about summary refs log tree commit diff
path: root/app/policies
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/account_domain_permission_policy.rb17
-rw-r--r--app/policies/custom_emoji_policy.rb36
-rw-r--r--app/policies/status_policy.rb19
3 files changed, 60 insertions, 12 deletions
diff --git a/app/policies/account_domain_permission_policy.rb b/app/policies/account_domain_permission_policy.rb
new file mode 100644
index 000000000..b50857f9f
--- /dev/null
+++ b/app/policies/account_domain_permission_policy.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AccountDomainPermissionPolicy < ApplicationPolicy
+  def update?
+    owned?
+  end
+
+  def destroy?
+    owned?
+  end
+
+  private
+
+  def owned?
+    record.account_id == current_account&.id
+  end
+end
diff --git a/app/policies/custom_emoji_policy.rb b/app/policies/custom_emoji_policy.rb
index a8c3cbc73..7e585a3d6 100644
--- a/app/policies/custom_emoji_policy.rb
+++ b/app/policies/custom_emoji_policy.rb
@@ -2,30 +2,52 @@
 
 class CustomEmojiPolicy < ApplicationPolicy
   def index?
-    staff?
+    user_signed_in?
   end
 
   def create?
-    admin?
+    user_signed_in?
   end
 
   def update?
-    admin?
+    user_signed_in? && owned?
   end
 
   def copy?
-    admin?
+    staff? || (user_signed_in? && new_or_owned?)
   end
 
   def enable?
-    staff?
+    user_signed_in? && owned?
   end
 
   def disable?
-    staff?
+    user_signed_in? && owned?
   end
 
   def destroy?
-    admin?
+    user_signed_in? && owned?
+  end
+
+  def claim?
+    staff? || claimable?
+  end
+
+  def unclaim?
+    user_signed_in? && owned?
+  end
+
+  private
+
+  def owned?
+    staff? || (current_account.present? && record.account_id == current_account.id)
+  end
+
+  def new_or_owned?
+    !CustomEmoji.where(domain: nil, shortcode: record.shortcode).where('account_id IS NULL OR account_id != ?', current_account.id).exists?
+  end
+
+  def claimable?
+    record.local? ? record.account_id.blank? || record.account_id == current_account.id : new_or_owned?
   end
 end
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index d0359580d..56c217cec 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -13,7 +13,8 @@ class StatusPolicy < ApplicationPolicy
 
   def show?
     return false if author.suspended?
-    return false if local_only? && (current_account.nil? || !current_account.local?)
+    return false if local_only? && !current_account&.local?
+    return false unless published? || owned?
 
     if requires_mention?
       owned? || mention_exists?
@@ -25,7 +26,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def reblog?
-    !requires_mention? && (!private? || owned?) && show? && !blocking_author?
+    published? && !requires_mention? && (!private? || owned?) && show? && !blocking_author?
   end
 
   def favourite?
@@ -45,7 +46,7 @@ class StatusPolicy < ApplicationPolicy
   private
 
   def requires_mention?
-    record.direct_visibility? || record.limited_visibility?
+    %w(direct limited).include?(visibility_for_remote_domain)
   end
 
   def owned?
@@ -53,7 +54,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def private?
-    record.private_visibility?
+    visibility_for_remote_domain == 'private'
   end
 
   def mention_exists?
@@ -79,7 +80,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def author_blocking?
-    return false if current_account.nil?
+    return author.require_auth? if current_account.nil?
 
     @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][author.id] : author.blocking?(current_account)
   end
@@ -97,4 +98,12 @@ class StatusPolicy < ApplicationPolicy
   def local_only?
     record.local_only?
   end
+
+  def published?
+    record.published?
+  end
+
+  def visibility_for_remote_domain
+    @visibility_for_domain ||= record.visibility_for_domain(current_account&.domain)
+  end
 end
generated by cgit-pink (git 2.37.1) at 2024-06-02 16:09:21 +0000