diff options
author | Jack Jennings <jack@standard-library.com> | 2017-05-30 13:56:31 -0700 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-30 22:56:31 +0200 |
commit | 33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch) | |
tree | d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/policies | |
parent | 3576fa0d591db69a1727153a1130ff5bebf37167 (diff) |
Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy * Create explicit unreblog status authorization
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/status_policy.rb | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 41d63fcbc..2ded61850 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -10,9 +10,9 @@ class StatusPolicy def show? if direct? - status.account.id == account&.id || status.mentions.where(account: account).exists? + owned? || status.mentions.where(account: account).exists? elsif private? - status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists? + owned? || account&.following?(status.account) || status.mentions.where(account: account).exists? else account.nil? || !status.account.blocking?(account) end @@ -22,12 +22,26 @@ class StatusPolicy !direct? && !private? && show? end + def destroy? + admin? || owned? + end + + alias unreblog? destroy? + private + def admin? + account&.user&.admin? + end + def direct? status.direct_visibility? end + def owned? + status.account.id == account&.id + end + def private? status.private_visibility? end |