Thibaut Girka
517b7a028d
Add test to disallow remote users from fetching local-only toots
2018-07-31 15:41:04 +02:00
David Yip
bcdd0f8b9d
Update StatusPolicy to check current_account for local_only? toots.
...
StatusPolicy#account was renamed to StatusPolicy#current_account in
upstream. This commit renames the local-only changes to match and
augments the #show? policy spec with what we expect for local-only
toots.
2017-11-17 09:07:21 -06:00
Jack Jennings
4e75c71b3e
Add status destroy authorization to policy ( #3453 )
...
* Add status destroy authorization to policy
* Create explicit unreblog status authorization
2017-05-30 22:56:31 +02:00
Jack Jennings
c4bf180a77
Fix incorrect visibility setter in StatusPolicySpec ( #3456 )
2017-05-30 22:14:32 +02:00
Jack Jennings
877b82f63e
Move status reblog authorization into policy ( #3425 )
2017-05-30 15:16:14 +02:00
Jack Jennings
faf53a5a3e
Extract authorization policy for viewing statuses ( #3150 )
2017-05-29 18:22:22 +02:00