From 80e02b90e4210b0f4982be6a8e817900143374a5 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 21 Dec 2016 20:00:18 +0100
Subject: Private visibility on statuses prevents non-followers from seeing
 those Filters out hidden stream entries from Atom feed Blocks now generate
 hidden stream entries, can be used to federate blocks Private statuses cannot
 be reblogged (generates generic 422 error for now) POST /api/v1/statuses now
 takes visibility=(public|unlisted|private) param instead of unlisted boolean
 Statuses JSON now contains visibility=(public|unlisted|private) field

---
 app/controllers/api/v1/accounts_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'app/controllers/api/v1/accounts_controller.rb')

diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 0abdfd9fa..de53a9602 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -8,8 +8,7 @@ class Api::V1::AccountsController < ApiController
 
   respond_to :json
 
-  def show
-  end
+  def show; end
 
   def verify_credentials
     @account = current_user.account
@@ -47,7 +46,7 @@ class Api::V1::AccountsController < ApiController
   end
 
   def statuses
-    @statuses = @account.statuses.paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses, Status)
 
     set_maps(@statuses)
-- 
cgit