From e58f2240d337b3828bb6d5f58d3ed328112f0de7 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 28 Jun 2022 14:59:30 +0100 Subject: [PATCH] Add visibility check in context path --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2eff4d9d0..60f4c44d7 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -384,11 +384,13 @@ def reblogged_by(%{assigns: %{user: user}} = conn, %{id: id}) do def context(%{assigns: %{user: user}} = conn, %{id: id}) do with %Activity{} = activity <- Activity.get_by_id(id) do activities = - ActivityPub.fetch_activities_for_context(activity.data["context"], %{ + activity.data["context"] + |> ActivityPub.fetch_activities_for_context(%{ blocking_user: user, user: user, exclude_id: activity.id }) + |> Enum.filter(fn activity -> Visibility.visible_for_user?(activity, user) end) render(conn, "context.json", activity: activity, activities: activities, user: user) end