about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2020-02-16 01:19:43 -0600
committermultiple creatures <dev@multiple-creature.party>2020-02-16 01:19:43 -0600
commit58133d648b7758c326dfbdce32bb5918d5da0579 (patch)
treeaa88716c5331e172cba92b534b9e92f5c124f8f7 /app
parentff7b888c0560eec141213e7ee37ff1ca30942ae8 (diff)
make sure hidden posts are only visible to their authors
Diffstat (limited to 'app')
-rw-r--r--app/policies/status_policy.rb5
1 files changed, 5 insertions, 0 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index d5dad6350..fad51d13c 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -12,6 +12,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def show?
+    return false if hidden? && !owned?
     return false if local_only? && (current_account.nil? || !current_account.local?)
     return true if owned? || mention_exists?
     return false if direct?
@@ -97,6 +98,10 @@ class StatusPolicy < ApplicationPolicy
     record.local_only?
   end
 
+  def hidden?
+    record.hidden?
+  end
+
   def still_accessible?
     return true unless record.local?
     record.updated_at > record.account.user.max_public_access.days.ago