Extract authorization policy for viewing statuses (#3150)

2017-05-29 09:22:22 -07:00 · 2017-05-29 09:22:22 -07:00 · 3a2003ba86
commit 3a2003ba86
parent 9a81be0d37
16 changed files with 155 additions and 80 deletions
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@ -1,12 +1,14 @@
 # frozen_string_literal: true

 class FavouriteService < BaseService
+  include Authorization
+
  # Favourite a status and notify remote user
  # @param [Account] account
  # @param [Status] status
  # @return [Favourite]
  def call(account, status)
-    raise Mastodon::NotPermittedError unless status.permitted?(account)
+    authorize_with account, status, :show?

    favourite = Favourite.create!(account: account, status: status)