From: ThibG <thib@sitedethib.com>
Date: Mon, 4 Mar 2019 21:47:47 +0000 (+0100)
Subject: Ensure only people allowed to see the poll can actually vote (#10161)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=7a25bb858a2a7f3662d2ad2a8cba9ac7ea141aca;p=mastodon.git

Ensure only people allowed to see the poll can actually vote (#10161)
---

diff --git a/app/policies/poll_policy.rb b/app/policies/poll_policy.rb
index 0d839f240..9d69eb5bb 100644
--- a/app/policies/poll_policy.rb
+++ b/app/policies/poll_policy.rb
@@ -2,6 +2,6 @@
 
 class PollPolicy < ApplicationPolicy
   def vote?
-    !current_account.blocking?(record.account) && !record.account.blocking?(current_account)
+    StatusPolicy.new(current_account, record.status).show? && !current_account.blocking?(record.account) && !record.account.blocking?(current_account)
   end
 end