Enable authorized fetch for individual users who block remote domainsfixes/per-user-authorized-fetch

2 files changed, 8 insertions, 4 deletions

diff --git a/app/controllers/concerns/account_owned_concern.rb b/app/controllers/concerns/account_owned_concern.rb
index 2b132417f7c..6cf714ea708 100644
--- a/app/controllers/concerns/account_owned_concern.rb
+++ b/app/controllers/concerns/account_owned_concern.rb
@@ -54,4 +54,8 @@ module AccountOwnedConcern
     expires_in(3.minutes, public: true)
     forbidden
   end
+
+  def authorized_fetch_mode?
+    super || @account.domain_blocks.exists?
+  end
 end
diff --git a/app/services/concerns/payloadable.rb b/app/services/concerns/payloadable.rb
index bd9d9d74b51..171716d29d6 100644
--- a/app/services/concerns/payloadable.rb
+++ b/app/services/concerns/payloadable.rb
@@ -11,20 +11,20 @@ module Payloadable
   # @option options [Boolean] :always_sign
   # @return [Hash]
   def serialize_payload(record, serializer, options = {})
-    signer      = options.delete(:signer)
+    @signer     = options.delete(:signer)
     sign_with   = options.delete(:sign_with)
     always_sign = options.delete(:always_sign)
     payload     = ActiveModelSerializers::SerializableResource.new(record, options.merge(serializer: serializer, adapter: ActivityPub::Adapter)).as_json
     object      = record.respond_to?(:virtual_object) ? record.virtual_object : record
 
-    if (object.respond_to?(:sign?) && object.sign?) && signer && (always_sign || signing_enabled?)
-      ActivityPub::LinkedDataSignature.new(payload).sign!(signer, sign_with: sign_with)
+    if (object.respond_to?(:sign?) && object.sign?) && @signer && (always_sign || signing_enabled?)
+      ActivityPub::LinkedDataSignature.new(payload).sign!(@signer, sign_with: sign_with)
     else
       payload
     end
   end
 
   def signing_enabled?
-    !authorized_fetch_mode?
+    !authorized_fetch_mode? && !@signer.domain_blocks.exists?
   end
 end