From b0eade5ad6f8fa60939c7b416e063d81886f5917 Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Sun, 21 Jul 2019 22:15:36 -0500 Subject: allow self & signed-in local followers to read outbox when `hide public ap outbox` is set --- app/controllers/activitypub/outboxes_controller.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 00d050dc3..1da8b5913 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -55,10 +55,14 @@ class ActivityPub::OutboxesController < Api::BaseController def set_statuses return unless page_requested? - if @account.hidden || @account&.user && @account.user.hides_public_outbox? - @statuses = Status.none - else + account_owner = current_account && current_account.id == @account.id + outbox_hidden = @account&.user && @account.user.hides_public_outbox? + local_follower = current_account && current_account.following?(@account) + + if account_owner || !@account.hidden? || (outbox_hidden && local_follower) @statuses = @account.statuses.permitted_for(@account, signed_request_account) + else + @statuses = Status.none end @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id]) @statuses = cache_collection(@statuses, Status) -- cgit