Gab Social. All are welcome.

app/policies/account_moderation_note_policy.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AccountModerationNotePolicy < ApplicationPolicy
+  def create?
+    staff?
+  end
+
+  def destroy?
+    admin? || owner?
+  end
+
+  private
+
+  def owner?
+    record.account_id == current_account&.id
+  end
+end

app/policies/account_policy.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+class AccountPolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def show?
+    staff?
+  end
+
+  def warn?
+    staff? && !record.user&.staff?
+  end
+
+  def suspend?
+    staff? && !record.user&.staff?
+  end
+
+  def unsuspend?
+    staff?
+  end
+
+  def silence?
+    staff? && !record.user&.staff?
+  end
+
+  def unsilence?
+    staff?
+  end
+
+  def redownload?
+    admin?
+  end
+
+  def remove_avatar?
+    staff?
+  end
+
+  def remove_header?
+    staff?
+  end
+
+  def subscribe?
+    admin?
+  end
+
+  def unsubscribe?
+    admin?
+  end
+
+  def memorialize?
+    admin? && !record.user&.admin?
+  end
+
+  def upgrade?
+    !record.is_pro
+  end
+
+  def verify?
+    staff?
+  end
+
+  def update_badges?
+    staff?
+  end
+end

app/policies/account_verification_request_policy.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AccountVerificationRequestPolicy < ApplicationPolicy
+  def create?
+    current_account.is_pro and AccountVerificationRequest.where(account: current_account).count == 0
+  end
+end

app/policies/account_warning_preset_policy.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AccountWarningPresetPolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def create?
+    staff?
+  end
+
+  def update?
+    staff?
+  end
+
+  def destroy?
+    staff?
+  end
+end

app/policies/application_policy.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :current_account, :record
+
+  def initialize(current_account, record)
+    @current_account = current_account
+    @record          = record
+  end
+
+  delegate :admin?, :moderator?, :staff?, to: :current_user, allow_nil: true
+
+  private
+
+  def current_user
+    current_account&.user
+  end
+
+  def user_signed_in?
+    !current_user.nil?
+  end
+end

app/policies/backup_policy.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class BackupPolicy < ApplicationPolicy
+  MIN_AGE = 1.week
+
+  def create?
+    user_signed_in? && current_user.backups.where('created_at >= ?', MIN_AGE.ago).count.zero?
+  end
+end

app/policies/custom_emoji_policy.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class CustomEmojiPolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def create?
+    admin?
+  end
+
+  def update?
+    admin?
+  end
+
+  def copy?
+    admin?
+  end
+
+  def enable?
+    staff?
+  end
+
+  def disable?
+    staff?
+  end
+
+  def destroy?
+    admin?
+  end
+end

app/policies/domain_block_policy.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class DomainBlockPolicy < ApplicationPolicy
+  def index?
+    admin?
+  end
+
+  def show?
+    admin?
+  end
+
+  def create?
+    admin?
+  end
+
+  def destroy?
+    admin?
+  end
+end

app/policies/email_domain_block_policy.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class EmailDomainBlockPolicy < ApplicationPolicy
+  def index?
+    admin?
+  end
+
+  def create?
+    admin?
+  end
+
+  def destroy?
+    admin?
+  end
+end

app/policies/group_policy.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class GroupPolicy < ApplicationPolicy
+  def update?
+    check_archive!
+    is_group_admin?
+  end
+
+  def destroy?
+    check_archive!
+    is_group_admin?
+  end
+
+  def approve_status?
+    check_archive!
+    is_group_admin?
+  end
+
+  def destroy_status?
+    check_archive!
+    is_group_admin?
+  end
+
+  def join?
+    check_archive!
+    raise GabSocial::ValidationError, "User is already a member of this group." if is_member?
+
+    return true
+  end
+
+  def leave?
+    check_archive!
+    raise GabSocial::ValidationError, "Group member account not found." if not is_member?
+    
+    is_account_the_only_admin = (is_group_admin? and record.group_accounts.where(role: :admin).count == 1)
+    raise GabSocial::ValidationError, "This is the last admin of this group." if is_account_the_only_admin
+
+    return true
+  end
+
+  def update_account?
+    is_group_admin?
+  end
+
+  private
+
+  def is_member?
+    record.group_accounts.where(account_id: current_account.id).exists?
+  end
+
+  def is_group_admin?
+    record.group_accounts.where(account_id: current_account.id, role: :admin).exists?
+  end
+
+  def check_archive!
+    raise GabSocial::ValidationError, "This group has been archived." if record.is_archived
+  end
+end

app/policies/instance_policy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class InstancePolicy < ApplicationPolicy
+  def index?
+    admin?
+  end
+
+  def show?
+    admin?
+  end
+end

