From 7bb8b0b2fc0e2e42a4234fed18198cbb7439fe9f Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 11 Nov 2017 20:23:33 +0100
Subject: Add moderator role and add pundit policies for admin actions (#5635)

* Add moderator role and add pundit policies for admin actions

* Add rake task for turning user into mod and revoking it again

* Fix handling of unauthorized exception

* Deliver new report e-mails to staff, not just admins

* Add promote/demote to admin UI, hide some actions conditionally

* Fix unused i18n
---
 app/policies/status_policy.rb | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

(limited to 'app/policies/status_policy.rb')

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 2ded61850..0373fdf04 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -1,20 +1,17 @@
 # frozen_string_literal: true
 
-class StatusPolicy
-  attr_reader :account, :status
-
-  def initialize(account, status)
-    @account = account
-    @status = status
+class StatusPolicy < ApplicationPolicy
+  def index?
+    staff?
   end
 
   def show?
     if direct?
-      owned? || status.mentions.where(account: account).exists?
+      owned? || record.mentions.where(account: current_account).exists?
     elsif private?
-      owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
+      owned? || current_account&.following?(author) || record.mentions.where(account: current_account).exists?
     else
-      account.nil? || !status.account.blocking?(account)
+      current_account.nil? || !author.blocking?(current_account)
     end
   end
 
@@ -23,26 +20,30 @@ class StatusPolicy
   end
 
   def destroy?
-    admin? || owned?
+    staff? || owned?
   end
 
   alias unreblog? destroy?
 
-  private
-
-  def admin?
-    account&.user&.admin?
+  def update?
+    staff?
   end
 
+  private
+
   def direct?
-    status.direct_visibility?
+    record.direct_visibility?
   end
 
   def owned?
-    status.account.id == account&.id
+    author.id == current_account&.id
   end
 
   def private?
-    status.private_visibility?
+    record.private_visibility?
+  end
+
+  def author
+    record.account
   end
 end
-- 
cgit