diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php index 1e96cf058..fb3286d87 100644 --- a/app/Http/Controllers/DiscoverController.php +++ b/app/Http/Controllers/DiscoverController.php @@ -23,7 +23,6 @@ class DiscoverController extends Controller $following = Follower::whereProfileId($pid) ->pluck('following_id'); - $filtered = UserFilter::whereUserId($pid) ->whereFilterableType('App\Profile') ->whereIn('filter_type', ['mute', 'block']) @@ -36,10 +35,12 @@ class DiscoverController extends Controller $people = Profile::inRandomOrder() ->whereNotIn('id', $following) + ->whereIsPrivate(false) ->take(3) ->get(); $posts = Status::whereHas('media') + ->whereVisibility('public') ->where('profile_id', '!=', $pid) ->whereNotIn('profile_id', $following) ->orderBy('created_at', 'desc') diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 80f6bacbd..ca04e92b1 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -62,6 +62,7 @@ class ProfileController extends Controller ->whereHas('media') ->whereNull('in_reply_to_id') ->whereNull('reblog_of_id') + ->whereIn('visibility', ['public', 'unlisted']) ->orderBy('created_at', 'desc') ->withCount(['comments', 'likes']) ->simplePaginate(21); @@ -131,10 +132,10 @@ class ProfileController extends Controller $blocked = $this->blockedProfileCheck($profile); $check = $this->privateProfileCheck($profile, null); if($check || $blocked) { - return view('profile.private', compact('user')); + return redirect($profile->url()); } } - $items = $profile->statuses()->orderBy('created_at', 'desc')->take(10)->get(); + $items = $profile->statuses()->whereIn('visibility',['public', 'unlisted'])->orderBy('created_at', 'desc')->take(10)->get(); return response()->view('atom.user', compact('profile', 'items')) ->header('Content-Type', 'application/atom+xml'); } diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php index 3a6a2597e..a86209c3e 100644 --- a/app/Http/Controllers/StatusController.php +++ b/app/Http/Controllers/StatusController.php @@ -25,6 +25,16 @@ class StatusController extends Controller ->withCount(['likes', 'comments', 'media']) ->findOrFail($id); + if($status->visibility == 'private' || $user->is_private) { + if(!Auth::check()) { + abort(403); + } + $pid = Auth::user()->profile; + if($user->followedBy($pid) == false && $user->id !== $pid->id) { + abort(403); + } + } + if ($request->wantsJson() && config('pixelfed.activitypub_enabled')) { return $this->showActivityPub($request, $status); } @@ -80,6 +90,7 @@ class StatusController extends Controller 'cw' => 'nullable|string', 'filter_class' => 'nullable|string', 'filter_name' => 'nullable|string', + 'visibility' => 'required|string|min:5|max:10', ]); if (count($request->file('photo')) > config('pixelfed.max_album_length')) { @@ -89,11 +100,13 @@ class StatusController extends Controller $monthHash = hash('sha1', date('Y').date('m')); $userHash = hash('sha1', $user->id.(string) $user->created_at); $profile = $user->profile; + $visibility = $this->validateVisibility($request->visibility); $status = new Status(); $status->profile_id = $profile->id; $status->caption = strip_tags($request->caption); $status->is_nsfw = $cw; + $status->visibility = $visibility; $status->save(); @@ -252,4 +265,10 @@ class StatusController extends Controller abort(403); } } + + protected function validateVisibility($visibility) + { + $allowed = ['public', 'unlisted', 'private']; + return in_array($visibility, $allowed) ? $visibility : 'public'; + } } diff --git a/resources/views/timeline/partial/new-form.blade.php b/resources/views/timeline/partial/new-form.blade.php index 19076cc18..23b989614 100644 --- a/resources/views/timeline/partial/new-form.blade.php +++ b/resources/views/timeline/partial/new-form.blade.php @@ -31,6 +31,19 @@