Fix leaking private statuses the admin account follows (#11300)

author ThibG <thib@sitedethib.com>

Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)
author ThibG <thib@sitedethib.com>
Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)
diff --git a/app/services/resolve_url_service.rb b/app/services/resolve_url_service.rb

index 80381c16b6faf720379cc873e10e5094a050d3b2..aa883597a467e3d133cc2627cff34aaac785ee0a 100644 (file)
--- a/app/services/resolve_url_service.rb
+++ b/app/services/resolve_url_service.rb
@@ -21,7 +21,9 @@ class ResolveURLService < BaseService
      if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
        FetchRemoteAccountService.new.call(resource_url, body, protocol)
      elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
-      FetchRemoteStatusService.new.call(resource_url, body, protocol)
+      status = FetchRemoteStatusService.new.call(resource_url, body, protocol)
+      authorize_with @on_behalf_of, status, :show? unless status.nil?
+      status
      end
    end
author	ThibG <thib@sitedethib.com>
	Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Mon, 15 Jul 2019 00:29:04 +0000 (02:29 +0200)