Daniel Supernault 6 年之前
父節點
當前提交
11ce7e617d
共有 2 個文件被更改,包括 5 次插入5 次删除
  1. 2 2
      app/Http/Controllers/PublicApiController.php
  2. 3 3
      app/Http/Controllers/StatusController.php

+ 2 - 2
app/Http/Controllers/PublicApiController.php

@@ -180,8 +180,8 @@ class PublicApiController extends Controller
                 if(!$user) {
                     abort(403);
                 } else {
-                    $follows = $profile->followedBy(Auth::user()->profile);
-                    if($follows == false && $profile->id !== $user->profile->id) {
+                    $follows = $profile->followedBy($user->profile);
+                    if($follows == false && $profile->id !== $user->profile->id && $user->is_admin == false) {
                         abort(404);
                     }
                 }

+ 3 - 3
app/Http/Controllers/StatusController.php

@@ -42,11 +42,11 @@ class StatusController extends Controller
 
         if($status->visibility == 'private' || $user->is_private) {
             if(!Auth::check()) {
-                abort(403);
+                abort(404);
             }
             $pid = Auth::user()->profile;
-            if($user->followedBy($pid) == false && $user->id !== $pid->id) {
-                abort(403);
+            if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
+                abort(404);
             }
         }