diff options
Diffstat (limited to 'app/controllers/api/v1/accounts/statuses_controller.rb')
| -rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 4735fea8c..1c744ad73 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def account_statuses + return [] if (@account.private && !following?(@account)) || (@account.require_auth && !current_account?) + statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses statuses.merge!(only_media_scope) if truthy_param?(:only_media) @@ -37,7 +39,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def permitted_account_statuses - @account.statuses.permitted_for(@account, current_account, user_signed_in: user_signed_in?) + @account.statuses.permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account)) end def only_media_scope @@ -49,7 +51,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController # Also, Avoid getting slow by not narrowing down by `statuses.account_id`. # When narrowing down by `statuses.account_id`, `index_statuses_20180106` will be used # and the table will be joined by `Merge Semi Join`, so the query will be slow. - @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account) + @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account, user_signed_in: authenticated_or_following?(@account)) .paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id]) .reorder(id: :desc).distinct(:id).pluck(:id) end |