite *SurfaceNotifyTestSuite) TestSpamNotifs() {
 		State:         testStructs.State,
 		Converter:     testStructs.TypeConverter,
 		Stream:        testStructs.Processor.Stream(),
-		Filter:        visibility.NewFilter(testStructs.State),
+		VisFilter:     visibility.NewFilter(testStructs.State),
 		EmailSender:   testStructs.EmailSender,
 		Conversations: testStructs.Processor.Conversations(),
 	}

internal/processing/workers/surfacetimeline.go

@@ -109,7 +109,7 @@ func (s *Surface) timelineAndNotifyStatusForFollowers(
 		// If it's not timelineable, we can just stop early, since lists
 		// are prettymuch subsets of the home timeline, so if it shouldn't
 		// appear there, it shouldn't appear in lists either.
-		timelineable, err := s.Filter.StatusHomeTimelineable(
+		timelineable, err := s.VisFilter.StatusHomeTimelineable(
 			ctx, follow.Account, status,
 		)
 		if err != nil {
@@ -482,7 +482,7 @@ func (s *Surface) timelineStatusUpdateForFollowers(
 		// If it's not timelineable, we can just stop early, since lists
 		// are prettymuch subsets of the home timeline, so if it shouldn't
 		// appear there, it shouldn't appear in lists either.
-		timelineable, err := s.Filter.StatusHomeTimelineable(
+		timelineable, err := s.VisFilter.StatusHomeTimelineable(
 			ctx, follow.Account, status,
 		)
 		if err != nil {

internal/processing/workers/workers.go

@@ -40,7 +40,7 @@ func New(
 	state *state.State,
 	federator *federation.Federator,
 	converter *typeutils.Converter,
-	filter *visibility.Filter,
+	visFilter *visibility.Filter,
 	emailSender email.Sender,
 	account *account.Processor,
 	media *media.Processor,
@@ -61,7 +61,7 @@ func New(
 		State:         state,
 		Converter:     converter,
 		Stream:        stream,
-		Filter:        filter,
+		VisFilter:     visFilter,
 		EmailSender:   emailSender,
 		Conversations: conversations,
 	}

internal/processing/workers/workers_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
@@ -160,7 +161,18 @@ func (suite *WorkersTestSuite) SetupTestStructs() *TestStructs {
 	oauthServer := testrig.NewTestOauthServer(db)
 	emailSender := testrig.NewEmailSender("../../../web/template/", nil)
 
-	processor := processing.NewProcessor(cleaner.New(&state), typeconverter, federator, oauthServer, mediaManager, &state, emailSender)
+	processor := processing.NewProcessor(
+		cleaner.New(&state),
+		typeconverter,
+		federator,
+		oauthServer,
+		mediaManager,
+		&state,
+		emailSender,
+		visibility.NewFilter(&state),
+		interaction.NewFilter(&state),
+	)
+
 	testrig.StartWorkers(&state, processor.Workers())
 
 	testrig.StandardDBSetup(db, suite.testAccounts)

internal/typeutils/converter.go

@@ -20,6 +20,7 @@ package typeutils
 import (
 	"sync"
 
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
 )
@@ -28,13 +29,15 @@ type Converter struct {
 	state          *state.State
 	defaultAvatars []string
 	randAvatars    sync.Map
-	filter         *visibility.Filter
+	visFilter      *visibility.Filter
+	intFilter      *interaction.Filter
 }
 
 func NewConverter(state *state.State) *Converter {
 	return &Converter{
 		state:          state,
 		defaultAvatars: populateDefaultAvatars(),
-		filter:         visibility.NewFilter(state),
+		visFilter:      visibility.NewFilter(state),
+		intFilter:      interaction.NewFilter(state),
 	}
 }

