marrub
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

allow self & signed-in local followers to read outbox when `hide public ap outbox` is set

staging
multiple creatures 2019-07-21 22:15:36 -05:00
parent acc1fb81fe
commit b0eade5ad6
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/activitypub/outboxes_controller.rb
View File

@ -55,10 +55,14 @@ class ActivityPub::OutboxesController < Api::BaseController
def set_statuses
return unless page_requested?
if @account.hidden || @account&.user && @account.user.hides_public_outbox?
@statuses = Status.none
else
account_owner = current_account && current_account.id == @account.id
outbox_hidden = @account&.user && @account.user.hides_public_outbox?
local_follower = current_account && current_account.following?(@account)
if account_owner || !@account.hidden? || (outbox_hidden && local_follower)
@statuses = @account.statuses.permitted_for(@account, signed_request_account)
else
@statuses = Status.none
end
@statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
@statuses = cache_collection(@statuses, Status)