From b65eb00c53af939444e0e891c0a3a4563f4897ac Mon Sep 17 00:00:00 2001 From: Alda Marteau-Hardi Date: Sat, 7 Apr 2018 21:33:01 +0200 Subject: Prevent admins and moderators eavesdropping in private and direct toots (#7067) Fix #6986 --- app/controllers/admin/statuses_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb index 5d4325f57..d5787acfb 100644 --- a/app/controllers/admin/statuses_controller.rb +++ b/app/controllers/admin/statuses_controller.rb @@ -12,7 +12,7 @@ module Admin def index authorize :status, :index? - @statuses = @account.statuses + @statuses = @account.statuses.where(visibility: [:public, :unlisted]) if params[:media] account_media_status_ids = @account.media_attachments.attached.reorder(nil).select(:status_id).distinct -- cgit