Allow accessing local private/DM messages by URL (#8196)
* Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec testsgh/stable
parent
4df9cabb22
commit
af912fb308
|
@ -2,11 +2,13 @@
|
||||||
|
|
||||||
class ResolveURLService < BaseService
|
class ResolveURLService < BaseService
|
||||||
include JsonLdHelper
|
include JsonLdHelper
|
||||||
|
include Authorization
|
||||||
|
|
||||||
attr_reader :url
|
attr_reader :url
|
||||||
|
|
||||||
def call(url)
|
def call(url, on_behalf_of: nil)
|
||||||
@url = url
|
@url = url
|
||||||
|
@on_behalf_of = on_behalf_of
|
||||||
|
|
||||||
return process_local_url if local_url?
|
return process_local_url if local_url?
|
||||||
|
|
||||||
|
@ -84,6 +86,10 @@ class ResolveURLService < BaseService
|
||||||
|
|
||||||
def check_local_status(status)
|
def check_local_status(status)
|
||||||
return if status.nil?
|
return if status.nil?
|
||||||
status if status.public_visibility? || status.unlisted_visibility?
|
authorize_with @on_behalf_of, status, :show?
|
||||||
|
status
|
||||||
|
rescue Mastodon::NotPermittedError
|
||||||
|
# Do not disclose the existence of status the user is not authorized to see
|
||||||
|
nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -53,7 +53,7 @@ class SearchService < BaseService
|
||||||
end
|
end
|
||||||
|
|
||||||
def url_resource
|
def url_resource
|
||||||
@_url_resource ||= ResolveURLService.new.call(query)
|
@_url_resource ||= ResolveURLService.new.call(query, on_behalf_of: @account)
|
||||||
end
|
end
|
||||||
|
|
||||||
def url_resource_symbol
|
def url_resource_symbol
|
||||||
|
|
|
@ -29,7 +29,7 @@ describe SearchService, type: :service do
|
||||||
allow(ResolveURLService).to receive(:new).and_return(service)
|
allow(ResolveURLService).to receive(:new).and_return(service)
|
||||||
results = subject.call(@query, 10)
|
results = subject.call(@query, 10)
|
||||||
|
|
||||||
expect(service).to have_received(:call).with(@query)
|
expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
|
||||||
expect(results).to eq empty_results
|
expect(results).to eq empty_results
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -41,7 +41,7 @@ describe SearchService, type: :service do
|
||||||
allow(ResolveURLService).to receive(:new).and_return(service)
|
allow(ResolveURLService).to receive(:new).and_return(service)
|
||||||
|
|
||||||
results = subject.call(@query, 10)
|
results = subject.call(@query, 10)
|
||||||
expect(service).to have_received(:call).with(@query)
|
expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
|
||||||
expect(results).to eq empty_results.merge(accounts: [account])
|
expect(results).to eq empty_results.merge(accounts: [account])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -53,7 +53,7 @@ describe SearchService, type: :service do
|
||||||
allow(ResolveURLService).to receive(:new).and_return(service)
|
allow(ResolveURLService).to receive(:new).and_return(service)
|
||||||
|
|
||||||
results = subject.call(@query, 10)
|
results = subject.call(@query, 10)
|
||||||
expect(service).to have_received(:call).with(@query)
|
expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
|
||||||
expect(results).to eq empty_results.merge(statuses: [status])
|
expect(results).to eq empty_results.merge(statuses: [status])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Reference in New Issue