gearheads
/
mastodon
Archived
2
0
Fork 0

Allow accessing local private/DM messages by URL (#8196)

* Allow accessing local private/DM messages by URL

(Provided the user pasting the URL is authorized to see the toot, obviously)

* Fix SearchServiceSpec tests
gh/stable
ThibG 2018-08-15 19:33:36 +02:00 committed by Eugen Rochko
parent 4df9cabb22
commit af912fb308
3 changed files with 12 additions and 6 deletions

View File

@ -2,11 +2,13 @@
class ResolveURLService < BaseService class ResolveURLService < BaseService
include JsonLdHelper include JsonLdHelper
include Authorization
attr_reader :url attr_reader :url
def call(url) def call(url, on_behalf_of: nil)
@url = url @url = url
@on_behalf_of = on_behalf_of
return process_local_url if local_url? return process_local_url if local_url?
@ -84,6 +86,10 @@ class ResolveURLService < BaseService
def check_local_status(status) def check_local_status(status)
return if status.nil? return if status.nil?
status if status.public_visibility? || status.unlisted_visibility? authorize_with @on_behalf_of, status, :show?
status
rescue Mastodon::NotPermittedError
# Do not disclose the existence of status the user is not authorized to see
nil
end end
end end

View File

@ -53,7 +53,7 @@ class SearchService < BaseService
end end
def url_resource def url_resource
@_url_resource ||= ResolveURLService.new.call(query) @_url_resource ||= ResolveURLService.new.call(query, on_behalf_of: @account)
end end
def url_resource_symbol def url_resource_symbol

View File

@ -29,7 +29,7 @@ describe SearchService, type: :service do
allow(ResolveURLService).to receive(:new).and_return(service) allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10) results = subject.call(@query, 10)
expect(service).to have_received(:call).with(@query) expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results expect(results).to eq empty_results
end end
end end
@ -41,7 +41,7 @@ describe SearchService, type: :service do
allow(ResolveURLService).to receive(:new).and_return(service) allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10) results = subject.call(@query, 10)
expect(service).to have_received(:call).with(@query) expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results.merge(accounts: [account]) expect(results).to eq empty_results.merge(accounts: [account])
end end
end end
@ -53,7 +53,7 @@ describe SearchService, type: :service do
allow(ResolveURLService).to receive(:new).and_return(service) allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10) results = subject.call(@query, 10)
expect(service).to have_received(:call).with(@query) expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results.merge(statuses: [status]) expect(results).to eq empty_results.merge(statuses: [status])
end end
end end