about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authorDavid Yip <yipdw@member.fsf.org>2017-12-04 11:07:01 -0600
committerDavid Yip <yipdw@member.fsf.org>2017-12-04 11:07:01 -0600
commitd9800a5647cbc57db7679094b2271f8eb5ec328b (patch)
treef9210c465de5f9d80e294d9ffa8536f98f9c466e /app/controllers
parent1c74ede69e7a9916c19da6f05daa215231eba81c (diff)
parentf2f2f1032082d6212771bd0307136484f671d37e (diff)
Merge branch 'gs-master' into glitch-theme
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin/account_moderation_notes_controller.rb2
-rw-r--r--app/controllers/admin/accounts_controller.rb3
-rw-r--r--app/controllers/admin/action_logs_controller.rb9
-rw-r--r--app/controllers/admin/base_controller.rb1
-rw-r--r--app/controllers/admin/confirmations_controller.rb1
-rw-r--r--app/controllers/admin/custom_emojis_controller.rb8
-rw-r--r--app/controllers/admin/domain_blocks_controller.rb2
-rw-r--r--app/controllers/admin/email_domain_blocks_controller.rb4
-rw-r--r--app/controllers/admin/invites_controller.rb47
-rw-r--r--app/controllers/admin/reported_statuses_controller.rb6
-rw-r--r--app/controllers/admin/reports_controller.rb9
-rw-r--r--app/controllers/admin/resets_controller.rb1
-rw-r--r--app/controllers/admin/roles_controller.rb2
-rw-r--r--app/controllers/admin/settings_controller.rb3
-rw-r--r--app/controllers/admin/silences_controller.rb6
-rw-r--r--app/controllers/admin/statuses_controller.rb6
-rw-r--r--app/controllers/admin/suspensions_controller.rb2
-rw-r--r--app/controllers/admin/two_factor_authentications_controller.rb1
-rw-r--r--app/controllers/api/v1/accounts_controller.rb6
-rw-r--r--app/controllers/auth/registrations_controller.rb21
-rw-r--r--app/controllers/concerns/accountable_concern.rb9
-rw-r--r--app/controllers/invites_controller.rb43
-rw-r--r--app/controllers/settings/migrations_controller.rb33
23 files changed, 207 insertions, 18 deletions
diff --git a/app/controllers/admin/account_moderation_notes_controller.rb b/app/controllers/admin/account_moderation_notes_controller.rb
index 7f69a3363..7d5b9bf52 100644
--- a/app/controllers/admin/account_moderation_notes_controller.rb
+++ b/app/controllers/admin/account_moderation_notes_controller.rb
@@ -21,7 +21,7 @@ module Admin
 
     def destroy
       authorize @account_moderation_note, :destroy?
-      @account_moderation_note.destroy
+      @account_moderation_note.destroy!
       redirect_to admin_account_path(@account_moderation_note.target_account_id), notice: I18n.t('admin.account_moderation_notes.destroyed_msg')
     end
 
diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index 0829bc769..e9a512e70 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -32,18 +32,21 @@ module Admin
     def memorialize
       authorize @account, :memorialize?
       @account.memorialize!
+      log_action :memorialize, @account
       redirect_to admin_account_path(@account.id)
     end
 
     def enable
       authorize @account.user, :enable?
       @account.user.enable!
+      log_action :enable, @account.user
       redirect_to admin_account_path(@account.id)
     end
 
     def disable
       authorize @account.user, :disable?
       @account.user.disable!
+      log_action :disable, @account.user
       redirect_to admin_account_path(@account.id)
     end
 
diff --git a/app/controllers/admin/action_logs_controller.rb b/app/controllers/admin/action_logs_controller.rb
new file mode 100644
index 000000000..e273dfeae
--- /dev/null
+++ b/app/controllers/admin/action_logs_controller.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Admin
+  class ActionLogsController < BaseController
+    def index
+      @action_logs = Admin::ActionLog.page(params[:page])
+    end
+  end
+end
diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb
index 726134509..fc299f74c 100644
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@@ -3,6 +3,7 @@
 module Admin
   class BaseController < ApplicationController
     include Authorization
+    include AccountableConcern
 
