about summary refs log tree commit diff
path: root/app/policies
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/account_moderation_note_policy.rb4
-rw-r--r--app/policies/account_policy.rb44
-rw-r--r--app/policies/account_warning_preset_policy.rb8
-rw-r--r--app/policies/application_policy.rb2
-rw-r--r--app/policies/custom_emoji_policy.rb6
-rw-r--r--app/policies/domain_block_policy.rb10
-rw-r--r--app/policies/email_domain_block_policy.rb6
-rw-r--r--app/policies/instance_policy.rb4
-rw-r--r--app/policies/invite_policy.rb6
-rw-r--r--app/policies/relay_policy.rb2
-rw-r--r--app/policies/report_note_policy.rb4
-rw-r--r--app/policies/report_policy.rb6
-rw-r--r--app/policies/settings_policy.rb4
-rw-r--r--app/policies/status_policy.rb6
-rw-r--r--app/policies/tag_policy.rb6
-rw-r--r--app/policies/user_policy.rb24
16 files changed, 71 insertions, 71 deletions
diff --git a/app/policies/account_moderation_note_policy.rb b/app/policies/account_moderation_note_policy.rb
index 885411a5b..781cf75ff 100644
--- a/app/policies/account_moderation_note_policy.rb
+++ b/app/policies/account_moderation_note_policy.rb
@@ -2,11 +2,11 @@
 
 class AccountModerationNotePolicy < ApplicationPolicy
   def create?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def destroy?
-    admin? || owner?
+    (!defanged? && admin?) || owner?
   end
 
   private
diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb
index b05709183..3ac0c4c6a 100644
--- a/app/policies/account_policy.rb
+++ b/app/policies/account_policy.rb
@@ -2,90 +2,90 @@
 
 class AccountPolicy < ApplicationPolicy
   def index?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def show?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def warn?
-    staff? && !record.user&.staff?
+    !defanged? && staff? && has_more_authority_than?(record&.user)
   end
 
   def mark_known?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def mark_unknown?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def manual_only?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def auto_trust?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def suspend?
-    staff? && !record.user&.staff?
+    !defanged? && staff? && has_more_authority_than?(record&.user)
   end
 
   def unsuspend?
-    staff?
+    !defanged? && staff? && has_more_authority_than?(record&.user)
   end
 
   def silence?
-    staff? && !record.user&.staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record.user)
   end
 
   def unsilence?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def force_unlisted?
-    staff?
+    !defanged? && staff? && has_more_authority_than?(record&.user)
   end
 
   def allow_public?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def force_sensitive?
-    staff?
+    !defanged? && staff? && has_more_authority_than?(record&.user)
   end
 
   def allow_nonsensitive?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def redownload?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def sync?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def remove_avatar?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def remove_header?
-    staff?
+    !defanged? && can_moderate? && has_more_authority_than?(record&.user)
   end
 
   def subscribe?
-    admin?
+    !defanged? && admin?
   end
 
   def unsubscribe?
-    admin?
+    !defanged? && admin?
   end
 
   def memorialize?
-    admin? && !record.user&.admin?
+    !defanged? && staff? && !record.user&.staff?
   end
 end
diff --git a/app/policies/account_warning_preset_policy.rb b/app/policies/account_warning_preset_policy.rb
index bccbd33ef..4667c86b0 100644
--- a/app/policies/account_warning_preset_policy.rb
+++ b/app/policies/account_warning_preset_policy.rb
@@ -2,18 +2,18 @@
 
 class AccountWarningPresetPolicy < ApplicationPolicy
   def index?
-    staff?
+    !defanged? && staff?
   end
 
   def create?
-    staff?
+    !defanged? && staff?
   end
 
   def update?
-    staff?
+    !defanged? && staff?
   end
 
   def destroy?
-    staff?
+    !defanged? && staff?
   end
 end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index d1de5e81a..7b1332209 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -8,7 +8,7 @@ class ApplicationPolicy
     @record          = record
   end
 
-  delegate :admin?, :moderator?, :staff?, to: :current_user, allow_nil: true
+  delegate :admin?, :moderator?, :halfmod?, :staff?, :can_moderate?, :has_more_authority_than?, to: :current_user, allow_nil: true
 
   private
 
diff --git a/app/policies/custom_emoji_policy.rb b/app/policies/custom_emoji_policy.rb
index 768afc3e9..74a38e47d 100644
--- a/app/policies/custom_emoji_policy.rb
+++ b/app/policies/custom_emoji_policy.rb
@@ -10,7 +10,7 @@ class CustomEmojiPolicy < ApplicationPolicy
   end
 
   def update?
-    staff?
+    can_moderate?
   end
 
   def copy?
@@ -18,11 +18,11 @@ class CustomEmojiPolicy < ApplicationPolicy
   end
 
   def enable?
-    staff?
+    can_moderate?
   end
 
   def disable?
-    staff?
+    can_moderate?
   end
 
   def destroy?
diff --git a/app/policies/domain_block_policy.rb b/app/policies/domain_block_policy.rb
index 0ce6baccf..4cd4d550a 100644
--- a/app/policies/domain_block_policy.rb
+++ b/app/policies/domain_block_policy.rb
@@ -2,22 +2,22 @@
 
 class DomainBlockPolicy < ApplicationPolicy
   def index?
-    staff?
+    !defanged? && staff?
   end
 
   def show?
-    staff?
+    !defanged? && staff?
   end
 
   def create?
-    staff?
+    !defanged? && staff?
   end
 
   def destroy?
-    staff?
+    !defanged? && staff?
   end
 
   def update?
-    staff?
+    !defanged? && staff?
   end
 end
diff --git a/app/policies/email_domain_block_policy.rb b/app/policies/email_domain_block_policy.rb
index 5a75ee183..36d547539 100644
--- a/app/policies/email_domain_block_policy.rb
+++ b/app/policies/email_domain_block_policy.rb
@@ -2,14 +2,14 @@
 
