Filter searched toots to be consistent with blocking behaviors (#5383)

author ThibG <thib@sitedethib.com>

Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)

committer Eugen Rochko <eugen@zeonfederated.com>

Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)
author ThibG <thib@sitedethib.com>
Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)
committer Eugen Rochko <eugen@zeonfederated.com>
Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)
diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb

index bc5b8e5d4075f79618341b2d1b5e20520fd71d6d..997eed6e2c5418de7d543fabb8bd033ec187bc53 100644 (file)
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -1,6 +1,8 @@
  # frozen_string_literal: true
  
  class Api::V1::SearchController < Api::BaseController
+  include Authorization
+
    RESULTS_LIMIT = 5
  
    before_action -> { doorkeeper_authorize! :read }
@@ -9,12 +11,24 @@ class Api::V1::SearchController < Api::BaseController
    respond_to :json
  
    def index
-    @search = Search.new(search_results)
+    @search = Search.new(search)
      render json: @search, serializer: REST::SearchSerializer
    end
  
    private
  
+  def search
+    search_results.tap do |search|
+      search[:statuses].keep_if do |status|
+        begin
+          authorize status, :show?
+        rescue Mastodon::NotPermittedError
+          false
+        end
+      end
+    end
+  end
+
    def search_results
      SearchService.new.call(
        params[:q],
author	ThibG <thib@sitedethib.com>
	Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Wed, 15 Nov 2017 00:53:33 +0000 (01:53 +0100)