     layout 'admin'
 
diff --git a/app/controllers/admin/confirmations_controller.rb b/app/controllers/admin/confirmations_controller.rb
index c10b0ebee..34dfb458e 100644
--- a/app/controllers/admin/confirmations_controller.rb
+++ b/app/controllers/admin/confirmations_controller.rb
@@ -7,6 +7,7 @@ module Admin
     def create
       authorize @user, :confirm?
       @user.confirm!
+      log_action :confirm, @user
       redirect_to admin_accounts_path
     end
 
diff --git a/app/controllers/admin/custom_emojis_controller.rb b/app/controllers/admin/custom_emojis_controller.rb
index 509f7a48f..3fa2a0b72 100644
--- a/app/controllers/admin/custom_emojis_controller.rb
+++ b/app/controllers/admin/custom_emojis_controller.rb
@@ -20,6 +20,7 @@ module Admin
       @custom_emoji = CustomEmoji.new(resource_params)
 
       if @custom_emoji.save
+        log_action :create, @custom_emoji
         redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.created_msg')
       else
         render :new
@@ -30,6 +31,7 @@ module Admin
       authorize @custom_emoji, :update?
 
       if @custom_emoji.update(resource_params)
+        log_action :update, @custom_emoji
         redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.updated_msg')
       else
         redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.update_failed_msg')
@@ -38,7 +40,8 @@ module Admin
 
     def destroy
       authorize @custom_emoji, :destroy?
-      @custom_emoji.destroy
+      @custom_emoji.destroy!
+      log_action :destroy, @custom_emoji
       redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.destroyed_msg')
     end
 
@@ -49,6 +52,7 @@ module Admin
       emoji.image = @custom_emoji.image
 
       if emoji.save
+        log_action :create, emoji
         flash[:notice] = I18n.t('admin.custom_emojis.copied_msg')
       else
         flash[:alert] = I18n.t('admin.custom_emojis.copy_failed_msg')
@@ -60,12 +64,14 @@ module Admin
     def enable
       authorize @custom_emoji, :enable?
       @custom_emoji.update!(disabled: false)
+      log_action :enable, @custom_emoji
       redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.enabled_msg')
     end
 
     def disable
       authorize @custom_emoji, :disable?
       @custom_emoji.update!(disabled: true)
+      log_action :disable, @custom_emoji
       redirect_to admin_custom_emojis_path, notice: I18n.t('admin.custom_emojis.disabled_msg')
     end
 
diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb
index e383dc831..64de2cbf0 100644
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@@ -21,6 +21,7 @@ module Admin
 
       if @domain_block.save
         DomainBlockWorker.perform_async(@domain_block.id)
+        log_action :create, @domain_block
         redirect_to admin_domain_blocks_path, notice: I18n.t('admin.domain_blocks.created_msg')
       else
         render :new
@@ -34,6 +35,7 @@ module Admin
     def destroy
       authorize @domain_block, :destroy?
       UnblockDomainService.new.call(@domain_block, retroactive_unblock?)
+      log_action :destroy, @domain_block
       redirect_to admin_domain_blocks_path, notice: I18n.t('admin.domain_blocks.destroyed_msg')
     end
 
diff --git a/app/controllers/admin/email_domain_blocks_controller.rb b/app/controllers/admin/email_domain_blocks_controller.rb
index 01058bf46..9fe85064e 100644
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@@ -20,6 +20,7 @@ module Admin
       @email_domain_block = EmailDomainBlock.new(resource_params)
 
       if @email_domain_block.save
+        log_action :create, @email_domain_block
         redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
       else
         render :new
@@ -28,7 +29,8 @@ module Admin
 
     def destroy
       authorize @email_domain_block, :destroy?
-      @email_domain_block.destroy
+      @email_domain_block.destroy!
+      log_action :destroy, @email_domain_block
       redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.destroyed_msg')
     end
 
