about summary refs log tree commit diff
path: root/app/policies
diff options
context:
space:
mode:
authorJack Jennings <jack@standard-library.com>2017-05-30 13:56:31 -0700
committerEugen Rochko <eugen@zeonfederated.com>2017-05-30 22:56:31 +0200
commit33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch)
treed62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/policies
parent3576fa0d591db69a1727153a1130ff5bebf37167 (diff)
Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy

* Create explicit unreblog status authorization
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/status_policy.rb18
1 files changed, 16 insertions, 2 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 41d63fcbc..2ded61850 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -10,9 +10,9 @@ class StatusPolicy
 
   def show?
     if direct?
-      status.account.id == account&.id || status.mentions.where(account: account).exists?
+      owned? || status.mentions.where(account: account).exists?
     elsif private?
-      status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
+      owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
     else
       account.nil? || !status.account.blocking?(account)
     end
@@ -22,12 +22,26 @@ class StatusPolicy
     !direct? && !private? && show?
   end
 
+  def destroy?
+    admin? || owned?
+  end
+
+  alias unreblog? destroy?
+
   private
 
+  def admin?
+    account&.user&.admin?
+  end
+
   def direct?
     status.direct_visibility?
   end
 
+  def owned?
+    status.account.id == account&.id
+  end
+
   def private?
     status.private_visibility?
   end