diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-05-01 16:52:27 +0200 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2022-05-01 16:52:27 +0200 |
| commit | 392ca0472a50ea930f46e22dccf5ce55b04ef588 (patch) | |
| tree | 9f8c6b3dcb11a620a417205f9554e8d37e5f3e12 /app/controllers | |
| parent | 252deefe3433d0cedafd973becd0d85b5182eb49 (diff) | |
| parent | 33f3818d660c67194f94c7ff2bb180f4865e6748 (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `app/javascript/packs/admin.js`: Conflicts due to glitch-soc's theming system. Upstream changes have been ported to `app/javascript/core/admin.js` - `app/models/trends/statuses.rb`: Minor conflict due to glitch-soc's option to allow CWed toots in trends. Ported upstream changes.
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/authorize_interactions_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/following_accounts_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/oauth/tokens_controller.rb | 3 |
3 files changed, 11 insertions, 5 deletions
diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb index f0bcac75b..97fe4a9ab 100644 --- a/app/controllers/authorize_interactions_controller.rb +++ b/app/controllers/authorize_interactions_controller.rb @@ -14,7 +14,7 @@ class AuthorizeInteractionsController < ApplicationController if @resource.is_a?(Account) render :show elsif @resource.is_a?(Status) - redirect_to web_url("statuses/#{@resource.id}") + redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}") else render :error end @@ -26,15 +26,17 @@ class AuthorizeInteractionsController < ApplicationController else render :error end - rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError + rescue ActiveRecord::RecordNotFound render :error end private def set_resource - @resource = located_resource || render(:error) + @resource = located_resource authorize(@resource, :show?) if @resource.is_a?(Status) + rescue Mastodon::NotPermittedError + not_found end def located_resource diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb index bc291c962..11c6b6d50 100644 --- a/app/controllers/following_accounts_controller.rb +++ b/app/controllers/following_accounts_controller.rb @@ -22,7 +22,10 @@ class FollowingAccountsController < ApplicationController end format.json do - raise Mastodon::NotPermittedError if page_requested? && @account.hide_collections? + if page_requested? && @account.hide_collections? + forbidden + next + end expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?) diff --git a/app/controllers/oauth/tokens_controller.rb b/app/controllers/oauth/tokens_controller.rb index fa6d58f25..34087b20b 100644 --- a/app/controllers/oauth/tokens_controller.rb +++ b/app/controllers/oauth/tokens_controller.rb @@ -2,7 +2,8 @@ class Oauth::TokensController < Doorkeeper::TokensController def revoke - unsubscribe_for_token if authorized? && token.accessible? + unsubscribe_for_token if token.present? && authorized? && token.accessible? + super end |