diff --git a/app/controllers/admin/invites_controller.rb b/app/controllers/admin/invites_controller.rb
new file mode 100644
index 000000000..faccaa7c8
--- /dev/null
+++ b/app/controllers/admin/invites_controller.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Admin
+  class InvitesController < BaseController
+    def index
+      authorize :invite, :index?
+
+      @invites = filtered_invites.includes(user: :account).page(params[:page])
+      @invite  = Invite.new
+    end
+
+    def create
+      authorize :invite, :create?
+
+      @invite      = Invite.new(resource_params)
+      @invite.user = current_user
+
+      if @invite.save
+        redirect_to admin_invites_path
+      else
+        @invites = Invite.page(params[:page])
+        render :index
+      end
+    end
+
+    def destroy
+      @invite = Invite.find(params[:id])
+      authorize @invite, :destroy?
+      @invite.expire!
+      redirect_to admin_invites_path
+    end
+
+    private
+
+    def resource_params
+      params.require(:invite).permit(:max_uses, :expires_in)
+    end
+
+    def filtered_invites
+      InviteFilter.new(filter_params).results
+    end
+
+    def filter_params
+      params.permit(:available, :expired)
+    end
+  end
+end
diff --git a/app/controllers/admin/reported_statuses_controller.rb b/app/controllers/admin/reported_statuses_controller.rb
index 4f66ce708..535bd11d4 100644
--- a/app/controllers/admin/reported_statuses_controller.rb
+++ b/app/controllers/admin/reported_statuses_controller.rb
@@ -8,7 +8,7 @@ module Admin
     def create
       authorize :status, :update?
 
-      @form         = Form::StatusBatch.new(form_status_batch_params)
+      @form         = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account))
       flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save
 
       redirect_to admin_report_path(@report)
@@ -16,13 +16,15 @@ module Admin
 
     def update
       authorize @status, :update?
-      @status.update(status_params)
+      @status.update!(status_params)
+      log_action :update, @status
       redirect_to admin_report_path(@report)
     end
 
     def destroy
       authorize @status, :destroy?
       RemovalWorker.perform_async(@status.id)
+      log_action :destroy, @status
       render json: @status
     end
 
diff --git a/app/controllers/admin/reports_controller.rb b/app/controllers/admin/reports_controller.rb
index 745757ee8..75db6b78a 100644
--- a/app/controllers/admin/reports_controller.rb
+++ b/app/controllers/admin/reports_controller.rb
@@ -25,12 +25,17 @@ module Admin
     def process_report
       case params[:outcome].to_s
       when 'resolve'
-        @report.update(action_taken_by_current_attributes)
+        @report.update!(action_taken_by_current_attributes)
+        log_action :resolve, @report
       when 'suspend'
         Admin::SuspensionWorker.perform_async(@report.target_account.id)
+        log_action :resolve, @report
+        log_action :suspend, @report.target_account
         resolve_all_target_account_reports
       when 'silence'
-        @report.target_account.update(silenced: true)
+        @report.target_account.update!(silenced: true)
+        log_action :resolve, @report
+        log_action :silence, @report.target_account
         resolve_all_target_account_reports
       else
         raise ActiveRecord::RecordNotFound
diff --git a/app/controllers/admin/resets_controller.rb b/app/controllers/admin/resets_controller.rb
index 00b590bf6..3e27d01ac 100644
--- a/app/controllers/admin/resets_controller.rb
+++ b/app/controllers/admin/resets_controller.rb
@@ -7,6 +7,7 @@ module Admin
     def create
       authorize @user, :reset_password?
       @user.send_reset_password_instructions
+      log_action :reset_password, @user
       redirect_to admin_accounts_path
     end
 
diff --git a/app/controllers/admin/roles_controller.rb b/app/controllers/admin/roles_controller.rb
index 8f8685827..af7ec0740 100644
--- a/app/controllers/admin/roles_controller.rb
+++ b/app/controllers/admin/roles_controller.rb
@@ -7,12 +7,14 @@ module Admin
     def promote
       authorize @user, :promote?
       @user.promote!
+      log_action :promote, @user
       redirect_to admin_account_path(@user.account_id)
     end
 
     def demote
       authorize @user, :demote?
       @user.demote!
+      log_action :demote, @user
       redirect_to admin_account_path(@user.account_id)
     end
 
diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb
index e81290228..eed5fb6b5 100644
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@@ -13,14 +13,17 @@ module Admin
       closed_registrations_message
       open_deletion
       timeline_preview
+      show_staff_badge
       bootstrap_timeline_accounts
       thumbnail
+      min_invite_role
     ).freeze
 
     BOOLEAN_SETTINGS = %w(
       open_registrations
       open_deletion
       timeline_preview
+      show_staff_badge
     ).freeze
 
     UPLOAD_SETTINGS = %w(
diff --git a/app/controllers/admin/silences_controller.rb b/app/controllers/admin/silences_controller.rb
index 01fb292de..4c06a9c0c 100644
--- a/app/controllers/admin/silences_controller.rb
+++ b/app/controllers/admin/silences_controller.rb
@@ -6,13 +6,15 @@ module Admin
 
     def create
       authorize @account, :silence?
-      @account.update(silenced: true)
+      @account.update!(silenced: true)
+      log_action :silence, @account
       redirect_to admin_accounts_path
     end
 
     def destroy
       authorize @account, :unsilence?
-      @account.update(silenced: false)
+      @account.update!(silenced: false)
+      log_action :unsilence, @account
       redirect_to admin_accounts_path
     end
 
diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb
index b54a9b824..5d4325f57 100644
--- a/app/controllers/admin/statuses_controller.rb
+++ b/app/controllers/admin/statuses_controller.rb
@@ -26,7 +26,7 @@ module Admin
     def create
       authorize :status, :update?
 
-      @form         = Form::StatusBatch.new(form_status_batch_params)
+      @form         = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account))
       flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save
 
       redirect_to admin_account_statuses_path(@account.id, current_params)
@@ -34,13 +34,15 @@ module Admin
 
     def update
       authorize @status, :update?
-      @status.update(status_params)
+      @status.update!(status_params)
+      log_action :update, @status
       redirect_to admin_account_statuses_path(@account.id, current_params)
     end
 
     def destroy
       authorize @status, :destroy?
       RemovalWorker.perform_async(@status.id)
+      log_action :destroy, @status
       render json: @status
     end
 
diff --git a/app/controllers/admin/suspensions_controller.rb b/app/controllers/admin/suspensions_controller.rb
index 778feea5e..5f222e125 100644
--- a/app/controllers/admin/suspensions_controller.rb
+++ b/app/controllers/admin/suspensions_controller.rb
@@ -7,12 +7,14 @@ module Admin
     def create
       authorize @account, :suspend?
       Admin::SuspensionWorker.perform_async(@account.id)
+      log_action :suspend, @account
       redirect_to admin_accounts_path
     end
 
     def destroy
       authorize @account, :unsuspend?
       @account.unsuspend!
+      log_action :unsuspend, @account
       redirect_to admin_accounts_path
     end
 
diff --git a/app/controllers/admin/two_factor_authentications_controller.rb b/app/controllers/admin/two_factor_authentications_controller.rb
index 5a45d25cd..022107203 100644
--- a/app/controllers/admin/two_factor_authentications_controller.rb
+++ b/app/controllers/admin/two_factor_authentications_controller.rb
@@ -7,6 +7,7 @@ module Admin
     def destroy
       authorize @user, :disable_2fa?
       @user.disable_two_factor!
+      log_action :disable_2fa, @user
       redirect_to admin_accounts_path
     end
 
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 85eb2d60e..b1a2ed573 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -13,11 +13,9 @@ class Api::V1::AccountsController < Api::BaseController
   end
 
   def follow
-    reblogs_arg = { reblogs: params[:reblogs] }
-    
-    FollowService.new.call(current_user.account, @account.acct, reblogs_arg)
+    FollowService.new.call(current_user.account, @account.acct, reblogs: params[:reblogs])
 
