diff options
author | multiple creatures <dev@multiple-creature.party> | 2020-02-16 01:19:43 -0600 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2020-02-16 01:19:43 -0600 |
commit | 58133d648b7758c326dfbdce32bb5918d5da0579 (patch) | |
tree | aa88716c5331e172cba92b534b9e92f5c124f8f7 /app | |
parent | ff7b888c0560eec141213e7ee37ff1ca30942ae8 (diff) |
make sure hidden posts are only visible to their authors
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/status_policy.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index d5dad6350..fad51d13c 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -12,6 +12,7 @@ class StatusPolicy < ApplicationPolicy end def show? + return false if hidden? && !owned? return false if local_only? && (current_account.nil? || !current_account.local?) return true if owned? || mention_exists? return false if direct? @@ -97,6 +98,10 @@ class StatusPolicy < ApplicationPolicy record.local_only? end + def hidden? + record.hidden? + end + def still_accessible? return true unless record.local? record.updated_at > record.account.user.max_public_access.days.ago |