From bcdd0f8b9d5afeb4585eab0e6e8632a8f19d01ad Mon Sep 17 00:00:00 2001 From: David Yip Date: Fri, 17 Nov 2017 09:07:21 -0600 Subject: [PATCH] Update StatusPolicy to check current_account for local_only? toots. StatusPolicy#account was renamed to StatusPolicy#current_account in upstream. This commit renames the local-only changes to match and augments the #show? policy spec with what we expect for local-only toots. --- app/policies/status_policy.rb | 2 +- spec/policies/status_policy_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb index 8e0c1eef18..369ede2b0b 100644 --- a/app/policies/status_policy.rb +++ b/app/policies/status_policy.rb @@ -6,7 +6,7 @@ class StatusPolicy < ApplicationPolicy end def show? - return false if local_only? && account.nil? + return false if local_only? && current_account.nil? if direct? owned? || record.mentions.where(account: current_account).exists? diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index bacb8fd9e3..a90e22aadd 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -71,6 +71,12 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to_not permit(viewer, status) end + + it 'denies access when local-only and the viewer is not logged in' do + allow(status).to receive(:local_only?) { true } + + expect(subject).to_not permit(nil, status) + end end permissions :reblog? do