[#114] Made MastodonAPI and TwitterAPI user show actions return 404 for auth-inactive...

[akkoma] / lib / pleroma / web / mastodon_api / mastodon_api_controller.ex

diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 665b7543769ac5f59b22d1414f081c7ebe219d74..c6db894427b7a8f5071c50f40329b5ff5104e9a7 100644 (file)
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -110,7 +110,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   end
 
   def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do
-    with %User{} = user <- Repo.get(User, id) do
+    with %User{} = user <- Repo.get(User, id),
+         true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
       account = AccountView.render("account.json", %{user: user, for: for_user})
       json(conn, account)
     else