From 052ddf862f16039fa23f647825a8377d6e338ce2 Mon Sep 17 00:00:00 2001
From: trisua <me@trisua.com>
Date: Sun, 13 Jul 2025 19:05:17 -0400
Subject: [PATCH] fix: check permissions before asking about a post

---
 crates/core/src/database/questions.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/crates/core/src/database/questions.rs b/crates/core/src/database/questions.rs
index 900d68c..253b6c2 100644
--- a/crates/core/src/database/questions.rs
+++ b/crates/core/src/database/questions.rs
@@ -427,6 +427,22 @@ impl DataManager {
             }
         }
 
+        // check asking_about
+        if let Some(id) = data.context.asking_about {
+            let post = self.get_post_by_id(id).await?;
+            let owner = self.get_user_by_id(post.owner).await?;
+
+            if post.stack != 0 {
+                return Err(Error::MiscError(
+                    "Cannot ask about posts in a circle".to_string(),
+                ));
+            } else if owner.settings.private_profile {
+                return Err(Error::MiscError(
+                    "Cannot ask about posts from a private user".to_string(),
+                ));
+            }
+        }
+
         // create uploads
         if drawings.len() > 2 {
             return Err(Error::MiscError(