app/policies/invite_policy.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class InvitePolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def create?
+    min_required_role?
+  end
+
+  def deactivate_all?
+    admin?
+  end
+
+  def destroy?
+    owner? || (Setting.min_invite_role == 'admin' ? admin? : staff?)
+  end
+
+  private
+
+  def owner?
+    record.user_id == current_user&.id
+  end
+
+  def min_required_role?
+    current_user&.role?(Setting.min_invite_role)
+  end
+end

app/policies/poll_policy.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class PollPolicy < ApplicationPolicy
+  def vote?
+    StatusPolicy.new(current_account, record.status).show? && !current_account.blocking?(record.account) && !record.account.blocking?(current_account)
+  end
+end

app/policies/relay_policy.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class RelayPolicy < ApplicationPolicy
+  def update?
+    admin?
+  end
+end

app/policies/report_note_policy.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ReportNotePolicy < ApplicationPolicy
+  def create?
+    staff?
+  end
+
+  def destroy?
+    admin? || owner?
+  end
+
+  private
+
+  def owner?
+    record.account_id == current_account&.id
+  end
+end

app/policies/report_policy.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class ReportPolicy < ApplicationPolicy
+  def update?
+    staff?
+  end
+
+  def index?
+    staff?
+  end
+
+  def show?
+    staff?
+  end
+end

app/policies/settings_policy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class SettingsPolicy < ApplicationPolicy
+  def update?
+    admin?
+  end
+
+  def show?
+    admin?
+  end
+end

app/policies/status_policy.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+class StatusPolicy < ApplicationPolicy
+  def initialize(current_account, record, preloaded_relations = {})
+    super(current_account, record)
+
+    @preloaded_relations = preloaded_relations
+  end
+
+  def index?
+    staff?
+  end
+
+  def show?
+    if requires_mention?
+      owned? || mention_exists?
+    elsif private?
+      owned? || following_author? || mention_exists?
+    else
+      current_account.nil? || !author_blocking?
+    end
+  end
+
+  def reblog?
+    !requires_mention? && (!private? || owned?) && show? && !blocking_author?
+  end
+
+  def favourite?
+    show? && !blocking_author?
+  end
+
+  def destroy?
+    staff? || owned?
+  end
+
+  alias unreblog? destroy?
+
+  def update?
+    staff?
+  end
+
+  private
+
+  def requires_mention?
+    record.direct_visibility? || record.limited_visibility?
+  end
+
+  def owned?
+    author.id == current_account&.id
+  end
+
+  def private?
+    record.private_visibility?
+  end
+
+  def mention_exists?
+    return false if current_account.nil?
+
+    if record.mentions.loaded?
+      record.mentions.any? { |mention| mention.account_id == current_account.id }
+    else
+      record.mentions.where(account: current_account).exists?
+    end
+  end
+
+  def blocking_author?
+    return false if current_account.nil?
+
+    @preloaded_relations[:blocking] ? @preloaded_relations[:blocking][author.id] : current_account.blocking?(author)
+  end
+
+  def author_blocking?
+    return false if current_account.nil?
+
+    @preloaded_relations[:blocked_by] ? @preloaded_relations[:blocked_by][author.id] : author.blocking?(current_account)
+  end
+
+  def following_author?
+    return false if current_account.nil?
+
+    @preloaded_relations[:following] ? @preloaded_relations[:following][author.id] : current_account.following?(author)
+  end
+
+  def author
+    record.account
+  end
+end

app/policies/subscription_policy.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class SubscriptionPolicy < ApplicationPolicy
+  def index?
+    admin?
+  end
+end

app/policies/tag_policy.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class TagPolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def hide?
+    staff?
+  end
+
+  def unhide?
+    staff?
+  end
+end

app/policies/user_policy.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class UserPolicy < ApplicationPolicy
+  def reset_password?
+    staff? && !record.staff?
+  end
+
+  def change_email?
+    staff? && !record.staff?
+  end
+
+  def disable_2fa?
+    admin? && !record.staff?
+  end
+
+  def confirm?
+    staff? && !record.confirmed?
+  end
+
+  def enable?
+    staff?
+  end
+
+  def approve?
+    staff? && !record.approved?
+  end
+
+  def reject?
+    staff? && !record.approved?
+  end
+
+  def disable?
+    staff? && !record.admin?
+  end
+
+  def promote?
+    admin? && promoteable?
+  end
+
+  def demote?
+    admin? && !record.admin? && demoteable?
+  end
+
+  private
+
+  def promoteable?
+    record.approved? && (!record.staff? || !record.admin?)
+  end
+
+  def demoteable?
+    record.staff?
+  end
+end