@evan Fixed message domain for messages in plugins for recent commits.

[quix0rs-gnu-social.git] / actions / apistatusesretweet.php

diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php
index ecc4a3f03301b92651dea1d5fe522f8792214f27..6e6ebb038f8c83d6b8aa755fc4f6b738a4512aed 100644 (file)
--- a/actions/apistatusesretweet.php
+++ b/actions/apistatusesretweet.php
@@ -85,8 +85,29 @@ class ApiStatusesRetweetAction extends ApiAuthAction
             return false;
         }
 
+        // Is it OK to repeat that notice (general enough scope)?
+
+        if ($this->original->scope != Notice::SITE_SCOPE &&
+            $this->original->scope != Notice::PUBLIC_SCOPE) {
+            // TRANS: Client error displayed when trying to repeat a private notice.
+            $this->clientError(_('You may not repeat a private notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         $profile = $this->user->getProfile();
 
+        // Can the profile actually see that notice?
+
+        if (!$this->original->inScope($profile)) {
+            // TRANS: Client error displayed when trying to repeat a notice the user has no access to.
+            $this->clientError(_('No access to that notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         if ($profile->hasRepeated($id)) {
             // TRANS: Client error displayed trying to re-repeat a notice through the API.
             $this->clientError(_('Already repeated that notice.'),
@@ -94,6 +115,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction
             return false;
         }
 
+
         return true;
     }