class ResolveURLService < BaseService
include JsonLdHelper
+ include Authorization
attr_reader :url
- def call(url)
+ def call(url, on_behalf_of: nil)
@url = url
+ @on_behalf_of = on_behalf_of
return process_local_url if local_url?
def check_local_status(status)
return if status.nil?
- status if status.public_visibility? || status.unlisted_visibility?
+ authorize_with @on_behalf_of, status, :show?
+ status
+ rescue Mastodon::NotPermittedError
+ # Do not disclose the existence of status the user is not authorized to see
+ nil
end
end
allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10)
- expect(service).to have_received(:call).with(@query)
+ expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results
end
end
allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10)
- expect(service).to have_received(:call).with(@query)
+ expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results.merge(accounts: [account])
end
end
allow(ResolveURLService).to receive(:new).and_return(service)
results = subject.call(@query, 10)
- expect(service).to have_received(:call).with(@query)
+ expect(service).to have_received(:call).with(@query, on_behalf_of: nil)
expect(results).to eq empty_results.merge(statuses: [status])
end
end