Add status destroy authorization to policy (#3453)

* Add status destroy authorization to policy * Create explicit unreblog status authorization
author: Jack Jennings <jack@standard-library.com> 2017-05-30 13:56:31 -0700
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-05-30 22:56:31 +0200
commit: 33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch)
tree: d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/services
parent: 3576fa0d591db69a1727153a1130ff5bebf37167 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/app/services/process_interaction_service.rb b/app/services/process_interaction_service.rb
index bd9afaf2e..584a109ad 100644
--- a/app/services/process_interaction_service.rb
+++ b/app/services/process_interaction_service.rb
@@ -2,6 +2,7 @@
 
 class ProcessInteractionService < BaseService
   include AuthorExtractor
+  include Authorization
 
   # Record locally the remote interaction with our user
   # @param [String] envelope Salmon envelope
@@ -46,7 +47,7 @@ class ProcessInteractionService < BaseService
         reflect_unblock!(account, target_account)
       end
     end
-  rescue Goldfinger::Error, HTTP::Error, OStatus2::BadSalmonError
+  rescue Goldfinger::Error, HTTP::Error, OStatus2::BadSalmonError, Mastodon::NotPermittedError
     nil
   end
 
@@ -103,7 +104,9 @@ class ProcessInteractionService < BaseService
 
     return if status.nil?
 
-    RemovalWorker.perform_async(status.id) if account.id == status.account_id
+    authorize_with account, status, :destroy?
+
+    RemovalWorker.perform_async(status.id)
   end
 
   def favourite!(xml, from_account)
author	Jack Jennings <jack@standard-library.com>	2017-05-30 13:56:31 -0700
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-05-30 22:56:31 +0200
commit	33f669a5f851b4095fb6189147ae0fe6f8343d44 (patch)
tree	d62452304cfc4a2a1414ca7f00e0947b4ab34359 /app/services
parent	3576fa0d591db69a1727153a1130ff5bebf37167 (diff)