]> cat aescling's git repositories - mastodon.git/commitdiff
Fix being able to report otherwise inaccessible statuses (#18528)
authorEugen Rochko <eugen@zeonfederated.com>
Thu, 26 May 2022 20:08:02 +0000 (22:08 +0200)
committersingle-right-quote <11325618-aescling@users.noreply.gitlab.com>
Fri, 27 May 2022 03:55:21 +0000 (23:55 -0400)
app/models/admin/status_batch_action.rb
app/services/report_service.rb

index 631af183c2ef1e8698b912ca38b5b4468a06d814..7bf6fa6dafe79f6cee5c1aded4c2c17c96f8f5ae 100644 (file)
@@ -103,7 +103,7 @@ class Admin::StatusBatchAction
 
   def handle_report!
     @report = Report.new(report_params) unless with_report?
-    @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq
+    @report.status_ids = (@report.status_ids + allowed_status_ids).uniq
     @report.save!
 
     @report_id = @report.id
@@ -135,4 +135,8 @@ class Admin::StatusBatchAction
   def report_params
     { account: current_account, target_account: target_account }
   end
+
+  def allowed_status_ids
+    AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
+  end
 end
index 9d784c341a60c8e9d09d8f1013f38b8a3722a5f8..d251bb33f07139bab72cbdb252f99c9fa3384579 100644 (file)
@@ -57,7 +57,7 @@ class ReportService < BaseService
   end
 
   def reported_status_ids
-    @target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id)
+    AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id)
   end
 
   def payload