Filter searched toots to be consistent with blocking behaviors (#5383)

author: ThibG <thib@sitedethib.com> 2017-11-15 01:53:33 +0100
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-11-15 01:53:33 +0100
commit: 58bca7b1e43b4ceef58dae719071d76ca41582aa (patch)
tree: 7a13ccda9f9f6ecae3b1dfa3bb682403ce81912c /app/controllers
parent: 1c25853842075f88e3b6ed28decba3907d548f2e (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb
index bc5b8e5d4..997eed6e2 100644
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Api::V1::SearchController < Api::BaseController
+  include Authorization
+
   RESULTS_LIMIT = 5
 
   before_action -> { doorkeeper_authorize! :read }
@@ -9,12 +11,24 @@ class Api::V1::SearchController < Api::BaseController
   respond_to :json
 
   def index
-    @search = Search.new(search_results)
+    @search = Search.new(search)
     render json: @search, serializer: REST::SearchSerializer
   end
 
   private
 
+  def search
+    search_results.tap do |search|
+      search[:statuses].keep_if do |status|
+        begin
+          authorize status, :show?
+        rescue Mastodon::NotPermittedError
+          false
+        end
+      end
+    end
+  end
+
   def search_results
     SearchService.new.call(
       params[:q],
author	ThibG <thib@sitedethib.com>	2017-11-15 01:53:33 +0100
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-11-15 01:53:33 +0100
commit	58bca7b1e43b4ceef58dae719071d76ca41582aa (patch)
tree	7a13ccda9f9f6ecae3b1dfa3bb682403ce81912c /app/controllers
parent	1c25853842075f88e3b6ed28decba3907d548f2e (diff)