Fix being able to report otherwise inaccessible statuses (#18528)

lolsob-rspec
Eugen Rochko 2022-05-26 22:08:02 +02:00 committed by GitHub
parent 49c6b3736a
commit 4bb50e32e4
2 changed files with 6 additions and 2 deletions

View File

@ -103,7 +103,7 @@ class Admin::StatusBatchAction
def handle_report! def handle_report!
@report = Report.new(report_params) unless with_report? @report = Report.new(report_params) unless with_report?
@report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq @report.status_ids = (@report.status_ids + allowed_status_ids).uniq
@report.save! @report.save!
@report_id = @report.id @report_id = @report.id
@ -135,4 +135,8 @@ class Admin::StatusBatchAction
def report_params def report_params
{ account: current_account, target_account: target_account } { account: current_account, target_account: target_account }
end end
def allowed_status_ids
AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
end
end end

View File

@ -57,7 +57,7 @@ class ReportService < BaseService
end end
def reported_status_ids def reported_status_ids
@target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id) AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id)
end end
def payload def payload