From ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 19 Jan 2023 06:37:24 -0700
Subject: [PATCH] Update BookmarkController

---
 app/Http/Controllers/BookmarkController.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/app/Http/Controllers/BookmarkController.php b/app/Http/Controllers/BookmarkController.php
index a340460b9..59ffeab36 100644
--- a/app/Http/Controllers/BookmarkController.php
+++ b/app/Http/Controllers/BookmarkController.php
@@ -7,6 +7,7 @@ use App\Status;
 use Auth;
 use Illuminate\Http\Request;
 use App\Services\BookmarkService;
+use App\Services\FollowerService;
 
 class BookmarkController extends Controller
 {
@@ -24,6 +25,16 @@ class BookmarkController extends Controller
         $profile = Auth::user()->profile;
         $status = Status::findOrFail($request->input('item'));
 
+        abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
+
+        if($status->scope == 'private') {
+            abort_if(
+                $profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id),
+                404,
+                'Error: Cannot bookmark private posts from accounts you do not follow.'
+            );
+        }
+
         $bookmark = Bookmark::firstOrCreate(
             ['status_id' => $status->id], ['profile_id' => $profile->id]
         );