diff options
author | ThibG <thib@sitedethib.com> | 2018-08-17 18:09:30 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-17 18:09:30 +0200 |
commit | 32075fe27f699d5a586e6ecf26c172550f9d4086 (patch) | |
tree | 61f48fa2dee608f72990f76a8f0497d670339252 /app/services | |
parent | 4a6bc2482a26aa0441485ca360a3d3c0eeea7fe4 (diff) | |
parent | a16ff45d81d77d93f33ad57e746c780392ab1a1c (diff) |
Merge pull request #642 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/authorize_follow_service.rb | 2 | ||||
-rw-r--r-- | app/services/resolve_url_service.rb | 10 | ||||
-rw-r--r-- | app/services/search_service.rb | 2 |
3 files changed, 10 insertions, 4 deletions
diff --git a/app/services/authorize_follow_service.rb b/app/services/authorize_follow_service.rb index f47d488f1..1674239df 100644 --- a/app/services/authorize_follow_service.rb +++ b/app/services/authorize_follow_service.rb @@ -3,7 +3,7 @@ class AuthorizeFollowService < BaseService def call(source_account, target_account, **options) if options[:skip_follow_request] - follow_request = FollowRequest.new(account: source_account, target_account: target_account) + follow_request = FollowRequest.new(account: source_account, target_account: target_account, uri: options[:follow_request_uri]) else follow_request = FollowRequest.find_by!(account: source_account, target_account: target_account) follow_request.authorize! diff --git a/app/services/resolve_url_service.rb b/app/services/resolve_url_service.rb index a068c1ed8..1db1917e2 100644 --- a/app/services/resolve_url_service.rb +++ b/app/services/resolve_url_service.rb @@ -2,11 +2,13 @@ class ResolveURLService < BaseService include JsonLdHelper + include Authorization attr_reader :url - def call(url) + def call(url, on_behalf_of: nil) @url = url + @on_behalf_of = on_behalf_of return process_local_url if local_url? @@ -84,6 +86,10 @@ class ResolveURLService < BaseService def check_local_status(status) return if status.nil? - status if status.public_visibility? || status.unlisted_visibility? + authorize_with @on_behalf_of, status, :show? + status + rescue Mastodon::NotPermittedError + # Do not disclose the existence of status the user is not authorized to see + nil end end diff --git a/app/services/search_service.rb b/app/services/search_service.rb index 5bb395942..cc1fcb52f 100644 --- a/app/services/search_service.rb +++ b/app/services/search_service.rb @@ -53,7 +53,7 @@ class SearchService < BaseService end def url_resource - @_url_resource ||= ResolveURLService.new.call(query) + @_url_resource ||= ResolveURLService.new.call(query, on_behalf_of: @account) end def url_resource_symbol |