1 files changed, 57 insertions, 9 deletions

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index fa5c0dd9c..9f851feb3 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -12,19 +12,20 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def show?
-    return false if local_only? && (current_account.nil? || !current_account.local?)
+    return false if local_only? && !current_account&.local?
+    return false unless published? || owned?
 
     if requires_mention?
       owned? || mention_exists?
     elsif private?
-      owned? || following_author? || mention_exists?
+      owned? || following_owners? || mention_exists?
     else
-      current_account.nil? || (!author_blocking? && !author_blocking_domain?)
+      current_account.nil? || !blocked_by_owners?
     end
   end
 
   def reblog?
-    !requires_mention? && (!private? || owned?) && show? && !blocking_author?
+    published? && !requires_mention? && (!private? || owned?) && show? && !blocking_author?
   end
 
   def favourite?
@@ -44,7 +45,7 @@ class StatusPolicy < ApplicationPolicy
   private
 
   def requires_mention?
-    record.direct_visibility? || record.limited_visibility?
+    %w(direct limited).include?(visibility_for_remote_domain)
   end
 
   def owned?
@@ -52,7 +53,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def private?
-    record.private_visibility?
+    visibility_for_remote_domain == 'private'
   end
 
   def mention_exists?
@@ -71,6 +72,12 @@ class StatusPolicy < ApplicationPolicy
     author.domain_blocking?(current_account.domain)
   end
 
+  def conversation_author_blocking_domain?
+    return false if current_account.nil? || current_account.domain.nil? || conversation_owner.nil?
+
+    conversation_owner.domain_blocking?(current_account.domain)
+  end
+
   def blocking_author?
     return false if current_account.nil?
 
@@ -78,22 +85,63 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def author_blocking?
-    return false if current_account.nil?
+    return author.require_auth? if current_account.nil?
 
     @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][author.id] : author.blocking?(current_account)
   end
 
+  def conversation_author_blocking?
+    return false if conversation_owner.nil?
+
+    @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][conversation_owner.id] : conversation_owner.blocking?(current_account)
+  end
+
+  def blocked_by_owners?
+    return author_blocking? || author_blocking_domain? if conversation_owner&.id == author.id
+    return true if conversation_author_blocking? || author_blocking?
+
+    conversation_author_blocking_domain? || author_blocking_domain?
+  end
+
   def following_author?
     return false if current_account.nil?
 
     @preloaded_relations[:following] ? @preloaded_relations[:following][author.id] : current_account.following?(author)
   end
 
+  def following_conversation_owner?
+    return false if current_account.nil? || conversation_owner.nil?
+
+    @preloaded_relations[:following] ? @preloaded_relations[:following][conversation_owner.id] : current_account.following?(conversation_owner)
+  end
+
+  def following_owners?
+    return following_author? if conversation_owner&.id == author.id
+
+    following_conversation_owner? && following_author?
+  end
+
   def author
-    record.account
+    @author ||= record.account
   end
-  
+
+  def conversation_owner
+    @conversation_owner ||= record.conversation&.account
+  end
+
   def local_only?
     record.local_only?
   end
+
+  def published?
+    record.published?
+  end
+
+  def reply?
+    record.reply? && record.in_reply_to_account_id != author.id
+  end
+
+  def visibility_for_remote_domain
+    @visibility_for_domain ||= record.visibility_for_domain(current_account&.domain)
+  end
 end