about summary refs log tree commit diff
path: root/app/policies/status_policy.rb
AgeCommit message (Collapse)Author
2020-01-13check `updated_at` instead of `created_at` against max public access ↵multiple creatures
expiration window
2020-01-13`return false if direct?`multiple creatures
2020-01-13make `still_accessiblible?` only check posts with an `account.user`multiple creatures
2020-01-12add privacy option to limit lifespan of public access to post & object urls ↵multiple creatures
beyond local followers, default to 90 days
2019-05-21Implement share keys and related bangtags, add `sharekey`, `network`, and ↵multiple creatures
`curated` to the API, remove app info from the UI, and move timestamps to the right.
2019-05-21improve filteringmultiple creatures
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-07-31Disallow remote users from viewing local-only tootsThibaut Girka
2018-05-03Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: .travis.yml Gemfile.lock README.md app/controllers/settings/follower_domains_controller.rb app/controllers/statuses_controller.rb app/javascript/mastodon/locales/ja.json app/lib/feed_manager.rb app/models/media_attachment.rb app/models/mute.rb app/models/status.rb app/services/mute_service.rb app/views/home/index.html.haml app/views/stream_entries/_simple_status.html.haml config/locales/ca.yml config/locales/en.yml config/locales/es.yml config/locales/fr.yml config/locales/nl.yml config/locales/pl.yml config/locales/pt-BR.yml config/themes.yml
2018-05-03Fix n+1 queries in StatusThreadingConcern (#7321)Eugen Rochko
2018-05-02Remove most behaviour disparities between blocks and mutes (#7231)Eugen Rochko
* Remove most behaviour disparities between blocks and mutes The only differences between block and mute should be: - Mutes can optionally NOT affect notifications - Mutes should not be visible to the muted Fix #7230 Fix #5713 * Do not allow boosting someone you blocked Fix #7248 * Do not allow favouriting someone you blocked * Fix nil error in StatusPolicy
2018-04-18Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: app/controllers/home_controller.rb app/controllers/stream_entries_controller.rb app/javascript/mastodon/locales/ja.json app/javascript/mastodon/locales/pl.json
2018-04-17Allow boosting own private toots (#6157)ThibG
* Adjust policy to allow boosting own private toots * Add ability to reblog private toots from dropdown menu
2017-11-17Update StatusPolicy to check current_account for local_only? toots.David Yip
StatusPolicy#account was renamed to StatusPolicy#current_account in upstream. This commit renames the local-only changes to match and augments the #show? policy spec with what we expect for local-only toots.
2017-11-16Merge tootsuite/master at 30237259367a0ef2b20908518b86bbeb358999b5Surinna Curtis
2017-11-11Add moderator role and add pundit policies for admin actions (#5635)Eugen Rochko
* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
2017-10-09try to tighten up local only toot stuff, like... properly (#163)beatrix
* try to tighten up local only toot stuff, like... properly * try to un-break tests
2017-05-30Add status destroy authorization to policy (#3453)Jack Jennings
* Add status destroy authorization to policy * Create explicit unreblog status authorization
2017-05-30Move status reblog authorization into policy (#3425)Jack Jennings
2017-05-29Extract authorization policy for viewing statuses (#3150)Jack Jennings