diff options
author | Fire Demon <firedemon@creature.cafe> | 2020-07-28 20:40:25 -0500 |
---|---|---|
committer | Fire Demon <firedemon@creature.cafe> | 2020-08-30 05:45:16 -0500 |
commit | 054e15e4f03eecb174374466581b9662a6b38e24 (patch) | |
tree | 80db06ea08762f659878d8ffe2ffb4f54333b9c6 /app/controllers/api | |
parent | 9234fb32e6b2b8bf8fb2184f9b1b57202eb5f625 (diff) |
[Privacy] Add options for private accounts
Diffstat (limited to 'app/controllers/api')
-rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 4735fea8c..1c744ad73 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def account_statuses + return [] if (@account.private && !following?(@account)) || (@account.require_auth && !current_account?) + statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses statuses.merge!(only_media_scope) if truthy_param?(:only_media) @@ -37,7 +39,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def permitted_account_statuses - @account.statuses.permitted_for(@account, current_account, user_signed_in: user_signed_in?) + @account.statuses.permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account)) end def only_media_scope @@ -49,7 +51,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController # Also, Avoid getting slow by not narrowing down by `statuses.account_id`. # When narrowing down by `statuses.account_id`, `index_statuses_20180106` will be used # and the table will be joined by `Merge Semi Join`, so the query will be slow. - @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account) + @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account)) .paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id]) .reorder(id: :desc).distinct(:id).pluck(:id) end |