forked from fedi/mastodon
Fix using wrong policy on status-related actions in admin UI (#19490)
This commit is contained in:
parent
8ae0936ddd
commit
07cc201acc
|
@ -40,7 +40,7 @@ class Admin::StatusBatchAction
|
|||
end
|
||||
|
||||
def handle_delete!
|
||||
statuses.each { |status| authorize(status, :destroy?) }
|
||||
statuses.each { |status| authorize([:admin, status], :destroy?) }
|
||||
|
||||
ApplicationRecord.transaction do
|
||||
statuses.each do |status|
|
||||
|
@ -75,7 +75,7 @@ class Admin::StatusBatchAction
|
|||
statuses.includes(:media_attachments, :preview_cards).find_each do |status|
|
||||
next unless status.with_media? || status.with_preview_card?
|
||||
|
||||
authorize(status, :update?)
|
||||
authorize([:admin, status], :update?)
|
||||
|
||||
if target_account.local?
|
||||
UpdateStatusService.new.call(status, representative_account.id, sensitive: true)
|
||||
|
|
|
@ -30,7 +30,7 @@ class Trends::StatusBatch
|
|||
end
|
||||
|
||||
def approve!
|
||||
statuses.each { |status| authorize(status, :review?) }
|
||||
statuses.each { |status| authorize([:admin, status], :review?) }
|
||||
statuses.update_all(trendable: true)
|
||||
end
|
||||
|
||||
|
@ -45,7 +45,7 @@ class Trends::StatusBatch
|
|||
end
|
||||
|
||||
def reject!
|
||||
statuses.each { |status| authorize(status, :review?) }
|
||||
statuses.each { |status| authorize([:admin, status], :review?) }
|
||||
statuses.update_all(trendable: false)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue