From 17cc996288ea3dc7643904238e32a95b51058ec0 Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Sun, 15 Nov 2020 17:32:29 +0900
Subject: [PATCH] =?UTF-8?q?=E4=BB=96=E4=BA=BA=E3=81=AEpublic=E3=81=AA?=
 =?UTF-8?q?=E3=82=AF=E3=83=AA=E3=83=83=E3=83=97=E3=82=92=E5=8F=96=E5=BE=97?=
 =?UTF-8?q?=E3=81=A7=E3=81=8D=E3=81=AA=E3=81=84=E5=95=8F=E9=A1=8C=E3=82=92?=
 =?UTF-8?q?=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/server/api/endpoints/clips/notes.ts | 5 ++++-
 src/server/api/endpoints/clips/show.ts  | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/server/api/endpoints/clips/notes.ts b/src/server/api/endpoints/clips/notes.ts
index 5289533a1e..3d66623d63 100644
--- a/src/server/api/endpoints/clips/notes.ts
+++ b/src/server/api/endpoints/clips/notes.ts
@@ -45,13 +45,16 @@ export const meta = {
 export default define(meta, async (ps, user) => {
 	const clip = await Clips.findOne({
 		id: ps.clipId,
-		userId: user.id
 	});
 
 	if (clip == null) {
 		throw new ApiError(meta.errors.noSuchClip);
 	}
 
+	if (!clip.isPublic && (clip.userId !== user.id)) {
+		throw new ApiError(meta.errors.noSuchClip);
+	}
+
 	const clipQuery = ClipNotes.createQueryBuilder('joining')
 		.select('joining.noteId')
 		.where('joining.clipId = :clipId', { clipId: clip.id });
diff --git a/src/server/api/endpoints/clips/show.ts b/src/server/api/endpoints/clips/show.ts
index 5b2b7b7d5e..1d4947528a 100644
--- a/src/server/api/endpoints/clips/show.ts
+++ b/src/server/api/endpoints/clips/show.ts
@@ -30,12 +30,15 @@ export default define(meta, async (ps, me) => {
 	// Fetch the clip
 	const clip = await Clips.findOne({
 		id: ps.clipId,
-		userId: me.id,
 	});
 
 	if (clip == null) {
 		throw new ApiError(meta.errors.noSuchClip);
 	}
 
+	if (!clip.isPublic && (clip.userId !== me.id)) {
+		throw new ApiError(meta.errors.noSuchClip);
+	}
+
 	return await Clips.pack(clip);
 });