From 3a2003ba863252f305fb32098bcd3f095b10e2ff Mon Sep 17 00:00:00 2001
From: Jack Jennings <jack@standard-library.com>
Date: Mon, 29 May 2017 09:22:22 -0700
Subject: Extract authorization policy for viewing statuses (#3150)

---
 app/services/favourite_service.rb | 4 +++-
 app/services/reblog_service.rb    | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'app/services')

diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index e92aada64..f27145c96 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
 class FavouriteService < BaseService
+  include Authorization
+
   # Favourite a status and notify remote user
   # @param [Account] account
   # @param [Status] status
   # @return [Favourite]
   def call(account, status)
-    raise Mastodon::NotPermittedError unless status.permitted?(account)
+    authorize_with account, status, :show?
 
     favourite = Favourite.create!(account: account, status: status)
 
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 11446ce28..9c44b1980 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class ReblogService < BaseService
+  include Authorization
   include StreamEntryRenderer
 
   # Reblog a status and notify its remote author
@@ -10,7 +11,8 @@ class ReblogService < BaseService
   def call(account, reblogged_status)
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
 
-    raise Mastodon::NotPermittedError if reblogged_status.direct_visibility? || reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
+    authorize_with account, reblogged_status, :show?
+    raise Mastodon::NotPermittedError if reblogged_status.direct_visibility? || reblogged_status.private_visibility?
 
     reblog = account.statuses.create!(reblog: reblogged_status, text: '')
 
-- 
cgit