mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-12-25 01:05:36 +00:00
Fixes #658
This commit is contained in:
parent
b8bd5d160f
commit
11ce7e617d
2 changed files with 5 additions and 5 deletions
|
@ -180,8 +180,8 @@ class PublicApiController extends Controller
|
|||
if(!$user) {
|
||||
abort(403);
|
||||
} else {
|
||||
$follows = $profile->followedBy(Auth::user()->profile);
|
||||
if($follows == false && $profile->id !== $user->profile->id) {
|
||||
$follows = $profile->followedBy($user->profile);
|
||||
if($follows == false && $profile->id !== $user->profile->id && $user->is_admin == false) {
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,11 +42,11 @@ class StatusController extends Controller
|
|||
|
||||
if($status->visibility == 'private' || $user->is_private) {
|
||||
if(!Auth::check()) {
|
||||
abort(403);
|
||||
abort(404);
|
||||
}
|
||||
$pid = Auth::user()->profile;
|
||||
if($user->followedBy($pid) == false && $user->id !== $pid->id) {
|
||||
abort(403);
|
||||
if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue