From fdee1b200e807f66af898d115dc7563cecc3517e Mon Sep 17 00:00:00 2001 From: Jeremy Kescher Date: Sun, 7 May 2023 22:05:44 +0200 Subject: [PATCH] Add missing authorization to ReactService --- app/policies/status_policy.rb | 4 ++++ app/services/react_service.rb | 2 ++ 2 files changed, 6 insertions(+) diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 52cfd50506..2472b82f37 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -28,6 +28,10 @@ class StatusPolicy < ApplicationPolicy show? && !blocking_author? end + def react? + show? && !blocking_author? + end + def destroy? owned? end diff --git a/app/services/react_service.rb b/app/services/react_service.rb index 773dd3fd6c..79d1eaaf30 100644 --- a/app/services/react_service.rb +++ b/app/services/react_service.rb @@ -5,6 +5,8 @@ class ReactService < BaseService include Payloadable def call(account, status, emoji) + authorize_with account, status, :react? + name, domain = emoji.split('@') custom_emoji = CustomEmoji.find_by(shortcode: name, domain: domain) reaction = StatusReaction.find_by(account: account, status: status, name: name, custom_emoji: custom_emoji)