diff options
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/account_domain_permission_policy.rb | 17 | ||||
-rw-r--r-- | app/policies/status_policy.rb | 66 |
2 files changed, 74 insertions, 9 deletions
diff --git a/app/policies/account_domain_permission_policy.rb b/app/policies/account_domain_permission_policy.rb new file mode 100644 index 000000000..b50857f9f --- /dev/null +++ b/app/policies/account_domain_permission_policy.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class AccountDomainPermissionPolicy < ApplicationPolicy + def update? + owned? + end + + def destroy? + owned? + end + + private + + def owned? + record.account_id == current_account&.id + end +end diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index fa5c0dd9c..9f851feb3 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -12,19 +12,20 @@ class StatusPolicy < ApplicationPolicy end def show? - return false if local_only? && (current_account.nil? || !current_account.local?) + return false if local_only? && !current_account&.local? + return false unless published? || owned? if requires_mention? owned? || mention_exists? elsif private? - owned? || following_author? || mention_exists? + owned? || following_owners? || mention_exists? else - current_account.nil? || (!author_blocking? && !author_blocking_domain?) + current_account.nil? || !blocked_by_owners? end end def reblog? - !requires_mention? && (!private? || owned?) && show? && !blocking_author? + published? && !requires_mention? && (!private? || owned?) && show? && !blocking_author? end def favourite? @@ -44,7 +45,7 @@ class StatusPolicy < ApplicationPolicy private def requires_mention? - record.direct_visibility? || record.limited_visibility? + %w(direct limited).include?(visibility_for_remote_domain) end def owned? @@ -52,7 +53,7 @@ class StatusPolicy < ApplicationPolicy end def private? - record.private_visibility? + visibility_for_remote_domain == 'private' end def mention_exists? @@ -71,6 +72,12 @@ class StatusPolicy < ApplicationPolicy author.domain_blocking?(current_account.domain) end + def conversation_author_blocking_domain? + return false if current_account.nil? || current_account.domain.nil? || conversation_owner.nil? + + conversation_owner.domain_blocking?(current_account.domain) + end + def blocking_author? return false if current_account.nil? @@ -78,22 +85,63 @@ class StatusPolicy < ApplicationPolicy end def author_blocking? - return false if current_account.nil? + return author.require_auth? if current_account.nil? @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][author.id] : author.blocking?(current_account) end + def conversation_author_blocking? + return false if conversation_owner.nil? + + @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][conversation_owner.id] : conversation_owner.blocking?(current_account) + end + + def blocked_by_owners? + return author_blocking? || author_blocking_domain? if conversation_owner&.id == author.id + return true if conversation_author_blocking? || author_blocking? + + conversation_author_blocking_domain? || author_blocking_domain? + end + def following_author? return false if current_account.nil? @preloaded_relations[:following] ? @preloaded_relations[:following][author.id] : current_account.following?(author) end + def following_conversation_owner? + return false if current_account.nil? || conversation_owner.nil? + + @preloaded_relations[:following] ? @preloaded_relations[:following][conversation_owner.id] : current_account.following?(conversation_owner) + end + + def following_owners? + return following_author? if conversation_owner&.id == author.id + + following_conversation_owner? && following_author? + end + def author - record.account + @author ||= record.account end - + + def conversation_owner + @conversation_owner ||= record.conversation&.account + end + def local_only? record.local_only? end + + def published? + record.published? + end + + def reply? + record.reply? && record.in_reply_to_account_id != author.id + end + + def visibility_for_remote_domain + @visibility_for_domain ||= record.visibility_for_domain(current_account&.domain) + end end |