Explorar el Código
Allow accessing local private/DM messages by URL (#8196)
* Allow accessing local private/DM messages by URL (Provided the user pasting the URL is authorized to see the toot, obviously) * Fix SearchServiceSpec testsmaster
ThibG
hace 5 años
committed by
Eugen Rochko
Eugen Rochko
Se han modificado 3 ficheros con 12 adiciones y 6 borrados
Unificar vista
Opciones de diferencias
-
+8 -2app/services/resolve_url_service.rb
-
+1 -1app/services/search_service.rb
-
+3 -3spec/services/search_service_spec.rb
+ 8
- 2
app/services/resolve_url_service.rb
Ver fichero
| @@ -2,11 +2,13 @@ | |||||
| class ResolveURLService < BaseService | class ResolveURLService < BaseService | ||||
| include JsonLdHelper | include JsonLdHelper | ||||
| include Authorization | |||||
| attr_reader :url | attr_reader :url | ||||
| def call(url) | |||||
| def call(url, on_behalf_of: nil) | |||||
| @url = url | @url = url | ||||
| @on_behalf_of = on_behalf_of | |||||
| return process_local_url if local_url? | return process_local_url if local_url? | ||||
| @@ -84,6 +86,10 @@ class ResolveURLService < BaseService | |||||
| def check_local_status(status) | def check_local_status(status) | ||||
| return if status.nil? | return if status.nil? | ||||
| status if status.public_visibility? || status.unlisted_visibility? | |||||
| authorize_with @on_behalf_of, status, :show? | |||||
| status | |||||
| rescue Mastodon::NotPermittedError | |||||
| # Do not disclose the existence of status the user is not authorized to see | |||||
| nil | |||||
| end | end | ||||
| end | end | ||||
+ 1
- 1
app/services/search_service.rb
Ver fichero
| @@ -53,7 +53,7 @@ class SearchService < BaseService | |||||
| end | end | ||||
| def url_resource | def url_resource | ||||
| @_url_resource ||= ResolveURLService.new.call(query) | |||||
| @_url_resource ||= ResolveURLService.new.call(query, on_behalf_of: @account) | |||||
| end | end | ||||
| def url_resource_symbol | def url_resource_symbol | ||||
+ 3
- 3
spec/services/search_service_spec.rb
Ver fichero
| @@ -29,7 +29,7 @@ describe SearchService, type: :service do | |||||
| allow(ResolveURLService).to receive(:new).and_return(service) | allow(ResolveURLService).to receive(:new).and_return(service) | ||||
| results = subject.call(@query, 10) | results = subject.call(@query, 10) | ||||
| expect(service).to have_received(:call).with(@query) | |||||
| expect(service).to have_received(:call).with(@query, on_behalf_of: nil) | |||||
| expect(results).to eq empty_results | expect(results).to eq empty_results | ||||
| end | end | ||||
| end | end | ||||
| @@ -41,7 +41,7 @@ describe SearchService, type: :service do | |||||
| allow(ResolveURLService).to receive(:new).and_return(service) | allow(ResolveURLService).to receive(:new).and_return(service) | ||||
| results = subject.call(@query, 10) | results = subject.call(@query, 10) | ||||
| expect(service).to have_received(:call).with(@query) | |||||
| expect(service).to have_received(:call).with(@query, on_behalf_of: nil) | |||||
| expect(results).to eq empty_results.merge(accounts: [account]) | expect(results).to eq empty_results.merge(accounts: [account]) | ||||
| end | end | ||||
| end | end | ||||
| @@ -53,7 +53,7 @@ describe SearchService, type: :service do | |||||
| allow(ResolveURLService).to receive(:new).and_return(service) | allow(ResolveURLService).to receive(:new).and_return(service) | ||||
| results = subject.call(@query, 10) | results = subject.call(@query, 10) | ||||
| expect(service).to have_received(:call).with(@query) | |||||
| expect(service).to have_received(:call).with(@query, on_behalf_of: nil) | |||||
| expect(results).to eq empty_results.merge(statuses: [status]) | expect(results).to eq empty_results.merge(statuses: [status]) | ||||
| end | end | ||||
| end | end | ||||