Commit Graph

6 Commits (76320bf6d8ff09cfbea911a5d0f466aa160d313f)

Author SHA1 Message Date
Thibaut Girka 9f2945ef80 Add test to disallow remote users from fetching local-only toots 2018-07-31 15:41:04 +02:00
David Yip f6355f6ffb Update StatusPolicy to check current_account for local_only? toots.
StatusPolicy#account was renamed to StatusPolicy#current_account in
upstream.  This commit renames the local-only changes to match and
augments the #show? policy spec with what we expect for local-only
toots.
2017-11-17 09:07:21 -06:00
Jack Jennings 33f669a5f8 Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy

* Create explicit unreblog status authorization
2017-05-30 22:56:31 +02:00
Jack Jennings 22cf18e16f Fix incorrect visibility setter in StatusPolicySpec (#3456) 2017-05-30 22:14:32 +02:00
Jack Jennings e031fd60ad Move status reblog authorization into policy (#3425) 2017-05-30 15:16:14 +02:00
Jack Jennings 3a2003ba86 Extract authorization policy for viewing statuses (#3150) 2017-05-29 18:22:22 +02:00