From 88815a7d6b2850c02eb7409537474248b9afab7c Mon Sep 17 00:00:00 2001
From: Andrew Shu <talklittle@gmail.com>
Date: Sun, 31 Aug 2025 23:32:56 -0700
Subject: [PATCH] API: Cut off comment subtree if no permission to view

---
 tildes/tildes/views/api/beta/comment.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/tildes/tildes/views/api/beta/comment.py b/tildes/tildes/views/api/beta/comment.py
index 7d37aa2..a07c914 100644
--- a/tildes/tildes/views/api/beta/comment.py
+++ b/tildes/tildes/views/api/beta/comment.py
@@ -80,10 +80,16 @@ def comment_subtree_to_api_dict(
     for comment in comments:
         comment_dict = comment_to_api_dict(request, comment)
         comment_dict["depth"] = comment.depth
-        comment_dict["children"] = (
-            comment_subtree_to_api_dict(request, comment.replies)
-            if comment.replies
-            else []
-        )
+
+        if request.has_permission("view", comment) or not comment.removed_marker:
+            # Recursively display reply comments, unless we hit a "removed marker"
+            comment_dict["children"] = (
+                comment_subtree_to_api_dict(request, comment.replies)
+                if comment.replies
+                else []
+            )
+        else:
+            comment_dict["children"] = []
+
         comments_list.append(comment_dict)
     return comments_list