about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2019-07-21 22:15:36 -0500
committermultiple creatures <dev@multiple-creature.party>2019-07-21 22:18:02 -0500
commitb0eade5ad6f8fa60939c7b416e063d81886f5917 (patch)
treedfc4b5e67973fd8c233392468401a414a486a4e7 /app/controllers
parentacc1fb81fea804e2a217aa1ef71e4191f56e1e16 (diff)
allow self & signed-in local followers to read outbox when `hide public ap outbox` is set
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/activitypub/outboxes_controller.rb10
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 00d050dc3..1da8b5913 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -55,10 +55,14 @@ class ActivityPub::OutboxesController < Api::BaseController
 
   def set_statuses
     return unless page_requested?
-    if @account.hidden || @account&.user && @account.user.hides_public_outbox?
-      @statuses = Status.none
-    else
+    account_owner = current_account && current_account.id == @account.id
+    outbox_hidden = @account&.user && @account.user.hides_public_outbox?
+    local_follower = current_account && current_account.following?(@account)
+
+    if account_owner || !@account.hidden? || (outbox_hidden && local_follower)
       @statuses = @account.statuses.permitted_for(@account, signed_request_account)
+    else
+      @statuses = Status.none
     end
     @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
     @statuses = cache_collection(@statuses, Status)