[Privacy, Federation, UI] Add options to allow Fediverse users to decide whether to include replies and unlisted posts on their profiles

author: Fire Demon <firedemon@creature.cafe> 2020-07-18 23:59:04 -0500
committer: Fire Demon <firedemon@creature.cafe> 2020-08-30 05:43:08 -0500
commit: dc5526f4ae8c9d3a6f132b2bc72914b95e5286cc (patch)
tree: 511631c5b0b87d0b8c4dae207af03aa80d54be73 /app/controllers
parent: c6ede2d0eef48df6f9a70bb9c2036d688bda35af (diff)
5 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 21209cf12..81b8f8985 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -69,12 +69,12 @@ class AccountsController < ApplicationController
     default_statuses.tap do |statuses|
       statuses.merge!(hashtag_scope)    if tag_requested?
       statuses.merge!(only_media_scope) if media_requested?
-      statuses.merge!(no_replies_scope) unless (current_account&.id == @account.id) && replies_requested?
+      statuses.merge!(no_replies_scope) unless (current_account&.id == @account.id || @account.show_replies?) && replies_requested?
     end
   end
 
   def default_statuses
-    visibility_scopes = user_signed_in? ? [:public, :unlisted] : :public
+    visibility_scopes = user_signed_in? || @account.show_unlisted? ? [:public, :unlisted] : :public
     @account.statuses.not_local_only.where(visibility: visibility_scopes)
   end
 
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index e25a4bc07..4d4f5e364 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -49,7 +49,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def set_statuses
     return unless page_requested?
 
-    @statuses = @account.statuses.permitted_for(@account, signed_request_account)
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account, user_signed_in: known_visitor?)
     @statuses = @statuses.paginate_by_id(LIMIT, params_slice(:max_id, :min_id, :since_id))
     @statuses = cache_collection(@statuses, Status)
   end
@@ -61,4 +61,8 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def page_params
     { page: true, max_id: params[:max_id], min_id: params[:min_id] }.compact
   end
+
+  def known_visitor?
+    user_signed_in? || (signed_request_account.present? && signed_request_account.following?(@account))
+  end
 end
diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb
index dbafc3cc2..3c8187a99 100644
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -21,7 +21,9 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   private
 
   def account_params
-    params.permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, :require_dereference, fields_attributes: [:name, :value])
+    params.permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable,
+                  :require_dereference, :show_replies, :show_unlisted,
+                  fields_attributes: [:name, :value])
   end
 
   def user_settings_params
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 8a7a3a04d..4735fea8c 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -29,7 +29,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
     statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
 
     statuses.merge!(only_media_scope) if truthy_param?(:only_media)
-    statuses.merge!(no_replies_scope) if (current_account&.id != @account.id) || truthy_param?(:exclude_replies)
+    statuses.merge!(no_replies_scope) if (current_account&.id != @account.id && !@account.show_replies?) || truthy_param?(:exclude_replies)
     statuses.merge!(no_reblogs_scope) if truthy_param?(:exclude_reblogs)
     statuses.merge!(hashtag_scope)    if params[:tagged].present?
 
@@ -37,7 +37,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def permitted_account_statuses
-    @account.statuses.permitted_for(@account, current_account)
+    @account.statuses.permitted_for(@account, current_account, user_signed_in: user_signed_in?)
   end
 
   def only_media_scope
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 33d93a233..d6e3c9863 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -23,7 +23,9 @@ class Settings::ProfilesController < Settings::BaseController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, :require_dereference, fields_attributes: [:name, :value])
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable,
+                                    :require_dereference, :show_replies, :show_unlisted,
+                                    fields_attributes: [:name, :value])
   end
 
   def set_account
author	Fire Demon <firedemon@creature.cafe>	2020-07-18 23:59:04 -0500
committer	Fire Demon <firedemon@creature.cafe>	2020-08-30 05:43:08 -0500
commit	dc5526f4ae8c9d3a6f132b2bc72914b95e5286cc (patch)
tree	511631c5b0b87d0b8c4dae207af03aa80d54be73 /app/controllers
parent	c6ede2d0eef48df6f9a70bb9c2036d688bda35af (diff)