Fix moderator rights inconsistencies (#26729)

app/lib/admin/account_statuses_filter.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Admin::AccountStatusesFilter < AccountStatusesFilter
+  private
+
+  def blocked?
+    false
+  end
+end

app/models/admin/status_batch_action.rb

@@ -140,6 +140,6 @@ class Admin::StatusBatchAction
   end
 
   def allowed_status_ids
-    AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
+    Admin::AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
   end
 end

app/policies/admin/status_policy.rb

@@ -12,7 +12,7 @@ class Admin::StatusPolicy < ApplicationPolicy
   end
 
   def show?
-    role.can?(:manage_reports, :manage_users) && (record.public_visibility? || record.unlisted_visibility? || record.reported?)
+    role.can?(:manage_reports, :manage_users) && (record.public_visibility? || record.unlisted_visibility? || record.reported? || viewable_through_normal_policy?)
   end
 
   def destroy?
@@ -26,4 +26,10 @@ class Admin::StatusPolicy < ApplicationPolicy
   def review?
     role.can?(:manage_taxonomies)
   end
+
+  private
+
+  def viewable_through_normal_policy?
+    StatusPolicy.new(current_account, record, @preloaded_relations).show?
+  end
 end

spec/controllers/admin/statuses_controller_spec.rb

@@ -52,24 +52,36 @@ describe Admin::StatusesController do
   end
 
   describe 'POST #batch' do
-    before do
-      post :batch, params: { :account_id => account.id, action => '', :admin_status_batch_action => { status_ids: status_ids } }
-    end
+    subject { post :batch, params: { :account_id => account.id, action => '', :admin_status_batch_action => { status_ids: status_ids } } }
 
     let(:status_ids) { [media_attached_status.id] }
 
-    context 'when action is report' do
+    shared_examples 'when action is report' do
       let(:action) { 'report' }
 
       it 'creates a report' do
+        subject
+
         report = Report.last
         expect(report.target_account_id).to eq account.id
         expect(report.status_ids).to eq status_ids
       end
 
       it 'redirects to report page' do
+        subject
+
         expect(response).to redirect_to(admin_report_path(Report.last.id))
       end
     end
+
+    it_behaves_like 'when action is report'
+
+    context 'when the moderator is blocked by the author' do
+      before do
+        account.block!(user.account)
+      end
+
+      it_behaves_like 'when action is report'
+    end
   end
 end

spec/policies/admin/status_policy_spec.rb

@@ -7,7 +7,8 @@ describe Admin::StatusPolicy do
   let(:policy) { described_class }
   let(:admin)   { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
   let(:john)    { Fabricate(:account) }
-  let(:status) { Fabricate(:status) }
+  let(:status) { Fabricate(:status, visibility: status_visibility) }
+  let(:status_visibility) { :public }
 
   permissions :index?, :update?, :review?, :destroy? do
     context 'with an admin' do
@@ -26,7 +27,7 @@ describe Admin::StatusPolicy do
   permissions :show? do
     context 'with an admin' do
       context 'with a public visible status' do
-        before { allow(status).to receive(:public_visibility?).and_return(true) }
+        let(:status_visibility) { :public }
 
         it 'permits' do
           expect(policy).to permit(admin, status)
@@ -34,11 +35,21 @@ describe Admin::StatusPolicy do
       end
 
       context 'with a not public visible status' do
-        before { allow(status).to receive(:public_visibility?).and_return(false) }
+        let(:status_visibility) { :direct }
 
         it 'denies' do
           expect(policy).to_not permit(admin, status)
         end
+
+        context 'when the status mentions the admin' do
+          before do
+            status.mentions.create!(account: admin)
+          end
+
+          it 'permits' do
+            expect(policy).to permit(admin, status)
+          end
+        end
       end
     end