From 3f79c75942de0098d582916af3d12f506394d97d Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 21 Jul 2020 14:53:41 -0500
Subject: [Privacy] Limit visibility of replies to private threads and branches

---
 app/models/status.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'app/models/status.rb')

diff --git a/app/models/status.rb b/app/models/status.rb
index 74012c22e..120a69715 100644
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -30,6 +30,7 @@
 #  published              :boolean          default(TRUE), not null
 #
 
+# rubocop:disable Metrics/ClassLength
 class Status < ApplicationRecord
   before_destroy :unlink_from_conversations
 
@@ -289,8 +290,8 @@ class Status < ApplicationRecord
 
   before_validation :prepare_contents, if: :local?
   before_validation :set_reblog
-  before_validation :set_visibility
   before_validation :set_conversation
+  before_validation :set_visibility
   before_validation :set_local
 
   after_create :set_poll_id
@@ -422,14 +423,14 @@ class Status < ApplicationRecord
       else
         # followers can see followers-only stuff, but also things they are mentioned in.
         # non-followers can see everything that isn't private/direct, but can see stuff they are mentioned in.
-        visibility.push(:private) if account.following?(target_account) && (user_signed_in || target_account.show_unlisted?)
-
         scope = left_outer_joins(:reblog).published
 
         scope = scope.where(visibility: visibility)
                      .or(scope.where(id: account.mentions.select(:status_id)))
                      .merge(scope.where(reblog_of_id: nil).or(scope.where.not(reblogs_statuses: { account_id: account.excluded_from_timeline_account_ids })))
 
+        scope = scope.or(scope.where(visibility: :private).without_replies) if account.following?(target_account)
+
         apply_timeline_filters(scope, account, false)
       end
     end
@@ -539,6 +540,7 @@ class Status < ApplicationRecord
   def set_visibility
     self.visibility = reblog.visibility if reblog? && visibility.nil?
     self.visibility = (account.locked? ? :private : :public) if visibility.nil?
+    self.visibility = thread.visibility unless thread.nil? || %w(public unlisted).include?(thread.visibility) || ['direct', 'limited', thread.visibility].include?(visibility.to_s)
     self.sensitive  = false if sensitive.nil?
   end
 
@@ -614,3 +616,4 @@ class Status < ApplicationRecord
     end
   end
 end
+# rubocop:enable Metrics/ClassLength
\ No newline at end of file
-- 
cgit