mirror of
https://framagit.org/tykayn/mastodon.git
synced 2023-08-25 08:33:12 +02:00
Fix using wrong policy on status-related actions in admin UI (#19490)
This commit is contained in:
parent
8ae0936ddd
commit
07cc201acc
@ -40,7 +40,7 @@ class Admin::StatusBatchAction
|
||||
end
|
||||
|
||||
def handle_delete!
|
||||
statuses.each { |status| authorize(status, :destroy?) }
|
||||
statuses.each { |status| authorize([:admin, status], :destroy?) }
|
||||
|
||||
ApplicationRecord.transaction do
|
||||
statuses.each do |status|
|
||||
@ -75,7 +75,7 @@ class Admin::StatusBatchAction
|
||||
statuses.includes(:media_attachments, :preview_cards).find_each do |status|
|
||||
next unless status.with_media? || status.with_preview_card?
|
||||
|
||||
authorize(status, :update?)
|
||||
authorize([:admin, status], :update?)
|
||||
|
||||
if target_account.local?
|
||||
UpdateStatusService.new.call(status, representative_account.id, sensitive: true)
|
||||
|
@ -30,7 +30,7 @@ class Trends::StatusBatch
|
||||
end
|
||||
|
||||
def approve!
|
||||
statuses.each { |status| authorize(status, :review?) }
|
||||
statuses.each { |status| authorize([:admin, status], :review?) }
|
||||
statuses.update_all(trendable: true)
|
||||
end
|
||||
|
||||
@ -45,7 +45,7 @@ class Trends::StatusBatch
|
||||
end
|
||||
|
||||
def reject!
|
||||
statuses.each { |status| authorize(status, :review?) }
|
||||
statuses.each { |status| authorize([:admin, status], :review?) }
|
||||
statuses.update_all(trendable: false)
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user