forked from fedi/mastodon
33f669a5f8
* Add status destroy authorization to policy * Create explicit unreblog status authorization
49 lines
810 B
Ruby
49 lines
810 B
Ruby
# frozen_string_literal: true
|
|
|
|
class StatusPolicy
|
|
attr_reader :account, :status
|
|
|
|
def initialize(account, status)
|
|
@account = account
|
|
@status = status
|
|
end
|
|
|
|
def show?
|
|
if direct?
|
|
owned? || status.mentions.where(account: account).exists?
|
|
elsif private?
|
|
owned? || account&.following?(status.account) || status.mentions.where(account: account).exists?
|
|
else
|
|
account.nil? || !status.account.blocking?(account)
|
|
end
|
|
end
|
|
|
|
def reblog?
|
|
!direct? && !private? && show?
|
|
end
|
|
|
|
def destroy?
|
|
admin? || owned?
|
|
end
|
|
|
|
alias unreblog? destroy?
|
|
|
|
private
|
|
|
|
def admin?
|
|
account&.user&.admin?
|
|
end
|
|
|
|
def direct?
|
|
status.direct_visibility?
|
|
end
|
|
|
|
def owned?
|
|
status.account.id == account&.id
|
|
end
|
|
|
|
def private?
|
|
status.private_visibility?
|
|
end
|
|
end
|