From f0121d761a0fe3591b3790bd70674218362c470d Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 20:42:35 -0600 Subject: [PATCH 1/6] Update DiscoverController, fixes #445 --- app/Http/Controllers/DiscoverController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php index 1e96cf058..fb3286d87 100644 --- a/app/Http/Controllers/DiscoverController.php +++ b/app/Http/Controllers/DiscoverController.php @@ -23,7 +23,6 @@ class DiscoverController extends Controller $following = Follower::whereProfileId($pid) ->pluck('following_id'); - $filtered = UserFilter::whereUserId($pid) ->whereFilterableType('App\Profile') ->whereIn('filter_type', ['mute', 'block']) @@ -36,10 +35,12 @@ class DiscoverController extends Controller $people = Profile::inRandomOrder() ->whereNotIn('id', $following) + ->whereIsPrivate(false) ->take(3) ->get(); $posts = Status::whereHas('media') + ->whereVisibility('public') ->where('profile_id', '!=', $pid) ->whereNotIn('profile_id', $following) ->orderBy('created_at', 'desc') From 5b5a9d0a3a2602a20ed935a77fce342c72ab0f85 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 21:11:52 -0600 Subject: [PATCH 2/6] Update ProfileController --- app/Http/Controllers/ProfileController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 80f6bacbd..85c7a7aa8 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -62,6 +62,7 @@ class ProfileController extends Controller ->whereHas('media') ->whereNull('in_reply_to_id') ->whereNull('reblog_of_id') + ->whereIn('visibility', ['public', 'unlisted']) ->orderBy('created_at', 'desc') ->withCount(['comments', 'likes']) ->simplePaginate(21); From 43e36b45b279ca808777956b16e3954b37aecfaf Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 21:13:04 -0600 Subject: [PATCH 3/6] Update StatusController, add visibility --- app/Http/Controllers/StatusController.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php index 3a6a2597e..a86209c3e 100644 --- a/app/Http/Controllers/StatusController.php +++ b/app/Http/Controllers/StatusController.php @@ -25,6 +25,16 @@ class StatusController extends Controller ->withCount(['likes', 'comments', 'media']) ->findOrFail($id); + if($status->visibility == 'private' || $user->is_private) { + if(!Auth::check()) { + abort(403); + } + $pid = Auth::user()->profile; + if($user->followedBy($pid) == false && $user->id !== $pid->id) { + abort(403); + } + } + if ($request->wantsJson() && config('pixelfed.activitypub_enabled')) { return $this->showActivityPub($request, $status); } @@ -80,6 +90,7 @@ class StatusController extends Controller 'cw' => 'nullable|string', 'filter_class' => 'nullable|string', 'filter_name' => 'nullable|string', + 'visibility' => 'required|string|min:5|max:10', ]); if (count($request->file('photo')) > config('pixelfed.max_album_length')) { @@ -89,11 +100,13 @@ class StatusController extends Controller $monthHash = hash('sha1', date('Y').date('m')); $userHash = hash('sha1', $user->id.(string) $user->created_at); $profile = $user->profile; + $visibility = $this->validateVisibility($request->visibility); $status = new Status(); $status->profile_id = $profile->id; $status->caption = strip_tags($request->caption); $status->is_nsfw = $cw; + $status->visibility = $visibility; $status->save(); @@ -252,4 +265,10 @@ class StatusController extends Controller abort(403); } } + + protected function validateVisibility($visibility) + { + $allowed = ['public', 'unlisted', 'private']; + return in_array($visibility, $allowed) ? $visibility : 'public'; + } } From cabd47be0a88ddf0b3e674b4911b35392bc203d4 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 21:19:42 -0600 Subject: [PATCH 4/6] Update ProfileController --- app/Http/Controllers/ProfileController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 85c7a7aa8..e06789b58 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -135,7 +135,7 @@ class ProfileController extends Controller return view('profile.private', compact('user')); } } - $items = $profile->statuses()->orderBy('created_at', 'desc')->take(10)->get(); + $items = $profile->statuses()->whereIn('visibility',['public', 'unlisted'])->orderBy('created_at', 'desc')->take(10)->get(); return response()->view('atom.user', compact('profile', 'items')) ->header('Content-Type', 'application/atom+xml'); } From 64dae33a87446db01729b8bcf3cc745591d7411d Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 21:22:19 -0600 Subject: [PATCH 5/6] Update ProfileController --- app/Http/Controllers/ProfileController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index e06789b58..ca04e92b1 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -132,7 +132,7 @@ class ProfileController extends Controller $blocked = $this->blockedProfileCheck($profile); $check = $this->privateProfileCheck($profile, null); if($check || $blocked) { - return view('profile.private', compact('user')); + return redirect($profile->url()); } } $items = $profile->statuses()->whereIn('visibility',['public', 'unlisted'])->orderBy('created_at', 'desc')->take(10)->get(); From 7c1b0c2065150f4266bb887c3236c5617f52c283 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 8 Sep 2018 21:23:06 -0600 Subject: [PATCH 6/6] Update new post form --- resources/views/timeline/partial/new-form.blade.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/resources/views/timeline/partial/new-form.blade.php b/resources/views/timeline/partial/new-form.blade.php index 19076cc18..23b989614 100644 --- a/resources/views/timeline/partial/new-form.blade.php +++ b/resources/views/timeline/partial/new-form.blade.php @@ -31,6 +31,19 @@
+ +
+ +
+ + Set the visibility of this post. + +
+