diff options
| author | Jack Jennings <jack@standard-library.com> | 2017-05-30 13:56:31 -0700 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-30 22:56:31 +0200 |
| commit | 33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch) | |
| tree | d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/controllers/api/v1 | |
| parent | 3576fa0d591db69a1727153a1130ff5bebf37167 (diff) | |
Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy * Create explicit unreblog status authorization
Diffstat (limited to 'app/controllers/api/v1')
| -rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 592540f45..7386d7158 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -79,7 +79,10 @@ class Api::V1::StatusesController < ApiController def destroy @status = Status.where(account_id: current_user.account).find(params[:id]) + authorize @status, :destroy? + RemovalWorker.perform_async(@status.id) + render_empty end @@ -93,6 +96,8 @@ class Api::V1::StatusesController < ApiController @status = reblog.reblog @reblogs_map = { @status.id => false } + authorize reblog, :unreblog? + RemovalWorker.perform_async(reblog.id) render :show |