diff options
-rw-r--r-- | app/policies/status_policy.rb | 2 | ||||
-rw-r--r-- | spec/policies/status_policy_spec.rb | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 8e0c1eef1..369ede2b0 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -6,7 +6,7 @@ class StatusPolicy < ApplicationPolicy end def show? - return false if local_only? && account.nil? + return false if local_only? && current_account.nil? if direct? owned? || record.mentions.where(account: current_account).exists? diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index bacb8fd9e..a90e22aad 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -71,6 +71,12 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to_not permit(viewer, status) end + + it 'denies access when local-only and the viewer is not logged in' do + allow(status).to receive(:local_only?) { true } + + expect(subject).to_not permit(nil, status) + end end permissions :reblog? do |