restrict private pin visibility to packmates & do not include them in `featured` collection (mainline masto does not respect pin visibility)

author: multiple creatures <dev@multiple-creature.party> 2019-08-04 20:53:20 -0500
committer: multiple creatures <dev@multiple-creature.party> 2019-08-04 20:53:20 -0500
commit: 9a3c4bc0511d1c8a19ef591752be59fb9f3cdfd8 (patch)
tree: 736cdbb3657d8c02c2ab6ffe1ece2ff480a0540b /app/controllers/api
parent: 9ba20817205de7bf46489ab2a0d834f798031d20 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 11661ce08..914a39801 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -57,7 +57,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def pinned_scope
-    @account.pinned_statuses
+    if user_signed_in? && current_account.following?(@account)
+      @account.pinned_statuses
+    else
+      @account.pinned_statuses.where.not(visibility: :private)
+    end
   end
 
   def no_replies_scope
author	multiple creatures <dev@multiple-creature.party>	2019-08-04 20:53:20 -0500
committer	multiple creatures <dev@multiple-creature.party>	2019-08-04 20:53:20 -0500
commit	9a3c4bc0511d1c8a19ef591752be59fb9f3cdfd8 (patch)
tree	736cdbb3657d8c02c2ab6ffe1ece2ff480a0540b /app/controllers/api
parent	9ba20817205de7bf46489ab2a0d834f798031d20 (diff)