Extract authorization policy for viewing statuses (#3150)

author: Jack Jennings <jack@standard-library.com> 2017-05-29 09:22:22 -0700
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-05-29 18:22:22 +0200
commit: 3a2003ba863252f305fb32098bcd3f095b10e2ff (patch)
tree: 6ff5f4a1cf6c9d042baca1441409afb9ac46775d /app/controllers/statuses_controller.rb
parent: 9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 696bb4f52..59c9d0a87 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class StatusesController < ApplicationController
+  include Authorization
+
   layout 'public'
 
   before_action :set_account
@@ -30,7 +32,10 @@ class StatusesController < ApplicationController
     @stream_entry = @status.stream_entry
     @type         = @stream_entry.activity_type.downcase
 
-    raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account)
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    # Reraise in order to get a 404
+    raise ActiveRecord::RecordNotFound
   end
 
   def check_account_suspension
author	Jack Jennings <jack@standard-library.com>	2017-05-29 09:22:22 -0700
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-05-29 18:22:22 +0200
commit	3a2003ba863252f305fb32098bcd3f095b10e2ff (patch)
tree	6ff5f4a1cf6c9d042baca1441409afb9ac46775d /app/controllers/statuses_controller.rb
parent	9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff)