dff532ac72
It doesn't make sense to like, react, reply, etc to something you cannot see and is unexpected for the author of the interacted with post and might make them believe the reacting user actually _can_ see the post. Wrt to fav, reblog, reaction indexes the missing visibility check was also leaking some (presumably/hopefully) low-severity data. Add full-API test for all modes of interactions with private posts. |
||
|---|---|---|
| .. | ||
| account_controller.ex | ||
| app_controller.ex | ||
| backup_controller.ex | ||
| conversation_controller.ex | ||
| emoji_file_controller.ex | ||
| emoji_pack_controller.ex | ||
| emoji_reaction_controller.ex | ||
| instances_controller.ex | ||
| mascot_controller.ex | ||
| notification_controller.ex | ||
| report_controller.ex | ||
| two_factor_authentication_controller.ex | ||
| user_import_controller.ex | ||