Disallow remote users from viewing local-only toots

author: Thibaut Girka <thib@sitedethib.com> 2018-07-31 15:00:08 +0200
committer: ThibG <thib@sitedethib.com> 2018-07-31 15:41:04 +0200
commit: c4bec9263cabdd141d5e83e57869dec97426c0d9 (patch)
tree: 6bc6709cabbfca7e0d057cf4d4636a1401665e59 /app/policies
parent: 9f2945ef80d1984271071e43c9948722d3bcafa3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 96cdee8c7..fcf19db62 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -12,7 +12,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def show?
-    return false if local_only? && current_account.nil?
+    return false if local_only? && (current_account.nil? || !current_account.local?)
 
     if direct?
       owned? || mention_exists?
author	Thibaut Girka <thib@sitedethib.com>	2018-07-31 15:00:08 +0200
committer	ThibG <thib@sitedethib.com>	2018-07-31 15:41:04 +0200
commit	c4bec9263cabdd141d5e83e57869dec97426c0d9 (patch)
tree	6bc6709cabbfca7e0d057cf4d4636a1401665e59 /app/policies
parent	9f2945ef80d1984271071e43c9948722d3bcafa3 (diff)