Move the canFeature policy out of the Activity vocabulary layer (#3406)

pfefferle · web-flow · commit f23f6723db31 · 2026-06-12T17:53:32.000+02:00
diff --git a/.github/changelog/update-move-interaction-policy-to-models b/.github/changelog/update-move-interaction-policy-to-models
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Publish the Starter Kit consent policy only on your own blog and author profiles, no longer on system or third-party profiles.
diff --git a/includes/activity/class-actor.php b/includes/activity/class-actor.php
@@ -382,43 +382,4 @@ class Actor extends Base_Object {
 	 * @var boolean|null
 	 */
 	protected $invisible = null;
-
-	/**
-	 * Get the actor-level interaction policy.
-	 *
-	 * Overrides the magic property accessor on Base_Object so that we always
-	 * compute the policy from the current site setting rather than returning a
-	 * cached property value. Currently only emits `canFeature` (FEP-7aa9).
-	 * Driven by the site option `activitypub_default_feature_policy` and
-	 * defaults to denying all featured-collection requests, in line with
-	 * FEP-7aa9's "absence of policy = no consent" rule.
-	 *
-	 * @see https://w3id.org/fep/7aa9
-	 *
-	 * @since 9.0.0
-	 *
-	 * @return array
-	 */
-	public function get_interaction_policy() {
-		return array_merge( (array) parent::get_interaction_policy(), array( 'canFeature' => $this->build_can_feature_policy() ) );
-	}
-
-	/**
-	 * Build the `canFeature` policy array from the site option.
-	 *
-	 * @return array
-	 */
-	protected function build_can_feature_policy() {
-		$policy = \get_option( 'activitypub_default_feature_policy', ACTIVITYPUB_INTERACTION_POLICY_ME );
-
-		switch ( $policy ) {
-			case ACTIVITYPUB_INTERACTION_POLICY_ANYONE:
-				return array( 'automaticApproval' => array( 'https://www.w3.org/ns/activitystreams#Public' ) );
-			case ACTIVITYPUB_INTERACTION_POLICY_FOLLOWERS:
-				return array( 'automaticApproval' => array( $this->get_followers() ) );
-			case ACTIVITYPUB_INTERACTION_POLICY_ME:
-			default:
-				return array( 'automaticApproval' => array( $this->get_id() ) );
-		}
-	}
 }
diff --git a/includes/model/class-blog.php b/includes/model/class-blog.php
@@ -601,4 +601,50 @@ public function get_moved_to() {
 
 		return $moved_to && $moved_to !== $this->get_id() ? $moved_to : null;
 	}
+
+	/**
+	 * Get the actor-level interaction policy.
+	 *
+	 * Overrides the magic property accessor on Base_Object so that we always
+	 * compute the policy from the current site setting rather than returning a
+	 * cached property value. Currently only emits `canFeature` (FEP-7aa9).
+	 * Driven by the site option `activitypub_default_feature_policy` and
+	 * defaults to denying all featured-collection requests, in line with
+	 * FEP-7aa9's "absence of policy = no consent" rule.
+	 *
+	 * @see https://w3id.org/fep/7aa9
+	 *
+	 * @since 9.0.0
+	 *
+	 * @return array
+	 */
+	public function get_interaction_policy() {
+		$policy = array( 'canFeature' => $this->build_can_feature_policy() );
+
+		// Merge with an explicitly set interaction policy, if any.
+		if ( $this->interaction_policy ) {
+			$policy = \array_merge( (array) $this->interaction_policy, $policy );
+		}
+
+		return $policy;
+	}
+
+	/**
+	 * Build the `canFeature` policy array from the site option.
+	 *
+	 * @return array
+	 */
+	protected function build_can_feature_policy() {
+		$policy = \get_option( 'activitypub_default_feature_policy', ACTIVITYPUB_INTERACTION_POLICY_ME );
+
+		switch ( $policy ) {
+			case ACTIVITYPUB_INTERACTION_POLICY_ANYONE:
+				return array( 'automaticApproval' => array( 'https://www.w3.org/ns/activitystreams#Public' ) );
+			case ACTIVITYPUB_INTERACTION_POLICY_FOLLOWERS:
+				return array( 'automaticApproval' => array( $this->get_followers() ) );
+			case ACTIVITYPUB_INTERACTION_POLICY_ME:
+			default:
+				return array( 'automaticApproval' => array( $this->get_id() ) );
+		}
+	}
 }
diff --git a/includes/model/class-user.php b/includes/model/class-user.php
@@ -483,4 +483,50 @@ public function get_moved_to() {
 
