From 4c0e4d04c14fb9942c28cd04265ffe440eae0278 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 17 Dec 2019 10:42:31 -0800
Subject: [PATCH] 404 for protected posts when previously authorized

a user who had previously authenticated on a protected collection would
still see the post after the owner was silenced, with a banner meant for
the owner displayed.
---
 posts.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/posts.go b/posts.go
index 9440ad8..62a3ae3 100644
--- a/posts.go
+++ b/posts.go
@@ -1342,8 +1342,13 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 	if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
 		return ErrPostNotFound
 	}
-	if c.IsProtected() && ((u == nil || u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) {
-		return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
+	if c.IsProtected() && (u == nil || u.ID != c.OwnerID) {
+		if suspended {
+			return ErrPostNotFound
+		} else if !isAuthorizedForCollection(app, c.Alias, r) {
+			return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
+
+		}
 	}
 
 	cr.isCollOwner = u != nil && c.OwnerID == u.ID