diff options
| author | Starfall <us@starfall.systems> | 2022-06-06 13:35:20 -0500 |
|---|---|---|
| committer | Starfall <us@starfall.systems> | 2022-06-06 13:35:20 -0500 |
| commit | 78266a002b4735caaef07098ba66419fd71f47c1 (patch) | |
| tree | 4ba2bc330d5ed4b6a3a926ab9a03a89f56bc8843 /app/controllers/api | |
| parent | e9b2e11520056d0ec822ac0862923d00c6a1289c (diff) | |
| parent | 434b08e95b1a440bf9ae563b72600d1590106260 (diff) | |
Merge remote-tracking branch 'glitch/main'
Diffstat (limited to 'app/controllers/api')
| -rw-r--r-- | app/controllers/api/base_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts_controller.rb | 10 |
2 files changed, 15 insertions, 0 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index d96285b44..2e393fbb6 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -11,6 +11,7 @@ class Api::BaseController < ApplicationController skip_before_action :require_functional!, unless: :whitelist_mode? before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access? + before_action :require_not_suspended! before_action :set_cache_headers protect_from_forgery with: :null_session @@ -97,6 +98,10 @@ class Api::BaseController < ApplicationController render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user end + def require_not_suspended! + render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.suspended? + end + def require_user! if !current_user render json: { error: 'This method requires an authenticated user' }, status: 422 diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 5134bfb94..5537cc9b0 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -9,6 +9,8 @@ class Api::V1::AccountsController < Api::BaseController before_action :require_user!, except: [:show, :create] before_action :set_account, except: [:create] + before_action :check_account_approval, except: [:create] + before_action :check_account_confirmation, except: [:create] before_action :check_enabled_registrations, only: [:create] skip_before_action :require_authenticated_user!, only: :create @@ -74,6 +76,14 @@ class Api::V1::AccountsController < Api::BaseController @account = Account.find(params[:id]) end + def check_account_approval + raise(ActiveRecord::RecordNotFound) if @account.local? && @account.user_pending? + end + + def check_account_confirmation + raise(ActiveRecord::RecordNotFound) if @account.local? && !@account.user_confirmed? + end + def relationships(**options) AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options) end |