From 51bab85b07b1433e832152f6498f203ec4b4434d Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Sun, 12 Jan 2020 23:56:43 -0600
Subject: add privacy option to limit lifespan of public access to post &
 object urls beyond local followers, default to 90 days

---
 app/policies/status_policy.rb | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'app/policies')

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 0961ec3e2..f23d089d4 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -13,13 +13,12 @@ class StatusPolicy < ApplicationPolicy
 
   def show?
     return false if local_only? && (current_account.nil? || !current_account.local?)
+    return true if owned? || mention_exists?
 
-    if direct?
-      owned? || mention_exists?
-    elsif private?
-      owned? || following_author? || mention_exists?
+    if private?
+      following_author? && still_accessible?
     else
-      current_account.nil? || !author_blocking?
+      author_allows_anon? && still_accessible? && !author_blocking? && (author_not_invisible? || following_author?)
     end
   end
 
@@ -90,4 +89,16 @@ class StatusPolicy < ApplicationPolicy
   def local_only?
     record.local_only?
   end
+
+  def still_accessible?
+    record.created_at > record.account.user.max_public_access.to_i.days.ago
+  end
+
+  def author_allows_anon?
+    (!current_account.nil? && user_signed_in?) || !record.account.block_anon
+  end
+
+  def author_not_invisible?
+    !record.account.hidden?
+  end
 end
-- 
cgit