Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users

This commit is contained in:
Eugen Rochko 2016-12-22 21:34:19 +01:00
parent f91b6fa9e1
commit 2d2154ba75
9 changed files with 27 additions and 3 deletions

View file

@ -30,6 +30,10 @@ class ApiController < ApplicationController
render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
end end
rescue_from Mastodon::NotPermitted do
render json: { error: 'This action is not allowed' }, status: 403
end
def doorkeeper_unauthorized_render_options(error: nil) def doorkeeper_unauthorized_render_options(error: nil)
{ json: { error: (error.try(:description) || 'Not authorized') } } { json: { error: (error.try(:description) || 'Not authorized') } }
end end

View file

@ -1,12 +1,13 @@
# frozen_string_literal: true # frozen_string_literal: true
class Settings::ProfilesController < ApplicationController class Settings::ProfilesController < ApplicationController
include ObfuscateFilename
layout 'auth' layout 'auth'
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_account before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header] obfuscate_filename [:account, :header]
@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController
private private
def account_params def account_params
params.require(:account).permit(:display_name, :note, :avatar, :header) params.require(:account).permit(:display_name, :note, :avatar, :header, :locked)
end end
def set_account def set_account

6
app/lib/exceptions.rb Normal file
View file

@ -0,0 +1,6 @@
# frozen_string_literal: true
module Mastodon
class Error < StandardError; end
class NotPermitted < Error; end
end

View file

@ -5,7 +5,10 @@ class BlockService < BaseService
return if account.id == target_account.id return if account.id == target_account.id
UnfollowService.new.call(account, target_account) if account.following?(target_account) UnfollowService.new.call(account, target_account) if account.following?(target_account)
UnfollowService.new.call(target_account, account) if target_account.following?(account)
account.block!(target_account) account.block!(target_account)
clear_timelines(account, target_account) clear_timelines(account, target_account)
clear_notifications(account, target_account) clear_notifications(account, target_account)
end end

View file

@ -8,6 +8,7 @@ class FollowService < BaseService
target_account = follow_remote_account_service.call(uri) target_account = follow_remote_account_service.call(uri)
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended? raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
raise Mastodon::NotPermitted if target_account.blocking?(source_account)
follow = source_account.follow!(target_account) follow = source_account.follow!(target_account)

View file

@ -8,6 +8,7 @@
= f.input :note, placeholder: t('simple_form.labels.defaults.note') = f.input :note, placeholder: t('simple_form.labels.defaults.note')
= f.input :avatar, wrapper: :with_label = f.input :avatar, wrapper: :with_label
= f.input :header, wrapper: :with_label = f.input :header, wrapper: :with_label
= f.input :locked, as: :boolean, wrapper: :with_label
.actions .actions
= f.button :button, t('generic.save_changes'), type: :submit = f.button :button, t('generic.save_changes'), type: :submit

View file

@ -2,6 +2,8 @@ require_relative 'boot'
require 'rails/all' require 'rails/all'
require_relative '../app/lib/exceptions'
# Require the gems listed in Gemfile, including any gems # Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production. # you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups) Bundler.require(*Rails.groups)

View file

@ -0,0 +1,5 @@
class AddLockedToAccounts < ActiveRecord::Migration[5.0]
def change
add_column :accounts, :locked, :boolean, null: false, default: false
end
end

View file

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20161221152630) do ActiveRecord::Schema.define(version: 20161222201034) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20161221152630) do
t.datetime "subscription_expires_at" t.datetime "subscription_expires_at"
t.boolean "silenced", default: false, null: false t.boolean "silenced", default: false, null: false
t.boolean "suspended", default: false, null: false t.boolean "suspended", default: false, null: false
t.boolean "locked", default: false, null: false
t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree
end end