X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapistatusesretweet.php;h=6e6ebb038f8c83d6b8aa755fc4f6b738a4512aed;hb=0a19674c9f61d008069b5d9607179ea2dd7807f3;hp=ecc4a3f03301b92651dea1d5fe522f8792214f27;hpb=c4b8f68a1a3ed6422a2ed1cb7a8b5b5c65011b5f;p=quix0rs-gnu-social.git

diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php
index ecc4a3f033..6e6ebb038f 100644
--- a/actions/apistatusesretweet.php
+++ b/actions/apistatusesretweet.php
@@ -85,8 +85,29 @@ class ApiStatusesRetweetAction extends ApiAuthAction
             return false;
         }
 
+        // Is it OK to repeat that notice (general enough scope)?
+
+        if ($this->original->scope != Notice::SITE_SCOPE &&
+            $this->original->scope != Notice::PUBLIC_SCOPE) {
+            // TRANS: Client error displayed when trying to repeat a private notice.
+            $this->clientError(_('You may not repeat a private notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         $profile = $this->user->getProfile();
 
+        // Can the profile actually see that notice?
+
+        if (!$this->original->inScope($profile)) {
+            // TRANS: Client error displayed when trying to repeat a notice the user has no access to.
+            $this->clientError(_('No access to that notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         if ($profile->hasRepeated($id)) {
             // TRANS: Client error displayed trying to re-repeat a notice through the API.
             $this->clientError(_('Already repeated that notice.'),
@@ -94,6 +115,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction
             return false;
         }
 
+
         return true;
     }