diff options
author | ThibG <thib@sitedethib.com> | 2020-01-03 05:01:45 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2020-01-03 05:01:45 +0100 |
commit | e4d75f238b751329f1d9729046cc65b7b363c7d8 (patch) | |
tree | 9d1dc1e78590bce11e71edd65855317c0c3bcd3e | |
parent | 6a8c8dc6fb67f58f5aadc082fe49d0fcdc5e47ed (diff) |
Fix URL search not returning private toots user has access to (#12742)
-rw-r--r-- | app/services/resolve_url_service.rb | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/app/services/resolve_url_service.rb b/app/services/resolve_url_service.rb index 79b1bad0c..1a2b0d60c 100644 --- a/app/services/resolve_url_service.rb +++ b/app/services/resolve_url_service.rb @@ -12,6 +12,8 @@ class ResolveURLService < BaseService process_local_url elsif !fetched_resource.nil? process_url + elsif @on_behalf_of.present? + process_url_from_db end end @@ -24,15 +26,19 @@ class ResolveURLService < BaseService status = FetchRemoteStatusService.new.call(resource_url, body) authorize_with @on_behalf_of, status, :show? unless status.nil? status - elsif fetched_resource.nil? && @on_behalf_of.present? - # It may happen that the resource is a private toot, and thus not fetchable, - # but we can return the toot if we already know about it. - status = Status.find_by(uri: @url) || Status.find_by(url: @url) - authorize_with @on_behalf_of, status, :show? unless status.nil? - status end end + def process_url_from_db + # It may happen that the resource is a private toot, and thus not fetchable, + # but we can return the toot if we already know about it. + status = Status.find_by(uri: @url) || Status.find_by(url: @url) + authorize_with @on_behalf_of, status, :show? unless status.nil? + status + rescue Mastodon::NotPermittedError + nil + end + def fetched_resource @fetched_resource ||= FetchResourceService.new.call(@url) end |