diff options
| author | Fire Demon <firedemon@creature.cafe> | 2020-08-11 12:46:50 -0500 |
|---|---|---|
| committer | Fire Demon <firedemon@creature.cafe> | 2020-08-30 05:45:17 -0500 |
| commit | 163bc1a706e9a94687d28c885c1ff02089498b94 (patch) | |
| tree | 5ea1d2afcc87b216763d33f3590f15150498837b /app/controllers/api/v1/polls_controller.rb | |
| parent | 351b3819b29b316136553e1f88032a9df9a7a731 (diff) | |
[Privacy] Check permissions of boosts and dereference boosts before sending to public timelines
Diffstat (limited to 'app/controllers/api/v1/polls_controller.rb')
| -rw-r--r-- | app/controllers/api/v1/polls_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/api/v1/polls_controller.rb b/app/controllers/api/v1/polls_controller.rb index 6435e9f0d..75f5a9f08 100644 --- a/app/controllers/api/v1/polls_controller.rb +++ b/app/controllers/api/v1/polls_controller.rb @@ -16,6 +16,7 @@ class Api::V1::PollsController < Api::BaseController def set_poll @poll = Poll.attached.find(params[:id]) authorize @poll.status, :show? + authorize @poll.status.reblog, :show? if @poll.status.reblog? rescue Mastodon::NotPermittedError not_found end |