about summary refs log tree commit diff
path: root/app/controllers/api
diff options
context:
space:
mode:
authorFire Demon <firedemon@creature.cafe>2020-07-28 20:40:25 -0500
committerFire Demon <firedemon@creature.cafe>2020-08-30 05:45:16 -0500
commit054e15e4f03eecb174374466581b9662a6b38e24 (patch)
tree80db06ea08762f659878d8ffe2ffb4f54333b9c6 /app/controllers/api
parent9234fb32e6b2b8bf8fb2184f9b1b57202eb5f625 (diff)
[Privacy] Add options for private accounts
Diffstat (limited to 'app/controllers/api')
-rw-r--r--app/controllers/api/v1/accounts/statuses_controller.rb6
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 4735fea8c..1c744ad73 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def account_statuses
+    return [] if (@account.private && !following?(@account)) || (@account.require_auth && !current_account?)
+
     statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
 
     statuses.merge!(only_media_scope) if truthy_param?(:only_media)
@@ -37,7 +39,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def permitted_account_statuses
-    @account.statuses.permitted_for(@account, current_account, user_signed_in: user_signed_in?)
+    @account.statuses.permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account))
   end
 
   def only_media_scope
@@ -49,7 +51,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
     # Also, Avoid getting slow by not narrowing down by `statuses.account_id`.
     # When narrowing down by `statuses.account_id`, `index_statuses_20180106` will be used
     # and the table will be joined by `Merge Semi Join`, so the query will be slow.
-    @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account)
+    @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account))
             .paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
             .reorder(id: :desc).distinct(:id).pluck(:id)
   end