Filter searched toots to be consistent with blocking behaviors (#5383)

2017-11-15 01:53:33 +01:00 · 2017-11-15 01:53:33 +01:00 · 74de5566d4
parent 4531b67c3e
commit 74de5566d4
1 changed files with 15 additions and 1 deletions
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@ -1,6 +1,8 @@
 # frozen_string_literal: true

 class Api::V1::SearchController < Api::BaseController
+  include Authorization
+
  RESULTS_LIMIT = 5

  before_action -> { doorkeeper_authorize! :read }
@ -9,12 +11,24 @@ class Api::V1::SearchController < Api::BaseController
  respond_to :json

  def index
-    @search = Search.new(search_results)
+    @search = Search.new(search)
    render json: @search, serializer: REST::SearchSerializer
  end

  private

+  def search
+    search_results.tap do |search|
+      search[:statuses].keep_if do |status|
+        begin
+          authorize status, :show?
+        rescue Mastodon::NotPermittedError
+          false
+        end
+      end
+    end
+  end
+
  def search_results
    SearchService.new.call(
      params[:q],