diff options
author | ThibG <thib@sitedethib.com> | 2018-08-15 19:33:36 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-15 19:33:36 +0200 |
commit | af912fb308cffe98f52e155484c4c6b0a62efceb (patch) | |
tree | ec736e705d01d1f679b0f7e98ac7d977d5da07e8 /app | |
parent | 4df9cabb22cbed8f9cd8af45325ecdcc7c72d6cb (diff) |
Allow accessing local private/DM messages by URL (#8196)
* Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests
Diffstat (limited to 'app')
-rw-r--r-- | app/services/resolve_url_service.rb | 10 | ||||
-rw-r--r-- | app/services/search_service.rb | 2 |
2 files changed, 9 insertions, 3 deletions
diff --git a/app/services/resolve_url_service.rb b/app/services/resolve_url_service.rb index a068c1ed8..1db1917e2 100644 --- a/app/services/resolve_url_service.rb +++ b/app/services/resolve_url_service.rb @@ -2,11 +2,13 @@ class ResolveURLService < BaseService include JsonLdHelper + include Authorization attr_reader :url - def call(url) + def call(url, on_behalf_of: nil) @url = url + @on_behalf_of = on_behalf_of return process_local_url if local_url? @@ -84,6 +86,10 @@ class ResolveURLService < BaseService def check_local_status(status) return if status.nil? - status if status.public_visibility? || status.unlisted_visibility? + authorize_with @on_behalf_of, status, :show? + status + rescue Mastodon::NotPermittedError + # Do not disclose the existence of status the user is not authorized to see + nil end end diff --git a/app/services/search_service.rb b/app/services/search_service.rb index 5bb395942..cc1fcb52f 100644 --- a/app/services/search_service.rb +++ b/app/services/search_service.rb @@ -53,7 +53,7 @@ class SearchService < BaseService end def url_resource - @_url_resource ||= ResolveURLService.new.call(query) + @_url_resource ||= ResolveURLService.new.call(query, on_behalf_of: @account) end def url_resource_symbol |