Commit Graph

6 Commits (82cbf325c26fadb31de8091d6ea4070fd1b467e9)

Author SHA1 Message Date
Thibaut Girka 517b7a028d Add test to disallow remote users from fetching local-only toots 2018-07-31 15:41:04 +02:00
David Yip bcdd0f8b9d Update StatusPolicy to check current_account for local_only? toots.
StatusPolicy#account was renamed to StatusPolicy#current_account in
upstream.  This commit renames the local-only changes to match and
augments the #show? policy spec with what we expect for local-only
toots.
2017-11-17 09:07:21 -06:00
Jack Jennings 4e75c71b3e Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy

* Create explicit unreblog status authorization
2017-05-30 22:56:31 +02:00
Jack Jennings c4bf180a77 Fix incorrect visibility setter in StatusPolicySpec (#3456) 2017-05-30 22:14:32 +02:00
Jack Jennings 877b82f63e Move status reblog authorization into policy (#3425) 2017-05-30 15:16:14 +02:00
Jack Jennings faf53a5a3e Extract authorization policy for viewing statuses (#3150) 2017-05-29 18:22:22 +02:00