From d9c8abca54326c13810e87352e33a85fa6ca04db Mon Sep 17 00:00:00 2001 From: Fire Demon Date: Sun, 26 Jul 2020 06:37:23 -0500 Subject: [Privacy] Exclude mixed-privacy posts from public collections unless the requesting actor is locally authenticated or follows the author --- app/models/status.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'app/models') diff --git a/app/models/status.rb b/app/models/status.rb index 4806f81f4..8bb830c9d 100644 --- a/app/models/status.rb +++ b/app/models/status.rb @@ -29,6 +29,7 @@ # nest_level :integer default(0), not null # published :boolean default(TRUE), not null # title :text +# semiprivate :boolean default(FALSE), not null # # rubocop:disable Metrics/ClassLength @@ -126,6 +127,7 @@ class Status < ApplicationRecord scope :including_unpublished, -> { unscope(where: :published) } scope :unpublished, -> { rewhere(published: false) } scope :published, -> { where(published: true) } + scope :without_semiprivate, -> { where(semiprivate: false) } scope :not_hidden_by_account, ->(account) do left_outer_joins(:mutes, :conversation_mute).where('(status_mutes.account_id IS NULL OR status_mutes.account_id != ?) AND (conversation_mutes.account_id IS NULL OR (conversation_mutes.account_id != ? AND conversation_mutes.hidden = TRUE))', account.id, account.id) @@ -314,6 +316,7 @@ class Status < ApplicationRecord before_validation :set_reblog before_validation :set_conversation_perms before_validation :set_local + before_validation :set_semiprivate, if: :local? after_create :set_poll_id @@ -607,6 +610,10 @@ class Status < ApplicationRecord end end + def set_semiprivate + self.semiprivate = domain_permissions.exists? || account.followers.where(domain: account.domain_permissions.select(:domain)).exists? + end + def update_statistics return unless distributable? -- cgit