internal/typeutils/internaltofrontend.go

@@ -861,7 +861,7 @@ func (c *Converter) statusToAPIFilterResults(
 
 		for _, account := range otherAccounts {
 			// Is this account visible?
-			visible, err := c.filter.AccountVisible(ctx, requestingAccount, account)
+			visible, err := c.visFilter.AccountVisible(ctx, requestingAccount, account)
 			if err != nil {
 				return nil, err
 			}
@@ -2382,8 +2382,8 @@ func (c *Converter) ThemesToAPIThemes(themes []*gtsmodel.Theme) []apimodel.Theme
 func (c *Converter) InteractionPolicyToAPIInteractionPolicy(
 	ctx context.Context,
 	policy *gtsmodel.InteractionPolicy,
-	_ *gtsmodel.Status, // Used in upcoming PR.
+	status *gtsmodel.Status,
-	_ *gtsmodel.Account, // Used in upcoming PR.
+	requester *gtsmodel.Account,
 ) (*apimodel.InteractionPolicy, error) {
 	apiPolicy := &apimodel.InteractionPolicy{
 		CanFavourite: apimodel.PolicyRules{
@@ -2400,6 +2400,75 @@ func (c *Converter) InteractionPolicyToAPIInteractionPolicy(
 		},
 	}
 
+	if status == nil || requester == nil {
+		// We're done here!
+		return apiPolicy, nil
+	}
+
+	// Status and requester are both defined,
+	// so we can add the "me" Value to the policy
+	// for each interaction type, if applicable.
+
+	likeable, err := c.intFilter.StatusLikeable(ctx, requester, status)
+	if err != nil {
+		err := gtserror.Newf("error checking status likeable by requester: %w", err)
+		return nil, err
+	}
+
+	if likeable.Permission == gtsmodel.PolicyPermissionPermitted {
+		// We can do this!
+		apiPolicy.CanFavourite.Always = append(
+			apiPolicy.CanFavourite.Always,
+			apimodel.PolicyValueMe,
+		)
+	} else if likeable.Permission == gtsmodel.PolicyPermissionWithApproval {
+		// We can do this with approval.
+		apiPolicy.CanFavourite.WithApproval = append(
+			apiPolicy.CanFavourite.WithApproval,
+			apimodel.PolicyValueMe,
+		)
+	}
+
+	replyable, err := c.intFilter.StatusReplyable(ctx, requester, status)
+	if err != nil {
+		err := gtserror.Newf("error checking status replyable by requester: %w", err)
+		return nil, err
+	}
+
+	if replyable.Permission == gtsmodel.PolicyPermissionPermitted {
+		// We can do this!
+		apiPolicy.CanReply.Always = append(
+			apiPolicy.CanReply.Always,
+			apimodel.PolicyValueMe,
+		)
+	} else if replyable.Permission == gtsmodel.PolicyPermissionWithApproval {
+		// We can do this with approval.
+		apiPolicy.CanReply.WithApproval = append(
+			apiPolicy.CanReply.WithApproval,
+			apimodel.PolicyValueMe,
+		)
+	}
+
+	boostable, err := c.intFilter.StatusBoostable(ctx, requester, status)
+	if err != nil {
+		err := gtserror.Newf("error checking status boostable by requester: %w", err)
+		return nil, err
+	}
+
+	if boostable.Permission == gtsmodel.PolicyPermissionPermitted {
+		// We can do this!
+		apiPolicy.CanReblog.Always = append(
+			apiPolicy.CanReblog.Always,
+			apimodel.PolicyValueMe,
+		)
+	} else if boostable.Permission == gtsmodel.PolicyPermissionWithApproval {
+		// We can do this with approval.
+		apiPolicy.CanReblog.WithApproval = append(
+			apiPolicy.CanReblog.WithApproval,
+			apimodel.PolicyValueMe,
+		)
+	}
+
 	return apiPolicy, nil
 }
 

internal/typeutils/internaltofrontend_test.go

@@ -551,19 +551,22 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontend() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -747,19 +750,22 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredStatusToFrontend() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -927,19 +933,22 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
     "interaction_policy": {
       "can_favourite": {
         "always": [
-          "public"
+          "public",
+          "me"
         ],
         "with_approval": []
       },
       "can_reply": {
         "always": [
-          "public"
+          "public",
+          "me"
         ],
         "with_approval": []
       },
       "can_reblog": {
         "always": [
-          "public"
+          "public",
+          "me"
         ],
         "with_approval": []
       }
@@ -1010,19 +1019,22 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -1257,19 +1269,22 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendUnknownAttachments
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -1560,19 +1575,22 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendUnknownLanguage()
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -2561,19 +2579,22 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
       "interaction_policy": {
         "can_favourite": {
           "always": [
-            "public"
+            "public",
+            "me"
           ],
           "with_approval": []
         },
         "can_reply": {
           "always": [
-            "public"
+            "public",
+            "me"
           ],
           "with_approval": []
         },
         "can_reblog": {
           "always": [
-            "public"
+            "public",
+            "me"
           ],
           "with_approval": []
         }

testrig/federator.go

@@ -19,6 +19,7 @@ package testrig
 
 import (
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -28,5 +29,13 @@ import (
 
