monorail
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #221 from glitch-soc/local-only-policy 

Update StatusPolicy to check current_account for local_only? toots.
This commit is contained in:
beatrix 2017-11-17 15:17:49 -05:00 committed by GitHub
parent 45f18b8f49 f6355f6ffb
commit b006bb82af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/policies/status_policy.rb
View File

@ -6,7 +6,7 @@ class StatusPolicy < ApplicationPolicy
end end
def show? def show?
return false if local_only? && account.nil? return false if local_only? && current_account.nil?
if direct? if direct?
owned? || record.mentions.where(account: current_account).exists? owned? || record.mentions.where(account: current_account).exists?

6
spec/policies/status_policy_spec.rb
View File

@ -71,6 +71,12 @@ RSpec.describe StatusPolicy, type: :model do
expect(subject).to_not permit(viewer, status) expect(subject).to_not permit(viewer, status)
end end
it 'denies access when local-only and the viewer is not logged in' do
allow(status).to receive(:local_only?) { true }
expect(subject).to_not permit(nil, status)
end
end end
permissions :reblog? do permissions :reblog? do