From 58b80d03de8a79ef3764c9bd48a22317e6bf6b95 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Mon, 2 Nov 2020 01:44:20 -0600
Subject: Further limit visibility of followers-only reply branches to
 participants only

---
 app/lib/activitypub/activity/create.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 8aaa31aed..fd0b406b4 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -218,6 +218,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
       @params[:visibility] = :limited
     end
 
+    @params[:visibility] = :limited if @params[:reply] && @params[:visibility] == :private && @mentions.pluck(:account_id).without(@account.id).present?
+
     # If the payload was delivered to a specific inbox, the inbox owner must have
     # access to it, unless they already have access to it anyway
     return if @options[:delivered_to_account_id].nil? || @mentions.any? { |mention| mention.account_id == @options[:delivered_to_account_id] }
-- 
cgit