Fix being able to report otherwise inaccessible statuses (#18528)

diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb
index 631af183c2ef1e8698b912ca38b5b4468a06d814..7bf6fa6dafe79f6cee5c1aded4c2c17c96f8f5ae 100644 (file)
--- a/app/models/admin/status_batch_action.rb
+++ b/app/models/admin/status_batch_action.rb
@@ -103,7 +103,7 @@ class Admin::StatusBatchAction
 
   def handle_report!
     @report = Report.new(report_params) unless with_report?
-    @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq
+    @report.status_ids = (@report.status_ids + allowed_status_ids).uniq
     @report.save!
 
     @report_id = @report.id
@@ -135,4 +135,8 @@ class Admin::StatusBatchAction
   def report_params
     { account: current_account, target_account: target_account }
   end
+
+  def allowed_status_ids
+    AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
+  end
 end

diff --git a/app/services/report_service.rb b/app/services/report_service.rb
index 9d784c341a60c8e9d09d8f1013f38b8a3722a5f8..d251bb33f07139bab72cbdb252f99c9fa3384579 100644 (file)
--- a/app/services/report_service.rb
+++ b/app/services/report_service.rb
@@ -57,7 +57,7 @@ class ReportService < BaseService
   end
 
   def reported_status_ids
-    @target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id)
+    AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id)
   end
 
   def payload