 class EmailDomainBlockPolicy < ApplicationPolicy
   def index?
-    admin?
+    !defanged? && staff?
   end
 
   def create?
-    admin?
+    !defanged? && staff?
   end
 
   def destroy?
-    admin?
+    !defanged? && staff?
   end
 end
diff --git a/app/policies/instance_policy.rb b/app/policies/instance_policy.rb
index a73823556..f63107815 100644
--- a/app/policies/instance_policy.rb
+++ b/app/policies/instance_policy.rb
@@ -2,10 +2,10 @@
 
 class InstancePolicy < ApplicationPolicy
   def index?
-    admin?
+    !defanged? && admin?
   end
 
   def show?
-    admin?
+    !defanged? && admin?
   end
 end
diff --git a/app/policies/invite_policy.rb b/app/policies/invite_policy.rb
index 14236f78b..44fa56049 100644
--- a/app/policies/invite_policy.rb
+++ b/app/policies/invite_policy.rb
@@ -2,7 +2,7 @@
 
 class InvitePolicy < ApplicationPolicy
   def index?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def create?
@@ -10,11 +10,11 @@ class InvitePolicy < ApplicationPolicy
   end
 
   def deactivate_all?
-    admin?
+    !defanged? && admin?
   end
 
   def destroy?
-    owner? || (Setting.min_invite_role == 'admin' ? admin? : staff?)
+    owner? || (!defanged? && (Setting.min_invite_role == 'admin' ? admin? : can_moderate?))
   end
 
   private
diff --git a/app/policies/relay_policy.rb b/app/policies/relay_policy.rb
index bd75e2197..5ad61a16d 100644
--- a/app/policies/relay_policy.rb
+++ b/app/policies/relay_policy.rb
@@ -2,6 +2,6 @@
 
 class RelayPolicy < ApplicationPolicy
   def update?
-    admin?
+    !defanged? && admin?
   end
 end
diff --git a/app/policies/report_note_policy.rb b/app/policies/report_note_policy.rb
index 694bc096b..b6dde2f2b 100644
--- a/app/policies/report_note_policy.rb
+++ b/app/policies/report_note_policy.rb
@@ -2,11 +2,11 @@
 
 class ReportNotePolicy < ApplicationPolicy
   def create?
-    staff?
+    !defanged? && staff?
   end
 
   def destroy?
-    admin? || owner?
+    (!defanged? && admin?) || owner?
   end
 
   private
diff --git a/app/policies/report_policy.rb b/app/policies/report_policy.rb
index 95b5c30c8..6dbd37916 100644
--- a/app/policies/report_policy.rb
+++ b/app/policies/report_policy.rb
@@ -2,14 +2,14 @@
 
 class ReportPolicy < ApplicationPolicy
   def update?
-    staff?
+    !defanged? && staff?
   end
 
   def index?
-    staff?
+    !defanged? && staff?
   end
 
   def show?
-    staff?
+    !defanged? && staff?
   end
 end
diff --git a/app/policies/settings_policy.rb b/app/policies/settings_policy.rb
index 2dcb79f51..3b170f6e2 100644
--- a/app/policies/settings_policy.rb
+++ b/app/policies/settings_policy.rb
@@ -2,10 +2,10 @@
 
 class SettingsPolicy < ApplicationPolicy
   def update?
-    admin?
+    !defanged? && admin?
   end
 
   def show?
-    admin?
+    !defanged? && admin?
   end
 end
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index c573ba7a1..8600183dc 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -8,7 +8,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def index?
-    staff?
+    !defanged? && staff?
   end
 
   def show?
@@ -33,13 +33,13 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def destroy?
-    staff? || owned?
+    (!defanged? && staff?) || owned?
   end
 
   alias unreblog? destroy?
 
   def update?
-    staff?
+    (!defanged? && staff?) || owned?
   end
 
   private
diff --git a/app/policies/tag_policy.rb b/app/policies/tag_policy.rb
index c63de01db..935040a21 100644
--- a/app/policies/tag_policy.rb
+++ b/app/policies/tag_policy.rb
@@ -2,14 +2,14 @@
 
 class TagPolicy < ApplicationPolicy
   def index?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def hide?
-    staff?
+    !defanged? && can_moderate?
   end
 
   def unhide?
-    staff?
+    !defanged? && can_moderate?
   end
 end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index d832bff75..aad20f366 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -2,52 +2,52 @@
 
 class UserPolicy < ApplicationPolicy
   def reset_password?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def change_email?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def disable_2fa?
-    admin? && !record.staff?
+    !defanged? && admin? && has_more_authority_than?(record)
   end
 
   def confirm?
-    staff? && !record.confirmed?
+    !defanged? && staff? && !record.confirmed?
   end
 
   def enable?
-    staff?
+    !defanged? && staff?
   end
 
   def approve?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def reject?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def disable?
-    staff? && !record.admin?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def promote?
-    admin? && promoteable?
+    !defanged? && admin? && promoteable?
   end
 
   def demote?
-    admin? && !record.admin? && demoteable?
+    !defanged? && admin? && has_more_authority_than?(record) && demoteable?
   end
 
   private
 
   def promoteable?
-    record.approved? && (!record.staff? || !record.admin?)
+    record.approved? && !record.can_moderate?
   end
 
   def demoteable?
-    record.staff?
+    record.can_moderate?
   end
 end
generated by cgit-pink (git 2.37.1) at 2024-07-25 10:18:07 +0000