Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy * Create explicit unreblog status authorization
This commit is contained in:
Jack Jennings
Eugen Rochko
parent
3576fa0d59
commit
33f669a5f8
6 changed files with 78 additions and 5 deletions
|
|
@ -10,9 +10,9 @@ class StatusPolicy
|
|||
|
||||
def show?
|
||||
if direct?
|
||||
status.account.id == account&.id || status.mentions.where(account: account).exists?
|
||||
owned? || status.mentions.where(account: account).exists?
|
||||
elsif private?
|
||||
status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
|
||||
owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
|
||||
else
|
||||
account.nil? || !status.account.blocking?(account)
|
||||
end
|
||||
|
|
@ -22,12 +22,26 @@ class StatusPolicy
|
|||
!direct? && !private? && show?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
admin? || owned?
|
||||
end
|
||||
|
||||
alias unreblog? destroy?
|
||||
|
||||
private
|
||||
|
||||
def admin?
|
||||
account&.user&.admin?
|
||||
end
|
||||
|
||||
def direct?
|
||||
status.direct_visibility?
|
||||
end
|
||||
|
||||
def owned?
|
||||
status.account.id == account&.id
|
||||
end
|
||||
|
||||
def private?
|
||||
status.private_visibility?
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue