diff options
author | multiple creatures <dev@multiple-creature.party> | 2019-07-21 22:15:36 -0500 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2019-07-21 22:18:02 -0500 |
commit | b0eade5ad6f8fa60939c7b416e063d81886f5917 (patch) | |
tree | dfc4b5e67973fd8c233392468401a414a486a4e7 /app/controllers | |
parent | acc1fb81fea804e2a217aa1ef71e4191f56e1e16 (diff) |
allow self & signed-in local followers to read outbox when `hide public ap outbox` is set
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/activitypub/outboxes_controller.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 00d050dc3..1da8b5913 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -55,10 +55,14 @@ class ActivityPub::OutboxesController < Api::BaseController def set_statuses return unless page_requested? - if @account.hidden || @account&.user && @account.user.hides_public_outbox? - @statuses = Status.none - else + account_owner = current_account && current_account.id == @account.id + outbox_hidden = @account&.user && @account.user.hides_public_outbox? + local_follower = current_account && current_account.following?(@account) + + if account_owner || !@account.hidden? || (outbox_hidden && local_follower) @statuses = @account.statuses.permitted_for(@account, signed_request_account) + else + @statuses = Status.none end @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id]) @statuses = cache_collection(@statuses, Status) |