about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-02-26 23:23:06 +0100
committerEugen Rochko <eugen@zeonfederated.com>2017-02-26 23:23:06 +0100
commit5f511324b65f94d800dbbd3850214955d7d9eb73 (patch)
tree5ed179289819d61df1a4c15851389aa7d9b42f19 /app
parent063432d7e352a0dfb7da0e198886b88e3b8a55bb (diff)
Add validation of media attachments, clean up mastodon-own exception classes
Diffstat (limited to 'app')
-rw-r--r--app/controllers/api/v1/statuses_controller.rb10
-rw-r--r--app/controllers/api_controller.rb4
-rw-r--r--app/controllers/authorize_follow_controller.rb2
-rw-r--r--app/lib/exceptions.rb3
-rw-r--r--app/services/favourite_service.rb2
-rw-r--r--app/services/follow_service.rb2
-rw-r--r--app/services/post_status_service.rb19
-rw-r--r--app/services/reblog_service.rb2
8 files changed, 22 insertions, 22 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 2ffd4a018..552f1b1b3 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -62,11 +62,11 @@ class Api::V1::StatusesController < ApiController
   end
 
   def create
-      @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
-                                                                                                                                                               sensitive: params[:sensitive],
-                                                                                                                                                               spoiler_text: params[:spoiler_text],
-                                                                                                                                                               visibility: params[:visibility],
-                                                                                                                                                               application: doorkeeper_token.application)
+    @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
+                                                                                                                                                             sensitive: params[:sensitive],
+                                                                                                                                                             spoiler_text: params[:spoiler_text],
+                                                                                                                                                             visibility: params[:visibility],
+                                                                                                                                                             application: doorkeeper_token.application)
     render action: :show
   end
 
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 5d2bd9a22..c2002cb79 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -10,7 +10,7 @@ class ApiController < ApplicationController
 
   before_action :set_rate_limit_headers
 
-  rescue_from ActiveRecord::RecordInvalid do |e|
+  rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
     render json: { error: e.to_s }, status: 422
   end
 
@@ -30,7 +30,7 @@ class ApiController < ApplicationController
     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
   end
 
-  rescue_from Mastodon::NotPermitted do
+  rescue_from Mastodon::NotPermittedError do
     render json: { error: 'This action is not allowed' }, status: 403
   end
 
diff --git a/app/controllers/authorize_follow_controller.rb b/app/controllers/authorize_follow_controller.rb
index e866b5599..c98a5f45f 100644
--- a/app/controllers/authorize_follow_controller.rb
+++ b/app/controllers/authorize_follow_controller.rb
@@ -25,7 +25,7 @@ class AuthorizeFollowController < ApplicationController
     else
       redirect_to web_url("accounts/#{@account.id}")
     end
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermitted
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     render :error
   end
 
diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb
index 359228c29..200da9fe1 100644
--- a/app/lib/exceptions.rb
+++ b/app/lib/exceptions.rb
@@ -2,5 +2,6 @@
 
 module Mastodon
   class Error < StandardError; end
-  class NotPermitted < Error; end
+  class NotPermittedError < Error; end
+  class ValidationError < Error; end
 end
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index 818898302..5cc96403c 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -6,7 +6,7 @@ class FavouriteService < BaseService
   # @param [Status] status
   # @return [Favourite]
   def call(account, status)
-    raise Mastodon::NotPermitted unless status.permitted?(account)
+    raise Mastodon::NotPermittedError unless status.permitted?(account)
 
     favourite = Favourite.create!(account: account, status: status)
 
diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index 915f95b4c..17b3b2542 100644
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -10,7 +10,7 @@ class FollowService < BaseService
     target_account = FollowRemoteAccountService.new.call(uri)
 
     raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
-    raise Mastodon::NotPermitted       if target_account.blocking?(source_account) || source_account.blocking?(target_account)
+    raise Mastodon::NotPermittedError       if target_account.blocking?(source_account) || source_account.blocking?(target_account)
 
     if target_account.locked?
       request_follow(source_account, target_account)
diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 7ead80430..b8179f7dc 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -13,7 +13,7 @@ class PostStatusService < BaseService
   # @option [Doorkeeper::Application] :application
   # @return [Status]
   def call(account, text, in_reply_to = nil, options = {})
-    media = validate_media options[:media_ids]
+    media  = validate_media!(options[:media_ids])
     status = account.statuses.create!(text: text,
                                       thread: in_reply_to,
                                       sensitive: options[:sensitive],
@@ -34,17 +34,16 @@ class PostStatusService < BaseService
 
   private
 
-  def validate_media(media_ids)
+  def validate_media!(media_ids)
     return if media_ids.nil? || !media_ids.is_a?(Enumerable)
+
+    raise Mastodon::ValidationError, 'Cannot attach more than 4 files' if media_ids.size > 4
+
     media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i))
-    if media.length > 1
-      media.each do |m|
-        if m.video?
-          raise Mastodon::NotPermitted, 'Cannot attach a video to a toot that already contains images'
-        end
-      end
-    end
-    return media
+
+    raise Mastodon::ValidationError, 'Cannot attach a video to a toot that already contains images' if media.size > 1 && media.find(&:video?)
+
+    media
   end
 
   def attach_media(status, media)
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 7a52f041f..c14b2925a 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -10,7 +10,7 @@ class ReblogService < BaseService
   def call(account, reblogged_status)
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
 
-    raise Mastodon::NotPermitted if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
+    raise Mastodon::NotPermittedError if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
 
     reblog = account.statuses.create!(reblog: reblogged_status, text: '')