diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php index 6fed4d5a..3a268502 100644 --- a/app/Http/Controllers/PublicApiController.php +++ b/app/Http/Controllers/PublicApiController.php @@ -174,12 +174,13 @@ class PublicApiController extends Controller switch ($status->scope) { case 'public': case 'unlisted': + break; case 'private': $user = Auth::check() ? Auth::user() : false; - if($user && $profile->is_private) { - $follows = Follower::whereProfileId($user->profile->id) - ->whereFollowingId($profile->id) - ->exists(); + if(!$user) { + abort(403); + } else { + $follows = $profile->followedBy(Auth::user()->profile); if($follows == false && $profile->id !== $user->profile->id) { abort(404); } @@ -430,7 +431,14 @@ class PublicApiController extends Controller $only_media = $request->only_media ?? false; $user = Auth::user(); $account = Profile::findOrFail($id); - $statuses = $account->statuses()->getQuery()->whereNull('uri'); + $statuses = $account->statuses() + ->getQuery() + ->whereNull('uri'); + if(!$user || $user->profile->id != $account->id && !$user->profile->follows($account)) { + $statuses = $statuses->whereVisibility('public'); + } else { + $statuses = $statuses->whereIn('visibility', ['public', 'unlisted', 'private']); + } if($only_media == true) { $statuses = $statuses ->whereHas('media') @@ -453,7 +461,7 @@ class PublicApiController extends Controller ->orderBy('id', 'DESC') ->paginate($limit); } else { - $statuses = $statuses->whereVisibility('public')->orderBy('id', 'desc')->paginate($limit); + $statuses = $statuses->orderBy('id', 'desc')->paginate($limit); } $resource = new Fractal\Resource\Collection($statuses, new StatusTransformer()); $res = $this->fractal->createData($resource)->toArray();