Fix URL search not returning private toots user has access to (#12742)

signup-info-prompt
ThibG 2020-01-03 05:01:45 +01:00 committed by Eugen Rochko
parent 6a8c8dc6fb
commit e4d75f238b
1 changed files with 12 additions and 6 deletions

View File

@ -12,6 +12,8 @@ class ResolveURLService < BaseService
process_local_url process_local_url
elsif !fetched_resource.nil? elsif !fetched_resource.nil?
process_url process_url
elsif @on_behalf_of.present?
process_url_from_db
end end
end end
@ -24,13 +26,17 @@ class ResolveURLService < BaseService
status = FetchRemoteStatusService.new.call(resource_url, body) status = FetchRemoteStatusService.new.call(resource_url, body)
authorize_with @on_behalf_of, status, :show? unless status.nil? authorize_with @on_behalf_of, status, :show? unless status.nil?
status status
elsif fetched_resource.nil? && @on_behalf_of.present? end
end
def process_url_from_db
# It may happen that the resource is a private toot, and thus not fetchable, # It may happen that the resource is a private toot, and thus not fetchable,
# but we can return the toot if we already know about it. # but we can return the toot if we already know about it.
status = Status.find_by(uri: @url) || Status.find_by(url: @url) status = Status.find_by(uri: @url) || Status.find_by(url: @url)
authorize_with @on_behalf_of, status, :show? unless status.nil? authorize_with @on_behalf_of, status, :show? unless status.nil?
status status
end rescue Mastodon::NotPermittedError
nil
end end
def fetched_resource def fetched_resource