 // NewTestFederator returns a federator with the given database and (mock!!) transport controller.
 func NewTestFederator(state *state.State, tc transport.Controller, mediaManager *media.Manager) *federation.Federator {
-	return federation.NewFederator(state, NewTestFederatingDB(state), tc, typeutils.NewConverter(state), visibility.NewFilter(state), mediaManager)
+	return federation.NewFederator(
+		state,
+		NewTestFederatingDB(state),
+		tc,
+		typeutils.NewConverter(state),
+		visibility.NewFilter(state),
+		interaction.NewFilter(state),
+		mediaManager,
+	)
 }

testrig/processor.go

@@ -21,6 +21,8 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/interaction"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
@@ -31,5 +33,15 @@ import (
 // The passed in state will have its worker functions set appropriately,
 // but the state will not be initialized.
 func NewTestProcessor(state *state.State, federator *federation.Federator, emailSender email.Sender, mediaManager *media.Manager) *processing.Processor {
-	return processing.NewProcessor(cleaner.New(state), typeutils.NewConverter(state), federator, NewTestOauthServer(state.DB), mediaManager, state, emailSender)
+	return processing.NewProcessor(
+		cleaner.New(state),
+		typeutils.NewConverter(state),
+		federator,
+		NewTestOauthServer(state.DB),
+		mediaManager,
+		state,
+		emailSender,
+		visibility.NewFilter(state),
+		interaction.NewFilter(state),
+	)
 }

