catstodon/app/policies/status_policy.rb
Eugen Rochko ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00

87 lines
1.8 KiB
Ruby

# frozen_string_literal: true
class StatusPolicy < ApplicationPolicy
def initialize(current_account, record, preloaded_relations = {})
super(current_account, record)
@preloaded_relations = preloaded_relations
end
def index?
staff?
end
def show?
if requires_mention?
owned? || mention_exists?
elsif private?
owned? || following_author? || mention_exists?
else
current_account.nil? || !author_blocking?
end
end
def reblog?
!requires_mention? && (!private? || owned?) && show? && !blocking_author?
end
def favourite?
show? && !blocking_author?
end
def destroy?
staff? || owned?
end
alias unreblog? destroy?
def update?
staff?
end
private
def requires_mention?
record.direct_visibility? || record.limited_visibility?
end
def owned?
author.id == current_account&.id
end
def private?
record.private_visibility?
end
def mention_exists?
return false if current_account.nil?
if record.mentions.loaded?
record.mentions.any? { |mention| mention.account_id == current_account.id }
else
record.mentions.where(account: current_account).exists?
end
end
def blocking_author?
return false if current_account.nil?
@preloaded_relations[:blocking] ? @preloaded_relations[:blocking][author.id] : current_account.blocking?(author)
end
def author_blocking?
return false if current_account.nil?
@preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][author.id] : author.blocking?(current_account)
end
def following_author?
return false if current_account.nil?
@preloaded_relations[:following] ? @preloaded_relations[:following][author.id] : current_account.following?(author)
end
def author
record.account
end
end