From 98ad5936543097633d4b1417c637519e6d9ff82b Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Fri, 22 Nov 2019 23:35:13 -0700
Subject: [PATCH] Update StatusController

---
 app/Http/Controllers/StatusController.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php
index 364ca21a8..7327cc0a4 100644
--- a/app/Http/Controllers/StatusController.php
+++ b/app/Http/Controllers/StatusController.php
@@ -51,6 +51,12 @@ class StatusController extends Controller
             }
         }
 
+        if($status->type == 'archived') {
+            if(Auth::user()->profile_id !== $status->profile_id) {
+                abort(404);
+            }
+        }
+
         if ($request->wantsJson() && config('federation.activitypub.enabled')) {
             return $this->showActivityPub($request, $status);
         }
@@ -72,7 +78,7 @@ class StatusController extends Controller
     {
         abort(404);
         $profile = Profile::whereNull('status')->whereUsername($username)->first();
-        $status = Status::whereScope('private')->find($id);
+        $status = Status::whereProfileId($profile->id)->whereScope('public')->find($id);
         if(!$profile || !$status) {
             return view('status.embed-removed');
         }