From 054e15e4f03eecb174374466581b9662a6b38e24 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 28 Jul 2020 20:40:25 -0500
Subject: [Privacy] Add options for private accounts

---
 app/controllers/activitypub/outboxes_controller.rb | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'app/controllers/activitypub/outboxes_controller.rb')

diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 60f1c526b..c4c0ce0c9 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -10,9 +10,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   before_action :set_statuses
   before_action :set_cache_headers
 
+  before_action :require_authenticated!, if: -> { @account.require_auth? }
+  before_action -> { require_following!(@account) }, if: -> { @account.private? }
+
   def show
     expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
-    render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: signed_request_account&.domain
+    render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: current_account&.domain
   end
 
   private
@@ -49,7 +52,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def set_statuses
     return unless page_requested?
 
-    @statuses = if known_visitor?
+    @statuses = if authenticated_or_following?(@account)
                   @account.statuses.without_semiprivate.permitted_for(@account, signed_request_account)
                 else
                   @account.statuses.permitted_for(@account, signed_request_account, user_signed_in: true)
@@ -66,8 +69,4 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def page_params
     { page: true, max_id: params[:max_id], min_id: params[:min_id] }.compact
   end
-
-  def known_visitor?
-    @known_visitor ||= user_signed_in? || (signed_request_account.present? && signed_request_account.following?(@account))
-  end
 end
-- 
cgit