Don't show statuses to blocked users

4 files changed, 44 insertions, 6 deletions

diff --git a/.eslintrc b/.eslintrc
index 10bf70546..f91385cec 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -15,7 +15,37 @@
     "sourceType": "module",
 
     "ecmaFeatures": {
-      "jsx": true
-    },
+      "arrowFunctions": true,
+      "jsx": true,
+      "destructuring": true,
+      "modules": true,
+      "spread": true
+    }
   },
+
+  "rules": {
+    "no-cond-assign": 2,
+    "no-console": 1,
+    "no-irregular-whitespace": 2,
+    "no-unreachable": 2,
+    "valid-typeof": 2,
+    "consistent-return": 2,
+    "dot-notation": 2,
+    "eqeqeq": 2,
+    "no-fallthrough": 2,
+    "no-unused-expressions": 2,
+    "strict": 0,
+    "no-catch-shadow": 2,
+    "indent": [1, 2],
+    "brace-style": 1,
+    "comma-spacing": [1, {"before": false, "after": true}],
+    "comma-style": [1, "last"],
+    "no-mixed-spaces-and-tabs": 1,
+    "no-nested-ternary": 1,
+    "no-trailing-spaces": 1,
+    "react/wrap-multilines": 2,
+    "react/self-closing-comp": 2,
+    "react/prop-types": 2,
+    "react/no-multi-comp": 0
+  }
 }
diff --git a/app/models/status.rb b/app/models/status.rb
index dc7fc60d7..1720d754a 100644
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -31,7 +31,6 @@ class Status < ApplicationRecord
 
   scope :remote, -> { where.not(uri: nil) }
   scope :local, -> { where(uri: nil) }
-  scope :permitted_for, ->(target_account, account) { account&.id == target_account.id || account&.following?(target_account) ? where('1=1') : where.not(visibility: :private) }
 
   cache_associated :account, :media_attachments, :tags, :stream_entry, mentions: :account, reblog: [:account, :stream_entry, :tags, :media_attachments, mentions: :account], thread: :account
 
@@ -72,7 +71,7 @@ class Status < ApplicationRecord
   end
 
   def permitted?(other_account = nil)
-    private_visibility? ? (account.id == other_account&.id || other_account&.following?(account)) : true
+    private_visibility? ? (account.id == other_account&.id || other_account&.following?(account)) : other_account.nil? || !account.blocking?(other_account)
   end
 
   def ancestors(account = nil)
@@ -145,6 +144,16 @@ class Status < ApplicationRecord
       end
     end
 
+    def permitted_for(target_account, account)
+      if account&.id == target_account.id || account&.following?(target_account)
+        where('1 = 1')
+      elsif !account.nil? && target_account.blocking?(account)
+        where('1 = 0')
+      else
+        where.not(visibility: :private)
+      end
+    end
+
     private
 
     def filter_timeline(query, account)
diff --git a/app/services/process_interaction_service.rb b/app/services/process_interaction_service.rb
index 3d3cccb6a..450b0c5cc 100644
--- a/app/services/process_interaction_service.rb
+++ b/app/services/process_interaction_service.rb
@@ -30,7 +30,7 @@ class ProcessInteractionService < BaseService
 
       case verb(xml)
       when :follow
-        follow!(account, target_account) unless target_account.locked?
+        follow!(account, target_account) unless target_account.locked? || target_account.blocking?(account)
       when :unfollow
         unfollow!(account, target_account)
       when :favorite
diff --git a/spec/controllers/api/v1/statuses_controller_spec.rb b/spec/controllers/api/v1/statuses_controller_spec.rb
index ab918fe50..d9c73f952 100644
--- a/spec/controllers/api/v1/statuses_controller_spec.rb
+++ b/spec/controllers/api/v1/statuses_controller_spec.rb
@@ -7,7 +7,6 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
   let(:token) { double acceptable?: true, resource_owner_id: user.id }
 
   before do
-    stub_request(:post, "https://pubsubhubbub.superfeedr.com/").to_return(:status => 200, :body => "", :headers => {})
     allow(controller).to receive(:doorkeeper_token) { token }
   end