ActivityPub compatibility with private posts

author: Vitaly Takmazov 2023-04-18 13:36:37 +0300
committer: Vitaly Takmazov 2023-04-18 13:36:37 +0300
commit: 66801ba91a51c9b7df6d85136d677350d2495b86 (patch)
tree: 6ed5b2ee31b5bb3158ae1d3b791a6e284f438465 /src/main/java/com/juick/www/api/activity
parent: 9e34dffdcdeac0057f1bbd36a3978b992f2c4790 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/api/activity/Profile.java b/src/main/java/com/juick/www/api/activity/Profile.java
index f37ef6ff..68ea66ae 100644
--- a/src/main/java/com/juick/www/api/activity/Profile.java
+++ b/src/main/java/com/juick/www/api/activity/Profile.java
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.juick.model.Message;
 import com.juick.model.User;
+import com.juick.util.HttpForbiddenException;
 import com.juick.util.formatters.PlainTextFormatter;
 import com.juick.model.CommandResult;
 import com.juick.ActivityPubManager;
@@ -258,6 +259,9 @@ public class Profile {
         Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE, MediaType.APPLICATION_JSON_VALUE })
     public Context showNote(@PathVariable int mid, @PathVariable int rid) {
         var message = activityPubManager.findMessage(mid, rid);
+        if (!messagesService.canViewThread(mid, 0)) {
+            throw new HttpForbiddenException();
+        }
         if (message != null) {
             return Context.build(activityPubManager.makeNote(message));
         }
author	Vitaly Takmazov	2023-04-18 13:36:37 +0300
committer	Vitaly Takmazov	2023-04-18 13:36:37 +0300
commit	66801ba91a51c9b7df6d85136d677350d2495b86 (patch)
tree	6ed5b2ee31b5bb3158ae1d3b791a6e284f438465 /src/main/java/com/juick/www/api/activity
parent	9e34dffdcdeac0057f1bbd36a3978b992f2c4790 (diff)