aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/www/api/activity
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/www/api/activity')
-rw-r--r--src/main/java/com/juick/www/api/activity/Profile.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/api/activity/Profile.java b/src/main/java/com/juick/www/api/activity/Profile.java
index f37ef6ff..68ea66ae 100644
--- a/src/main/java/com/juick/www/api/activity/Profile.java
+++ b/src/main/java/com/juick/www/api/activity/Profile.java
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.juick.model.Message;
import com.juick.model.User;
+import com.juick.util.HttpForbiddenException;
import com.juick.util.formatters.PlainTextFormatter;
import com.juick.model.CommandResult;
import com.juick.ActivityPubManager;
@@ -258,6 +259,9 @@ public class Profile {
Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE, MediaType.APPLICATION_JSON_VALUE })
public Context showNote(@PathVariable int mid, @PathVariable int rid) {
var message = activityPubManager.findMessage(mid, rid);
+ if (!messagesService.canViewThread(mid, 0)) {
+ throw new HttpForbiddenException();
+ }
if (message != null) {
return Context.build(activityPubManager.makeNote(message));
}