diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php
index 8f9507febeafe7288c9675879cb3deff5443af52..2eb7a9b498f3b8cfaff06ec99ce7708f80ccf895 100644
--- a/app/Http/Controllers/PublicApiController.php
+++ b/app/Http/Controllers/PublicApiController.php
@@ -118,7 +118,9 @@ class PublicApiController extends Controller
$status = Status::whereProfileId($profile->id)->findOrFail($postid);
$this->scopeCheck($profile, $status);
if(!$request->user()) {
- $res = ['status' => StatusService::get($status->id)];
+ $cached = StatusService::get($status->id, false);
+ abort_if(!in_array($cached['visibility'], ['public', 'unlisted']), 403);
+ $res = ['status' => $cached];
} else {
$item = new Fractal\Resource\Item($status, new StatusStatelessTransformer());
$res = [
diff --git a/app/Http/Controllers/SpaController.php b/app/Http/Controllers/SpaController.php
index cf0e81352ed36b62e81e9bff2f58b7aaccbdba89..b05314f0664560e68a97a2e62ad85f73be0df37b 100644
--- a/app/Http/Controllers/SpaController.php
+++ b/app/Http/Controllers/SpaController.php
@@ -27,7 +27,11 @@ class SpaController extends Controller
return view('layouts.spa');
}
- $post = StatusService::get($id);
+ $post = StatusService::get($id, false);
+
+ if($post && !in_array($post['visibility'], ['public', 'unlisted'])) {
+ return redirect('/login');
+ }
if(
$post &&
diff --git a/app/Util/Sentiment/Bouncer.php b/app/Util/Sentiment/Bouncer.php
index 45e002952542a174571264e15af03f50b9bfc507..948cef412a538d3e339bceab15b7b8631c76ce45 100644
--- a/app/Util/Sentiment/Bouncer.php
+++ b/app/Util/Sentiment/Bouncer.php
@@ -6,6 +6,7 @@ use App\AccountInterstitial;
use App\Status;
use Cache;
use Illuminate\Support\Str;
+use App\Services\StatusService;
class Bouncer {
@@ -134,6 +135,8 @@ class Bouncer {
// $status->is_nsfw = true;
$status->save();
+ StatusService::del($status->id);
+
Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $status->profile_id);
Cache::forget('pf:bouncer_v0:recent_by_pid:' . $status->profile_id);
}