diff options
author | Jack Jennings <jack@standard-library.com> | 2017-05-29 09:22:22 -0700 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-29 18:22:22 +0200 |
commit | 3a2003ba863252f305fb32098bcd3f095b10e2ff (patch) | |
tree | 6ff5f4a1cf6c9d042baca1441409afb9ac46775d /app/controllers/statuses_controller.rb | |
parent | 9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff) |
Extract authorization policy for viewing statuses (#3150)
Diffstat (limited to 'app/controllers/statuses_controller.rb')
-rw-r--r-- | app/controllers/statuses_controller.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 696bb4f52..59c9d0a87 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class StatusesController < ApplicationController + include Authorization + layout 'public' before_action :set_account @@ -30,7 +32,10 @@ class StatusesController < ApplicationController @stream_entry = @status.stream_entry @type = @stream_entry.activity_type.downcase - raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account) + authorize @status, :show? + rescue Mastodon::NotPermittedError + # Reraise in order to get a 404 + raise ActiveRecord::RecordNotFound end def check_account_suspension |