diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 1e5945fdd..6f5fb3432 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -29,7 +29,7 @@ class AccountsController < ApplicationController end if current_user.nil? - @pinned_statuses = cache_collection(@account.pinned_statuses.without_local_only, Status) if show_pinned_statuses? + @pinned_statuses = cache_collection(filtered_pinned_statuses.without_local_only, Status) if show_pinned_statuses? else @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses? end diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb index 662a89927..46074847e 100644 --- a/spec/controllers/accounts_controller_spec.rb +++ b/spec/controllers/accounts_controller_spec.rb @@ -120,6 +120,11 @@ RSpec.describe AccountsController, type: :controller do expect(response.body).to include(I18n.t('stream_entries.pinned')) end + it 'does not render private pinned status' do + account.pinned_statuses << status_private + expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private)) + end + it 'does not render private status' do expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private)) end