Change quote verification to not bypass authorization flow for mentions (#35528)

app/lib/activitypub/parser/status_parser.rb

@@ -152,9 +152,6 @@ class ActivityPub::Parser::StatusParser
     # Remove the special-meaning actor URI
     allowed_actors.delete(@options[:actor_uri])
 
-    # Tagged users are always allowed, so remove them
-    allowed_actors -= as_array(@object['tag']).filter_map { |tag| tag['href'] if equals_or_includes?(tag['type'], 'Mention') }
-
     # Any unrecognized actor is marked as unknown
     flags |= Status::QUOTE_APPROVAL_POLICY_FLAGS[:unknown] unless allowed_actors.empty?
 

app/models/concerns/status/interaction_policy_concern.rb

@@ -33,16 +33,8 @@ module Status::InteractionPolicyConcern
     automatic_policy = quote_approval_policy >> 16
     manual_policy = quote_approval_policy & 0xFFFF
 
-    # Checking for public policy first because it's less expensive than looking at mentions
     return :automatic if automatic_policy.anybits?(QUOTE_APPROVAL_POLICY_FLAGS[:public])
 
-    # Mentioned users are always allowed to quote
-    if active_mentions.loaded?
-      return :automatic if active_mentions.any? { |mention| mention.account_id == other_account.id }
-    elsif active_mentions.exists?(account: other_account)
-      return :automatic
-    end
-
     if automatic_policy.anybits?(QUOTE_APPROVAL_POLICY_FLAGS[:followers])
       following_author = preloaded_relations[:following] ? preloaded_relations[:following][account_id] : other_account.following?(account) if following_author.nil?
       return :automatic if following_author

app/services/activitypub/verify_quote_service.rb

@@ -45,14 +45,7 @@ class ActivityPub::VerifyQuoteService < BaseService
       true
     end
 
-    # Always allow someone to quote posts in which they are mentioned
-    if @quote.quoted_status.active_mentions.exists?(mentions: { account_id: @quote.account_id })
-      @quote.accept!
-
-      true
-    else
-      false
-    end
+    false
   end
 
   def fetch_approval_object(uri, prefetched_body: nil)