diff --git a/crates/app/src/public/html/profile/posts.html b/crates/app/src/public/html/profile/posts.html
index 5d9d687..d0ef890 100644
--- a/crates/app/src/public/html/profile/posts.html
+++ b/crates/app/src/public/html/profile/posts.html
@@ -13,10 +13,12 @@ profile.settings.enable_questions and user %}
<div class="card flex flex-col gap-4">
<!-- prettier-ignore -->
{% for post in pinned %}
- {% if post[0].context.repost and post[0].context.repost.reposting %}
- {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true, can_manage_post=is_self) }}
- {% else %}
- {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2], can_manage_post=is_self) }}
+ {% if post[2].read_access == "Everybody" %}
+ {% if post[0].context.repost and post[0].context.repost.reposting %}
+ {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true, can_manage_post=is_self) }}
+ {% else %}
+ {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2], can_manage_post=is_self) }}
+ {% endif %}
{% endif %}
{% endfor %}
</div>
diff --git a/crates/app/src/public/html/timelines/all.html b/crates/app/src/public/html/timelines/all.html
index 175fcdc..7e78de3 100644
--- a/crates/app/src/public/html/timelines/all.html
+++ b/crates/app/src/public/html/timelines/all.html
@@ -7,10 +7,12 @@
<!-- prettier-ignore -->
<div class="card w-full flex flex-col gap-2">
{% for post in list %}
- {% if post[0].context.repost and post[0].context.repost.reposting %}
- {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
- {% else %}
- {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% if post[2].read_access == "Everybody" %}
+ {% if post[0].context.repost and post[0].context.repost.reposting %}
+ {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
+ {% else %}
+ {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% endif %}
{% endif %}
{% endfor %}
diff --git a/crates/app/src/public/html/timelines/following.html b/crates/app/src/public/html/timelines/following.html
index 91d1891..ddc3f96 100644
--- a/crates/app/src/public/html/timelines/following.html
+++ b/crates/app/src/public/html/timelines/following.html
@@ -7,10 +7,12 @@
<!-- prettier-ignore -->
<div class="card w-full flex flex-col gap-2">
{% for post in list %}
- {% if post[0].context.repost and post[0].context.repost.reposting %}
- {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
- {% else %}
- {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% if post[2].read_access == "Everybody" %}
+ {% if post[0].context.repost and post[0].context.repost.reposting %}
+ {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
+ {% else %}
+ {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% endif %}
{% endif %}
{% endfor %}
diff --git a/crates/app/src/public/html/timelines/popular.html b/crates/app/src/public/html/timelines/popular.html
index 82a6eaa..b8b8f87 100644
--- a/crates/app/src/public/html/timelines/popular.html
+++ b/crates/app/src/public/html/timelines/popular.html
@@ -7,10 +7,12 @@
<!-- prettier-ignore -->
<div class="card w-full flex flex-col gap-2">
{% for post in list %}
- {% if post[0].context.repost and post[0].context.repost.reposting %}
- {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
- {% else %}
- {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% if post[2].read_access == "Everybody" %}
+ {% if post[0].context.repost and post[0].context.repost.reposting %}
+ {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
+ {% else %}
+ {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+ {% endif %}
{% endif %}
{% endfor %}
diff --git a/crates/app/src/routes/pages/communities.rs b/crates/app/src/routes/pages/communities.rs
index bab04ca..2405c45 100644
--- a/crates/app/src/routes/pages/communities.rs
+++ b/crates/app/src/routes/pages/communities.rs
@@ -551,6 +551,12 @@ pub async fn post_request(
// check permissions
let (can_read, can_manage_pins) = check_permissions!(community, jar, data, user);
+ if !can_read {
+ return Err(Html(
+ render_error(Error::NotAllowed, &jar, &data, &user).await,
+ ));
+ }
+
// ...
let feed = match data.0.get_post_comments(post.id, 12, props.page).await {
Ok(p) => match data.0.fill_posts(p).await {
@@ -736,6 +742,12 @@ pub async fn question_request(
// check permissions
let (can_read, _) = check_permissions!(community, jar, data, user);
+ if !can_read {
+ return Err(Html(
+ render_error(Error::NotAllowed, &jar, &data, &user).await,
+ ));
+ }
+
// ...
let feed = match data
.0