diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2017-11-11 20:23:33 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-11 20:23:33 +0100 |
commit | 7bb8b0b2fc0e2e42a4234fed18198cbb7439fe9f (patch) | |
tree | f629ef40a5e7253c3d7bf353959951c93e5aad6f /app/policies/status_policy.rb | |
parent | 2b1190065c54f071ae384f6e05b4a087987febba (diff) |
Add moderator role and add pundit policies for admin actions (#5635)
* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
Diffstat (limited to 'app/policies/status_policy.rb')
-rw-r--r-- | app/policies/status_policy.rb | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 2ded61850..0373fdf04 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -1,20 +1,17 @@ # frozen_string_literal: true -class StatusPolicy - attr_reader :account, :status - - def initialize(account, status) - @account = account - @status = status +class StatusPolicy < ApplicationPolicy + def index? + staff? end def show? if direct? - owned? || status.mentions.where(account: account).exists? + owned? || record.mentions.where(account: current_account).exists? elsif private? - owned? || account&.following?(status.account) || status.mentions.where(account: account).exists? + owned? || current_account&.following?(author) || record.mentions.where(account: current_account).exists? else - account.nil? || !status.account.blocking?(account) + current_account.nil? || !author.blocking?(current_account) end end @@ -23,26 +20,30 @@ class StatusPolicy end def destroy? - admin? || owned? + staff? || owned? end alias unreblog? destroy? - private - - def admin? - account&.user&.admin? + def update? + staff? end + private + def direct? - status.direct_visibility? + record.direct_visibility? end def owned? - status.account.id == account&.id + author.id == current_account&.id end def private? - status.private_visibility? + record.private_visibility? + end + + def author + record.account end end |