diff options
author | Fire Demon <firedemon@creature.cafe> | 2020-07-26 06:37:23 -0500 |
---|---|---|
committer | Fire Demon <firedemon@creature.cafe> | 2020-08-30 05:45:16 -0500 |
commit | d9c8abca54326c13810e87352e33a85fa6ca04db (patch) | |
tree | ca7a27cebb5a17e83fcb3b79d6b1893c7cb128b2 /app/controllers/tags_controller.rb | |
parent | a827f14c383949535f7fa01ddfa5a87c85fac41d (diff) |
[Privacy] Exclude mixed-privacy posts from public collections unless the requesting actor is locally authenticated or follows the author
Diffstat (limited to 'app/controllers/tags_controller.rb')
-rw-r--r-- | app/controllers/tags_controller.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb index 0b8ac7c6d..9cba38771 100644 --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -37,10 +37,12 @@ class TagsController < ApplicationController format.json do expires_in 3.minutes, public: public_fetch_mode? - @statuses = HashtagQueryService.new.call(@tag, filter_params, current_account, @local).paginate_by_max_id(PAGE_SIZE, params[:max_id]) + @statuses = HashtagQueryService.new.call(@tag, filter_params, current_account, @local) + @statuses = @statuses.without_semiprivate unless known_visitor? + @statuses = @statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id]) @statuses = cache_collection(@statuses, Status) - render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: signed_request_account&.domain end end end @@ -75,4 +77,8 @@ class TagsController < ApplicationController def filter_params params.slice(:any, :all, :none).permit(:any, :all, :none) end + + def known_visitor? + @known_visitor ||= user_signed_in? || (signed_request_account.present? && signed_request_account.following?(@account)) + end end |