From f38ffcbfa2c9486406d40e47b45c1a2f7719a918 Mon Sep 17 00:00:00 2001
From: MelissaCole <melissa.engineer@gmail.com>
Date: Tue, 13 Oct 2015 11:38:58 -0700
Subject: [PATCH] Require mail permission to view /about/muted and unmute

---
 r2/r2/controllers/api.py               | 4 ++++
 r2/r2/controllers/listingcontroller.py | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index b42c34c12..238f95731 100644
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -857,6 +857,10 @@ class ApiController(RedditController):
                 required_perms.append('wiki')
             else:
                 required_perms.append('access')
+                # ability to unmute requires access and mail permissions
+                if type == 'muted':
+                    required_perms.append('mail')
+
         if (not c.user_is_admin
             and (type in self._sr_friend_types
                  and not container.is_moderator_with_perms(
diff --git a/r2/r2/controllers/listingcontroller.py b/r2/r2/controllers/listingcontroller.py
index a98cd80d0..95ae73ec5 100644
--- a/r2/r2/controllers/listingcontroller.py
+++ b/r2/r2/controllers/listingcontroller.py
@@ -1741,7 +1741,8 @@ class UserListListingController(ListingController):
             self.listing_cls = BannedListing
 
         elif where == 'muted':
-            if not has_mod_access:
+            if not (has_mod_access and
+                    c.site.is_moderator_with_perms(c.user, 'mail')):
                 abort(403)
             self.listing_cls = MutedListing