about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJack Jennings <jack@standard-library.com>2017-05-30 06:16:14 -0700
committerEugen Rochko <eugen@zeonfederated.com>2017-05-30 15:16:14 +0200
commite031fd60ad9ee492fbbda319eaeb213098898d03 (patch)
tree212e09bc3b785addd5d0c45583b4b4a3ef7042eb
parentbc4fad9e22695aae04cf06ada7f1c70887028cde (diff)
Move status reblog authorization into policy (#3425)
-rw-r--r--app/policies/status_policy.rb18
-rw-r--r--app/services/reblog_service.rb3
-rw-r--r--spec/policies/status_policy_spec.rb32
3 files changed, 42 insertions, 11 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 658ba6d12..41d63fcbc 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -9,12 +9,26 @@ class StatusPolicy
   end
 
   def show?
-    if status.direct_visibility?
+    if direct?
       status.account.id == account&.id || status.mentions.where(account: account).exists?
-    elsif status.private_visibility?
+    elsif private?
       status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
     else
       account.nil? || !status.account.blocking?(account)
     end
   end
+
+  def reblog?
+    !direct? && !private? && show?
+  end
+
+  private
+
+  def direct?
+    status.direct_visibility?
+  end
+
+  def private?
+    status.private_visibility?
+  end
 end
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 9c44b1980..a3636a283 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -11,8 +11,7 @@ class ReblogService < BaseService
   def call(account, reblogged_status)
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
 
-    authorize_with account, reblogged_status, :show?
-    raise Mastodon::NotPermittedError if reblogged_status.direct_visibility? || reblogged_status.private_visibility?
+    authorize_with account, reblogged_status, :reblog?
 
     reblog = account.statuses.create!(reblog: reblogged_status, text: '')
 
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb
index ee7060b98..b969988e9 100644
--- a/spec/policies/status_policy_spec.rb
+++ b/spec/policies/status_policy_spec.rb
@@ -7,6 +7,20 @@ RSpec.describe StatusPolicy, type: :model do
   let(:alice) { Fabricate(:account, username: 'alice') }
   let(:status) { Fabricate(:status, account: alice) }
 
+  permissions :show?, :reblog? do
+    it 'grants access when no viewer' do
+      expect(subject).to permit(nil, status)
+    end
+
+    it 'denies access when viewer is blocked' do
+      block = Fabricate(:block)
+      status.visibility = :private
+      status.account = block.target_account
+
+      expect(subject).to_not permit(block.account, status)
+    end
+  end
+
   permissions :show? do
     it 'grants access when direct and account is viewer' do
       status.visibility = :direct
@@ -54,17 +68,21 @@ RSpec.describe StatusPolicy, type: :model do
 
       expect(subject).to_not permit(viewer, status)
     end
+  end
 
-    it 'grants access when no viewer' do
-      expect(subject).to permit(nil, status)
+  permissions :reblog? do
+    it 'denies access when private' do
+      viewer = Fabricate(:account)
+      status.visibility = :private
+
+      expect(subject).to_not permit(viewer, status)
     end
 
-    it 'denies access when viewer is blocked' do
-      block = Fabricate(:block)
-      status.visibility = :private
-      status.account = block.target_account
+    it 'denies access when direct' do
+      viewer = Fabricate(:account)
+      status.visibility = :direct
 
-      expect(subject).to_not permit(block.account, status)
+      expect(subject).to_not permit(viewer, status)
     end
   end
 end