Add moderator role and add pundit policies for admin actions (#5635)

* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
2017-11-11 20:23:33 +01:00 · 2017-11-11 20:23:33 +01:00 · 7bb8b0b2fc
commit 7bb8b0b2fc
parent 2b1190065c
44 changed files with 539 additions and 91 deletions
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@ -1,20 +1,17 @@
 # frozen_string_literal: true

-class StatusPolicy
-  attr_reader :account, :status
-
-  def initialize(account, status)
-    @account = account
-    @status = status
+class StatusPolicy < ApplicationPolicy
+  def index?
+    staff?
  end

  def show?
    if direct?
-      owned? || status.mentions.where(account: account).exists?
+      owned? || record.mentions.where(account: current_account).exists?
    elsif private?
-      owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
+      owned? || current_account&.following?(author) || record.mentions.where(account: current_account).exists?
    else
-      account.nil? || !status.account.blocking?(account)
+      current_account.nil? || !author.blocking?(current_account)
    end
  end

@ -23,26 +20,30 @@ class StatusPolicy
  end

  def destroy?
-    admin? || owned?
+    staff? || owned?
  end

  alias unreblog? destroy?

-  private
-
-  def admin?
-    account&.user&.admin?
+  def update?
+    staff?
  end

+  private
+
  def direct?
-    status.direct_visibility?
+    record.direct_visibility?
  end

  def owned?
-    status.account.id == account&.id
+    author.id == current_account&.id
  end

  def private?
-    status.private_visibility?
+    record.private_visibility?
+  end
+
+  def author
+    record.account
  end
 end