mirror of https://github.com/tootsuite/mastodon
Fix URL search not returning private toots user has access to (#12742)
parent
6a8c8dc6fb
commit
e4d75f238b
|
@ -12,6 +12,8 @@ class ResolveURLService < BaseService
|
||||||
process_local_url
|
process_local_url
|
||||||
elsif !fetched_resource.nil?
|
elsif !fetched_resource.nil?
|
||||||
process_url
|
process_url
|
||||||
|
elsif @on_behalf_of.present?
|
||||||
|
process_url_from_db
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -24,15 +26,19 @@ class ResolveURLService < BaseService
|
||||||
status = FetchRemoteStatusService.new.call(resource_url, body)
|
status = FetchRemoteStatusService.new.call(resource_url, body)
|
||||||
authorize_with @on_behalf_of, status, :show? unless status.nil?
|
authorize_with @on_behalf_of, status, :show? unless status.nil?
|
||||||
status
|
status
|
||||||
elsif fetched_resource.nil? && @on_behalf_of.present?
|
|
||||||
# It may happen that the resource is a private toot, and thus not fetchable,
|
|
||||||
# but we can return the toot if we already know about it.
|
|
||||||
status = Status.find_by(uri: @url) || Status.find_by(url: @url)
|
|
||||||
authorize_with @on_behalf_of, status, :show? unless status.nil?
|
|
||||||
status
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def process_url_from_db
|
||||||
|
# It may happen that the resource is a private toot, and thus not fetchable,
|
||||||
|
# but we can return the toot if we already know about it.
|
||||||
|
status = Status.find_by(uri: @url) || Status.find_by(url: @url)
|
||||||
|
authorize_with @on_behalf_of, status, :show? unless status.nil?
|
||||||
|
status
|
||||||
|
rescue Mastodon::NotPermittedError
|
||||||
|
nil
|
||||||
|
end
|
||||||
|
|
||||||
def fetched_resource
|
def fetched_resource
|
||||||
@fetched_resource ||= FetchResourceService.new.call(@url)
|
@fetched_resource ||= FetchResourceService.new.call(@url)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue