Extract authorization policy for viewing statuses (#3150)

2017-05-29 09:22:22 -07:00 · 2017-05-29 09:22:22 -07:00 · 3a2003ba86
commit 3a2003ba86
parent 9a81be0d37
16 changed files with 155 additions and 80 deletions
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class StatusPolicy
+  attr_reader :account, :status
+
+  def initialize(account, status)
+    @account = account
+    @status = status
+  end
+
+  def show?
+    if status.direct_visibility?
+      status.account.id == account&.id || status.mentions.where(account: account).exists?
+    elsif status.private_visibility?
+      status.account.id == account&.id || account&.following?(status.account) || status.mentions.where(account: account).exists?
+    else
+      account.nil? || !status.account.blocking?(account)
+    end
+  end
+end