From 8d28649e1b64e8d4eb15fd3923020950a58966e7 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Mon, 6 Sep 2021 09:10:19 +0000
Subject: check the post_mail permission for direct messages

---
 Zotlabs/Lib/Activity.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'Zotlabs/Lib/Activity.php')

diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 971381fb2..14d4a1d71 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -1815,12 +1815,19 @@ class Activity {
 		}
 		else {
 			if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && !$is_sys_channel) {
-				logger('no permission');
+				logger('no send_stream permission');
 				return;
 			}
 			$s['owner_xchan'] = $s['author_xchan'] = $observer_hash;
 		}
 
+		if (intval($item['item_private']) === 2) {
+			if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) {
+				logger('no post_mail permission');
+				return;
+			}
+		}
+
 		$abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
 			dbesc($observer_hash),
 			intval($channel['channel_id'])
@@ -2672,6 +2679,11 @@ class Activity {
 			$allowed = true;
 		}
 
+		if (intval($item['item_private']) === 2) {
+			if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'post_mail')) {
+				$allowed = false;
+			}
+		}
 
 		if ($is_sys_channel) {
 
-- 
cgit v1.2.3