From 33e758a80f1fc8d117bceb1fae240805f1c601b5 Mon Sep 17 00:00:00 2001
From: mgabdev <>
Date: Fri, 15 Jan 2021 16:23:05 -0500
Subject: [PATCH] Updated StatusPolicy for private group posts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Updated:
- StatusPolicy for private group posts
- check if owner or staff first if so, show
---
 app/policies/status_policy.rb | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 038a2f81..e5a6e557 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -12,10 +12,16 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def show?
-    if requires_mention?
-      owned? || mention_exists?
-    elsif private?
-      owned? || following_author? || mention_exists?
+    return true if owned? || staff?
+
+    if private?
+      if record.group_id
+        private_group_member?
+      else
+        following_author?
+      end
+    elsif requires_mention?
+      mention_exists?
     else
       current_account.nil? || !author_blocking?
     end
@@ -84,6 +90,14 @@ class StatusPolicy < ApplicationPolicy
     @preloaded_relations[:following] ? @preloaded_relations[:following][author.id] : current_account.following?(author)
   end
 
+  def private_group_member?
+    return false if current_account.nil?
+    return false if record.group_id.nil?
+    return true if owned?
+
+    GroupAccount.where(group_id: record.group_id, account: current_account).exists?
+  end
+
   def author
     record.account
   end