Merge branch 'show-media-endpoint-fixes' into 'develop'

MediaController OAuth scope assignments fix See merge request pleroma/pleroma!2541
author: lain <lain@soykaf.club> 2020-05-18 10:57:59 +0000
committer: lain <lain@soykaf.club> 2020-05-18 10:57:59 +0000
commit: 96f7b1b140979249cf28bc742b7749f1bee7ea9c (patch)
tree: 8d5180737211a96dc066372c640864c60c5a4f0f /lib/pleroma/object.ex
parent: 1199cf3a788334cd3fdb968d9f736e43c1401da1 (diff)
parent: 9b765652649f8b6110bd70aa90b148a90057ff6a (diff)
download: pleroma-96f7b1b140979249cf28bc742b7749f1bee7ea9c.tar.gz
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex
index e678fd415..ab16bf2db 100644
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@@ -138,12 +138,17 @@ defmodule Pleroma.Object do
 
   def normalize(_, _, _), do: nil
 
-  # Owned objects can only be mutated by their owner
-  def authorize_mutation(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}),
-    do: actor == ap_id
+  # Owned objects can only be accessed by their owner
+  def authorize_access(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}) do
+    if actor == ap_id do
+      :ok
+    else
+      {:error, :forbidden}
+    end
+  end
 
-  # Legacy objects can be mutated by anybody
-  def authorize_mutation(%Object{}, %User{}), do: true
+  # Legacy objects can be accessed by anybody
+  def authorize_access(%Object{}, %User{}), do: :ok
 
   @spec get_cached_by_ap_id(String.t()) :: Object.t() | nil
   def get_cached_by_ap_id(ap_id) do
author	lain <lain@soykaf.club>	2020-05-18 10:57:59 +0000
committer	lain <lain@soykaf.club>	2020-05-18 10:57:59 +0000
commit	96f7b1b140979249cf28bc742b7749f1bee7ea9c (patch)
tree	8d5180737211a96dc066372c640864c60c5a4f0f /lib/pleroma/object.ex
parent	1199cf3a788334cd3fdb968d9f736e43c1401da1 (diff)
parent	9b765652649f8b6110bd70aa90b148a90057ff6a (diff)
download	pleroma-96f7b1b140979249cf28bc742b7749f1bee7ea9c.tar.gz