From e031fd60ad9ee492fbbda319eaeb213098898d03 Mon Sep 17 00:00:00 2001
From: Jack Jennings <jack@standard-library.com>
Date: Tue, 30 May 2017 06:16:14 -0700
Subject: Move status reblog authorization into policy (#3425)

---
 app/policies/status_policy.rb  | 18 ++++++++++++++++--
 app/services/reblog_service.rb |  3 +--
 2 files changed, 17 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 658ba6d12..41d63fcbc 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -9,12 +9,26 @@ class StatusPolicy
   end
 
   def show?
-    if status.direct_visibility?
+    if direct?
       status.account.id == account&.id || status.mentions.where(account: account).exists?
-    elsif status.private_visibility?
+    elsif private?
       status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
     else
       account.nil? || !status.account.blocking?(account)
     end
   end
+
+  def reblog?
+    !direct? && !private? && show?
+  end
+
+  private
+
+  def direct?
+    status.direct_visibility?
+  end
+
+  def private?
+    status.private_visibility?
+  end
 end
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 9c44b1980..a3636a283 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -11,8 +11,7 @@ class ReblogService < BaseService
   def call(account, reblogged_status)
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
 
-    authorize_with account, reblogged_status, :show?
-    raise Mastodon::NotPermittedError if reblogged_status.direct_visibility? || reblogged_status.private_visibility?
+    authorize_with account, reblogged_status, :reblog?
 
     reblog = account.statuses.create!(reblog: reblogged_status, text: '')
 
-- 
cgit