Allow accessing local private/DM messages by URL (#8196)
* Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec tests
This commit is contained in:
ThibG
Eugen Rochko
parent
4df9cabb22
commit
af912fb308
3 changed files with 12 additions and 6 deletions
|
|
@ -2,11 +2,13 @@
|
|||
|
||||
class ResolveURLService < BaseService
|
||||
include JsonLdHelper
|
||||
include Authorization
|
||||
|
||||
attr_reader :url
|
||||
|
||||
def call(url)
|
||||
def call(url, on_behalf_of: nil)
|
||||
@url = url
|
||||
@on_behalf_of = on_behalf_of
|
||||
|
||||
return process_local_url if local_url?
|
||||
|
||||
|
|
@ -84,6 +86,10 @@ class ResolveURLService < BaseService
|
|||
|
||||
def check_local_status(status)
|
||||
return if status.nil?
|
||||
status if status.public_visibility? || status.unlisted_visibility?
|
||||
authorize_with @on_behalf_of, status, :show?
|
||||
status
|
||||
rescue Mastodon::NotPermittedError
|
||||
# Do not disclose the existence of status the user is not authorized to see
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue