From a5a9f95840ea948f6ceeae2790a7fd433febb287 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 28 Jul 2020 06:57:52 -0500
Subject: [Privacy, API] Expose domain permissions to author

---
 app/serializers/rest/status_serializer.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app/serializers/rest')

diff --git a/app/serializers/rest/status_serializer.rb b/app/serializers/rest/status_serializer.rb
index 1c4b86c21..4b06ec268 100644
--- a/app/serializers/rest/status_serializer.rb
+++ b/app/serializers/rest/status_serializer.rb
@@ -36,6 +36,8 @@ class REST::StatusSerializer < ActiveModel::Serializer
   has_one :preview_card, key: :card, serializer: REST::PreviewCardSerializer
   has_one :preloadable_poll, key: :poll, serializer: REST::PollSerializer
 
+  has_many :domain_permissions, serializer: REST::StatusDomainPermissionSerializer, if: :locally_owned?
+
   def id
     object.id.to_s
   end
@@ -52,8 +54,16 @@ class REST::StatusSerializer < ActiveModel::Serializer
     !current_user.nil?
   end
 
+  def owned?
+    current_user? && current_user.account_id == object.account_id
+  end
+
+  def locally_owned?
+    object.local? && owned?
+  end
+
   def show_application?
-    object.account.user_shows_application? || (current_user? && current_user.account_id == object.account_id)
+    object.account.user_shows_application? || owned?
   end
 
   def visibility
-- 
cgit