From 62bafa20a112ccdddaedb25723fc819dbbcd8e9a Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Mon, 1 Apr 2019 20:06:13 +0200
Subject: Hide blocking accounts from blocked users (#10442)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Revert "Add indication that you have been blocked in web UI (#10420)"

This reverts commit bd02ec6daa974dcd3231e73826a56e08dbeedadc.

* Revert "Add `blocked_by` relationship to the REST API (#10373)"

This reverts commit 9745de883b198375ba23f7fde879f6d75ce2df0f.

* Hide blocking accounts from search results

* Filter blocking accouts from account followers

* Filter blocking accouts from account's following accounts

* Filter blocking accounts from “reblogged by” and “favourited by” lists

* Remove blocking account from URL search

* Return 410 on trying to fetch user data from a user who blocked us

* Return 410 in /api/v1/account/statuses for suspended or blocking accounts

* Fix status filtering when performing URL search

* Restore some React improvements

Restore some cleanup from bd02ec6daa974dcd3231e73826a56e08dbeedadc

* Refactor by adding `without_blocking` scope
---
 .../api/v1/accounts/follower_accounts_controller.rb            |  2 +-
 .../api/v1/accounts/following_accounts_controller.rb           |  2 +-
 app/controllers/api/v1/accounts/statuses_controller.rb         | 10 ++++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'app/controllers/api/v1/accounts')

diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
index ec15debb0..7a45e6dd2 100644
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   end
 
   def default_accounts
-    Account.includes(:active_relationships, :account_stat).references(:active_relationships)
+    Account.without_blocking(current_account).includes(:active_relationships, :account_stat).references(:active_relationships)
   end
 
   def paginated_follows
diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb
index f3e112f2c..0369cb25e 100644
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   end
 
   def default_accounts
-    Account.includes(:passive_relationships, :account_stat).references(:passive_relationships)
+    Account.without_blocking(current_account).includes(:passive_relationships, :account_stat).references(:passive_relationships)
   end
 
   def paginated_follows
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 8cd8f8e79..7aba2d0bd 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -3,6 +3,8 @@
 class Api::V1::Accounts::StatusesController < Api::BaseController
   before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
+  before_action :check_account_suspension
+  before_action :check_account_block
   after_action :insert_pagination_headers
 
   respond_to :json
@@ -18,6 +20,14 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
     @account = Account.find(params[:account_id])
   end
 
+  def check_account_suspension
+    gone if @account.suspended?
+  end
+
+  def check_account_block
+    gone if current_account.present? && @account.blocking?(current_account)
+  end
+
   def load_statuses
     cached_account_statuses
   end
-- 
cgit