 		return $moved_to && $moved_to !== $this->get_id() ? $moved_to : null;
 	}
+
+	/**
+	 * Get the actor-level interaction policy.
+	 *
+	 * Overrides the magic property accessor on Base_Object so that we always
+	 * compute the policy from the current site setting rather than returning a
+	 * cached property value. Currently only emits `canFeature` (FEP-7aa9).
+	 * Driven by the site option `activitypub_default_feature_policy` and
+	 * defaults to denying all featured-collection requests, in line with
+	 * FEP-7aa9's "absence of policy = no consent" rule.
+	 *
+	 * @see https://w3id.org/fep/7aa9
+	 *
+	 * @since 9.0.0
+	 *
+	 * @return array
+	 */
+	public function get_interaction_policy() {
+		$policy = array( 'canFeature' => $this->build_can_feature_policy() );
+
+		// Merge with an explicitly set interaction policy, if any.
+		if ( $this->interaction_policy ) {
+			$policy = \array_merge( (array) $this->interaction_policy, $policy );
+		}
+
+		return $policy;
+	}
+
+	/**
+	 * Build the `canFeature` policy array from the site option.
+	 *
+	 * @return array
+	 */
+	protected function build_can_feature_policy() {
+		$policy = \get_option( 'activitypub_default_feature_policy', ACTIVITYPUB_INTERACTION_POLICY_ME );
+
+		switch ( $policy ) {
+			case ACTIVITYPUB_INTERACTION_POLICY_ANYONE:
+				return array( 'automaticApproval' => array( 'https://www.w3.org/ns/activitystreams#Public' ) );
+			case ACTIVITYPUB_INTERACTION_POLICY_FOLLOWERS:
+				return array( 'automaticApproval' => array( $this->get_followers() ) );
+			case ACTIVITYPUB_INTERACTION_POLICY_ME:
+			default:
+				return array( 'automaticApproval' => array( $this->get_id() ) );
+		}
+	}
 }
diff --git a/tests/phpunit/tests/includes/model/class-test-interaction-policy.php b/tests/phpunit/tests/includes/model/class-test-interaction-policy.php
@@ -98,4 +98,35 @@ public function test_blog_actor_emits_canfeature() {
 			'Blog actor must default to explicit denial (its own id as the only approved target).'
 		);
 	}
+
+	/**
+	 * The generic Activity\Actor carries no application logic: it must not
+	 * compute a canFeature policy from the local site option, since it also
+	 * represents remote actors.
+	 */
+	public function test_generic_actor_does_not_emit_local_canfeature() {
+		\update_option( 'activitypub_default_feature_policy', ACTIVITYPUB_INTERACTION_POLICY_ANYONE );
+
+		$actor = \Activitypub\Activity\Actor::init_from_array(
+			array(
+				'id'   => 'https://remote.example/users/jane',
+				'type' => 'Person',
+			)
+		);
+
+		$this->assertNull( $actor->get_interaction_policy(), 'A generic actor must not inherit the local canFeature policy.' );
+	}
+
+	/**
+	 * The Application actor advertises no canFeature policy (absence of
+	 * policy means no consent per FEP-7aa9).
+	 */
+	public function test_application_actor_emits_no_interaction_policy() {
+		\update_option( 'activitypub_default_feature_policy', ACTIVITYPUB_INTERACTION_POLICY_ANYONE );
+
+		$application = new \Activitypub\Model\Application();
+
+		$this->assertNull( $application->get_interaction_policy() );
+		$this->assertArrayNotHasKey( 'interactionPolicy', $application->to_array( false ) );
+	}
 }
