Add status destroy authorization to policy (#3453)

* Add status destroy authorization to policy * Create explicit unreblog status authorization
author: Jack Jennings <jack@standard-library.com> 2017-05-30 13:56:31 -0700
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-05-30 22:56:31 +0200
commit: 33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch)
tree: d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/policies
parent: 3576fa0d591db69a1727153a1130ff5bebf37167 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 41d63fcbc..2ded61850 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -10,9 +10,9 @@ class StatusPolicy
 
   def show?
     if direct?
-      status.account.id == account&.id || status.mentions.where(account: account).exists?
+      owned? || status.mentions.where(account: account).exists?
     elsif private?
-      status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
+      owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
     else
       account.nil? || !status.account.blocking?(account)
     end
@@ -22,12 +22,26 @@ class StatusPolicy
     !direct? && !private? && show?
   end
 
+  def destroy?
+    admin? || owned?
+  end
+
+  alias unreblog? destroy?
+
   private
 
+  def admin?
+    account&.user&.admin?
+  end
+
   def direct?
     status.direct_visibility?
   end
 
+  def owned?
+    status.account.id == account&.id
+  end
+
   def private?
     status.private_visibility?
   end
author	Jack Jennings <jack@standard-library.com>	2017-05-30 13:56:31 -0700
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-05-30 22:56:31 +0200
commit	33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch)
tree	d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/policies
parent	3576fa0d591db69a1727153a1130ff5bebf37167 (diff)