projects / akkoma / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'develop' into global-status-expiration
[akkoma] / lib / pleroma / web / mastodon_api / controllers / account_controller.ex
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index 56e6214c516461e961bfd85abfa20a3f40f02169..21bc3d5a549d5fde33a633c00f1147df3968deb4 100644 (file)
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -59,14 +59,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
 
   plug(
     Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-    when action != :create
+    when action not in [:create, :show, :statuses]
   )
 
-  @relations [:follow, :unfollow]
+  @relationship_actions [:follow, :unfollow]
   @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
 
-  plug(RateLimiter, [name: :relations_id_action, params: ["id", "uri"]] when action in @relations)
-  plug(RateLimiter, [name: :relations_actions] when action in @relations)
+  plug(
+    RateLimiter,
+    [name: :relation_id_action, params: ["id", "uri"]] when action in @relationship_actions
+  )
+
+  plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
   plug(RateLimiter, [name: :app_account_creation] when action == :create)
   plug(:assign_account_by_id when action in @needs_account)
 
@@ -221,7 +225,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
 
   @doc "GET /api/v1/accounts/:id/statuses"
   def statuses(%{assigns: %{user: reading_user}} = conn, params) do
-    with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user) do
+    with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user),
+         true <- User.visible_for?(user, reading_user) do
       params =
         params
         |> Map.put("tag", params["tagged"])
@@ -233,6 +238,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       |> add_link_headers(activities)
       |> put_view(StatusView)
       |> render("index.json", activities: activities, for: reading_user, as: :activity)
+    else
+      _e -> render_error(conn, :not_found, "Can't find user")
     end
   end
 
Fork of https://akkoma.dev/AkkomaGang/akkoma.git