From 62296f5a251e376bed5b234a66b20226dbd58419 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Fri, 22 Feb 2019 12:02:51 +0100
Subject: [PATCH] Fix private post card handling.

---
 lib/pleroma/web/activity_pub/activity_pub.ex         |  2 +-
 .../web/mastodon_api/mastodon_api_controller.ex      |  4 ++--
 .../mastodon_api/mastodon_api_controller_test.exs    | 12 ++++++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 7e153f396..fb0b7b68e 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -943,7 +943,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   def visible_for_user?(activity, user) do
     x = [user.ap_id | user.following]
-    y = activity.data["to"] ++ (activity.data["cc"] || [])
+    y = [activity.actor] ++ activity.data["to"] ++ (activity.data["cc"] || [])
     visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y))
   end
 
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 60738301b..cf7458d5f 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -1518,9 +1518,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     end
   end
 
-  def status_card(conn, %{"id" => status_id}) do
+  def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do
     with %Activity{} = activity <- Repo.get(Activity, status_id),
-         true <- ActivityPub.is_public?(activity) do
+         true <- ActivityPub.visible_for_user?(activity, user) do
       data =
         StatusView.render(
           "card.json",
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 3dfbc8669..b52c2b805 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -1744,6 +1744,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
                }
              }
 
+      # works with private posts
+      {:ok, activity} =
+        CommonAPI.post(user, %{"status" => "http://example.com/ogp", "visibility" => "direct"})
+
+      response_two =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/statuses/#{activity.id}/card")
+        |> json_response(200)
+
+      assert response_two == response
+
       Pleroma.Config.put([:rich_media, :enabled], false)
     end
   end
-- 
GitLab