diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 7e153f396..fb0b7b68e 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -943,7 +943,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def visible_for_user?(activity, user) do x = [user.ap_id | user.following] - y = activity.data["to"] ++ (activity.data["cc"] || []) + y = [activity.actor] ++ activity.data["to"] ++ (activity.data["cc"] || []) visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y)) end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 60738301b..cf7458d5f 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1518,9 +1518,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def status_card(conn, %{"id" => status_id}) do + def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do with %Activity{} = activity <- Repo.get(Activity, status_id), - true <- ActivityPub.is_public?(activity) do + true <- ActivityPub.visible_for_user?(activity, user) do data = StatusView.render( "card.json", diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 3dfbc8669..b52c2b805 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1744,6 +1744,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do } } + # works with private posts + {:ok, activity} = + CommonAPI.post(user, %{"status" => "http://example.com/ogp", "visibility" => "direct"}) + + response_two = + conn + |> assign(:user, user) + |> get("/api/v1/statuses/#{activity.id}/card") + |> json_response(200) + + assert response_two == response + Pleroma.Config.put([:rich_media, :enabled], false) end end