testrig/testmodels.go

@@ -1436,6 +1436,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGXQRHYF5QPMTMXP78QC2F",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"admin_account_status_2": {
 			ID:                       "01F8MHAAY43M6RJ473VQFCVH37",
@@ -1459,6 +1460,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGXQRHYF5QPMTMXP78QC2F",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"admin_account_status_3": {
 			ID:                       "01FF25D5Q0DH7CHD57CTRS6WK0",
@@ -1483,6 +1485,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGXQRHYF5QPMTMXP78QC2F",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"admin_account_status_4": {
 			ID:                       "01G36SF3V6Y6V5BF9P4R7PQG7G",
@@ -1504,6 +1507,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGXQRHYF5QPMTMXP78QC2F",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_1": {
 			ID:                       "01F8MHAMCHF6Y650WCRSCP4WMY",
@@ -1526,6 +1530,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_2": {
 			ID:                       "01F8MHAYFKS4KMXF8K5Y1C0KRN",
@@ -1548,6 +1553,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Federated:                util.Ptr(false),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_3": {
 			ID:                       "01F8MHBBN8120SYH7D5S050MGK",
@@ -1581,6 +1587,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 				},
 			},
 			ActivityStreamsType: ap.ObjectNote,
+			PendingApproval:     util.Ptr(false),
 		},
 		"local_account_1_status_4": {
 			ID:                       "01F8MH82FYRXD2RC6108DAJ5HB",
@@ -1604,6 +1611,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_5": {
 			ID:                       "01FCTA44PW9H1TB328S9AQXKDS",
@@ -1627,6 +1635,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_6": {
 			ID:                       "01HEN2RZ8BG29Y5Z9VJC73HZW7",
@@ -1651,6 +1660,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ActivityQuestion,
 			PollID:                   "01HEN2RKT1YTEZ80SA8HGP105F",
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_7": {
 			ID:                       "01HH9KYNQPA416TNJ53NSATP40",
@@ -1673,6 +1683,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_1_status_8": {
 			ID:                       "01J2M1HPFSS54S60Y0KYV23KJE",
@@ -1720,6 +1731,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGYG9E893WRHW0TAEXR8GJ",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_2_status_2": {
 			ID:                       "01F8MHC0H0A7XHTVH5F596ZKBM",
@@ -1753,6 +1765,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 				},
 			},
 			ActivityStreamsType: ap.ObjectNote,
+			PendingApproval:     util.Ptr(false),
 		},
 		"local_account_2_status_3": {
 			ID:                       "01F8MHC8VWDRBQR0N1BATDDEM5",
@@ -1787,6 +1800,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 				},
 			},
 			ActivityStreamsType: ap.ObjectNote,
+			PendingApproval:     util.Ptr(false),
 		},
 		"local_account_2_status_4": {
 			ID:                       "01F8MHCP5P2NWYQ416SBA0XSEV",
@@ -1820,6 +1834,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 				},
 			},
 			ActivityStreamsType: ap.ObjectNote,
+			PendingApproval:     util.Ptr(false),
 		},
 		"local_account_2_status_5": {
 			ID:                       "01FCQSQ667XHJ9AV9T27SJJSX5",
@@ -1845,6 +1860,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGYG9E893WRHW0TAEXR8GJ",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_2_status_6": {
 			ID:                       "01FN3VJGFH10KR7S2PB0GFJZYG",
@@ -1870,6 +1886,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGYG9E893WRHW0TAEXR8GJ",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_2_status_7": {
 			ID:                       "01G20ZM733MGN8J344T4ZDDFY1",
@@ -1894,6 +1911,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "01F8MGYG9E893WRHW0TAEXR8GJ",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"local_account_2_status_8": {
 			ID:                       "01HEN2PRXT0TF4YDRA64FZZRN7",
@@ -1918,6 +1936,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ActivityQuestion,
 			PollID:                   "01HEN2QB5NR4NCEHGYC3HN84K6",
+			PendingApproval:          util.Ptr(false),
 		},
 		"remote_account_1_status_1": {
 			ID:                       "01FVW7JHQFSFK166WWKR8CBA6M",
@@ -1942,6 +1961,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 		"remote_account_1_status_2": {
 			ID:                       "01HEN2QRFA8H3C6QPN7RD4KSR6",
@@ -1966,6 +1986,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ActivityQuestion,
 			PollID:                   "01HEN2R65468ZG657C4ZPHJ4EX",
+			PendingApproval:          util.Ptr(false),
 		},
 		"remote_account_1_status_3": {
 			ID:                       "01HEWV37MHV8BAC8ANFGVRRM5D",
@@ -1990,6 +2011,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ActivityQuestion,
 			PollID:                   "01HEWV1GW2D49R919NPEDXPTZ5",
+			PendingApproval:          util.Ptr(false),
 		},
 		"remote_account_2_status_1": {
 			ID:                       "01HE7XJ1CG84TBKH5V9XKBVGF5",
@@ -2014,6 +2036,7 @@ func NewTestStatuses() map[string]*gtsmodel.Status {
 			CreatedWithApplicationID: "",
 			Federated:                util.Ptr(true),
 			ActivityStreamsType:      ap.ObjectNote,
+			PendingApproval:          util.Ptr(false),
 		},
 	}
 }

testrig/util.go

@@ -91,10 +91,10 @@ func StopWorkers(state *state.State) {
 	state.Workers.Dereference.Stop()
 }
 
-func StartTimelines(state *state.State, filter *visibility.Filter, converter *typeutils.Converter) {
+func StartTimelines(state *state.State, visFilter *visibility.Filter, converter *typeutils.Converter) {
 	state.Timelines.Home = timeline.NewManager(
 		tlprocessor.HomeTimelineGrab(state),
-		tlprocessor.HomeTimelineFilter(state, filter),
+		tlprocessor.HomeTimelineFilter(state, visFilter),
 		tlprocessor.HomeTimelineStatusPrepare(state, converter),
 		tlprocessor.SkipInsert(),
 	)
@@ -104,7 +104,7 @@ func StartTimelines(state *state.State, filter *visibility.Filter, converter *ty
 
 	state.Timelines.List = timeline.NewManager(
 		tlprocessor.ListTimelineGrab(state),
-		tlprocessor.ListTimelineFilter(state, filter),
+		tlprocessor.ListTimelineFilter(state, visFilter),
 		tlprocessor.ListTimelineStatusPrepare(state, converter),
 		tlprocessor.SkipInsert(),
 	)