-    options = @account.locked? ? {} : { following_map: { @account.id => reblogs_arg }, requested_map: { @account.id => false } }
+    options = @account.locked? ? {} : { following_map: { @account.id => { reblogs: params[:reblogs] } }, requested_map: { @account.id => false } }
 
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(options)
   end
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index 42e852c04..f4247fd95 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -17,13 +17,16 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
   def build_resource(hash = nil)
     super(hash)
-    resource.locale = I18n.locale
+
+    resource.locale      = I18n.locale
+    resource.invite_code = params[:invite_code] if resource.invite_code.blank?
+
     resource.build_account if resource.account.nil?
   end
 
   def configure_sign_up_params
     devise_parameter_sanitizer.permit(:sign_up) do |u|
-      u.permit({ account_attributes: [:username] }, :email, :password, :password_confirmation)
+      u.permit({ account_attributes: [:username] }, :email, :password, :password_confirmation, :invite_code)
     end
   end
 
@@ -36,7 +39,19 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def check_enabled_registrations
-    redirect_to root_path if single_user_mode? || !Setting.open_registrations
+    redirect_to root_path if single_user_mode? || !allowed_registrations?
+  end
+
+  def allowed_registrations?
+    Setting.open_registrations || (invite_code.present? && Invite.find_by(code: invite_code)&.valid_for_use?)
+  end
+
+  def invite_code
+    if params[:user]
+      params[:user][:invite_code]
+    else
+      params[:invite_code]
+    end
   end
 
   private
diff --git a/app/controllers/concerns/accountable_concern.rb b/app/controllers/concerns/accountable_concern.rb
new file mode 100644
index 000000000..3cdcffc51
--- /dev/null
+++ b/app/controllers/concerns/accountable_concern.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module AccountableConcern
+  extend ActiveSupport::Concern
+
+  def log_action(action, target)
+    Admin::ActionLog.create(account: current_account, action: action, target: target)
+  end
+end
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
new file mode 100644
index 000000000..38d6c8d73
--- /dev/null
+++ b/app/controllers/invites_controller.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class InvitesController < ApplicationController
+  include Authorization
+
+  layout 'admin'
+
+  before_action :authenticate_user!
+
+  def index
+    authorize :invite, :create?
+
+    @invites = Invite.where(user: current_user)
+    @invite  = Invite.new(expires_in: 1.day.to_i)
+  end
+
+  def create
+    authorize :invite, :create?
+
+    @invite      = Invite.new(resource_params)
+    @invite.user = current_user
+
+    if @invite.save
+      redirect_to invites_path
+    else
+      @invites = Invite.where(user: current_user)
+      render :index
+    end
+  end
+
+  def destroy
+    @invite = Invite.where(user: current_user).find(params[:id])
+    authorize @invite, :destroy?
+    @invite.expire!
+    redirect_to invites_path
+  end
+
+  private
+
+  def resource_params
+    params.require(:invite).permit(:max_uses, :expires_in)
+  end
+end
diff --git a/app/controllers/settings/migrations_controller.rb b/app/controllers/settings/migrations_controller.rb
new file mode 100644
index 000000000..b18403a7f
--- /dev/null
+++ b/app/controllers/settings/migrations_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Settings::MigrationsController < ApplicationController
+  layout 'admin'
+
+  before_action :authenticate_user!
+
+  def show
+    @migration = Form::Migration.new(account: current_account.moved_to_account)
+  end
+
+  def update
+    @migration = Form::Migration.new(resource_params)
+
+    if @migration.valid? && migration_account_changed?
+      current_account.update!(moved_to_account: @migration.account)
+      ActivityPub::UpdateDistributionWorker.perform_async(current_account.id)
+      redirect_to settings_migration_path, notice: I18n.t('migrations.updated_msg')
+    else
+      render :show
+    end
+  end
+
+  private
+
+  def resource_params
+    params.require(:migration).permit(:acct)
+  end
+
+  def migration_account_changed?
+    current_account.moved_to_account_id != @migration.account&.id
+  end
+end