From 11ce7e617d4343053e1ebd933af1910d5a698f4c Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Fri, 12 Apr 2019 23:28:23 -0600
Subject: [PATCH] Fixes #658

---
 app/Http/Controllers/PublicApiController.php | 4 ++--
 app/Http/Controllers/StatusController.php    | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php
index c764f27cd..263b2a35a 100644
--- a/app/Http/Controllers/PublicApiController.php
+++ b/app/Http/Controllers/PublicApiController.php
@@ -180,8 +180,8 @@ class PublicApiController extends Controller
                 if(!$user) {
                     abort(403);
                 } else {
-                    $follows = $profile->followedBy(Auth::user()->profile);
-                    if($follows == false && $profile->id !== $user->profile->id) {
+                    $follows = $profile->followedBy($user->profile);
+                    if($follows == false && $profile->id !== $user->profile->id && $user->is_admin == false) {
                         abort(404);
                     }
                 }
diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php
index ad477fd26..c6e38754b 100644
--- a/app/Http/Controllers/StatusController.php
+++ b/app/Http/Controllers/StatusController.php
@@ -42,11 +42,11 @@ class StatusController extends Controller
 
         if($status->visibility == 'private' || $user->is_private) {
             if(!Auth::check()) {
-                abort(403);
+                abort(404);
             }
             $pid = Auth::user()->profile;
-            if($user->followedBy($pid) == false && $user->id !== $pid->id) {
-                abort(403);
+            if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
+                abort(404);
             }
         }