From 8d0d6bcd0cf959de553fd26e36272f831f4a988b Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 6 Sep 2020 15:05:42 +0000
Subject: [PATCH 1/3] Issue 8882: Fixes permissions of pinned posts

---
 src/Model/Item.php            | 14 +++-----------
 src/Module/Profile/Status.php | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/Model/Item.php b/src/Model/Item.php
index 724f61e25d..d780010944 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -201,18 +201,10 @@ class Item
 			return [];
 		}
 
-		if (empty($condition) || !is_array($condition)) {
-			$condition = ['iid' => $pinned];
+		if (!empty($condition)) {
+			$condition = DBA::mergeConditions(['iid' => $pinned], $condition);
 		} else {
-			reset($condition);
-			$first_key = key($condition);
-			if (!is_int($first_key)) {
-				$condition['iid'] = $pinned;
-			} else {
-				$values_string = substr(str_repeat("?, ", count($pinned)), 0, -2);
-				$condition[0] = '(' . $condition[0] . ") AND `iid` IN (" . $values_string . ")";
-				$condition = array_merge($condition, $pinned);
-			}
+			$condition = ['iid' => $pinned];
 		}
 
 		return self::selectThreadForUser($uid, $selected, $condition, $params);
diff --git a/src/Module/Profile/Status.php b/src/Module/Profile/Status.php
index 200e03ca75..421c8acccd 100644
--- a/src/Module/Profile/Status.php
+++ b/src/Module/Profile/Status.php
@@ -232,7 +232,18 @@ class Status extends BaseProfile
 		$items = DBA::toArray($items_stmt);
 
 		if ($pager->getStart() == 0 && !empty($a->profile['uid'])) {
-			$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned']);
+			$condition = ['private' => [Item::PUBLIC, Item::UNLISTED]];
+			if (remote_user()) {
+				$permissionSets = DI::permissionSet()->selectByContactId(remote_user(), $a->profile['uid']);
+				if (!empty($permissionSets)) {
+					$condition = ['psid' => array_merge($permissionSets->column('id'),
+							[DI::permissionSet()->getIdFromACL($a->profile['uid'], '', '', '', '')])];
+				}
+			} elseif ($a->profile['uid'] == local_user()) {
+				$condition = [];
+			}
+	
+			$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned'], $condition);
 			$pinned = Item::inArray($pinned_items);
 			$items = array_merge($items, $pinned);
 		}

From 48524586459c86727efc96c851cbf64e9000e954 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 6 Sep 2020 20:28:08 +0000
Subject: [PATCH 2/3] Simplify the code / check number of parameters in
 mergeConditions

---
 src/Database/DBA.php | 4 ++++
 src/Model/Item.php   | 6 +-----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Database/DBA.php b/src/Database/DBA.php
index 273c87690b..b45f7cfb24 100644
--- a/src/Database/DBA.php
+++ b/src/Database/DBA.php
@@ -669,6 +669,10 @@ class DBA
 	 */
 	public static function mergeConditions(array ...$conditions)
 	{
+		if (count($conditions) == 1) {
+			return current($conditions);
+		}
+
 		$conditionStrings = [];
 		$result = [];
 
diff --git a/src/Model/Item.php b/src/Model/Item.php
index d780010944..af19ec16a7 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -201,11 +201,7 @@ class Item
 			return [];
 		}
 
-		if (!empty($condition)) {
-			$condition = DBA::mergeConditions(['iid' => $pinned], $condition);
-		} else {
-			$condition = ['iid' => $pinned];
-		}
+		$condition = DBA::mergeConditions(['iid' => $pinned], $condition);
 
 		return self::selectThreadForUser($uid, $selected, $condition, $params);
 	}

From 90315e34344fc229f5a3913db50c96df315c119a Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 7 Sep 2020 05:00:17 +0000
Subject: [PATCH 3/3] Don't perform actions on empty conditions

---
 src/Database/DBA.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Database/DBA.php b/src/Database/DBA.php
index b45f7cfb24..babc4500eb 100644
--- a/src/Database/DBA.php
+++ b/src/Database/DBA.php
@@ -677,6 +677,10 @@ class DBA
 		$result = [];
 
 		foreach ($conditions as $key => $condition) {
+			if (!$condition) {
+				continue;
+			}
+
 			$condition = self::collapseCondition($condition);
 
 			$conditionStrings[] = array_shift($condition);