diff options
-rw-r--r-- | app/controllers/api_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/settings/profiles_controller.rb | 5 | ||||
-rw-r--r-- | app/lib/exceptions.rb | 6 | ||||
-rw-r--r-- | app/services/block_service.rb | 3 | ||||
-rw-r--r-- | app/services/follow_service.rb | 1 | ||||
-rw-r--r-- | app/views/settings/profiles/show.html.haml | 1 | ||||
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | db/migrate/20161222201034_add_locked_to_accounts.rb | 5 | ||||
-rw-r--r-- | db/schema.rb | 3 |
9 files changed, 27 insertions, 3 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index d2d3bc4a4..8f1c8ac8a 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -30,6 +30,10 @@ class ApiController < ApplicationController render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 end + rescue_from Mastodon::NotPermitted do + render json: { error: 'This action is not allowed' }, status: 403 + end + def doorkeeper_unauthorized_render_options(error: nil) { json: { error: (error.try(:description) || 'Not authorized') } } end diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index 9e8a7da8c..4be549958 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -1,12 +1,13 @@ # frozen_string_literal: true class Settings::ProfilesController < ApplicationController + include ObfuscateFilename + layout 'auth' before_action :authenticate_user! before_action :set_account - include ObfuscateFilename obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :header] @@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController private def account_params - params.require(:account).permit(:display_name, :note, :avatar, :header) + params.require(:account).permit(:display_name, :note, :avatar, :header, :locked) end def set_account diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb new file mode 100644 index 000000000..359228c29 --- /dev/null +++ b/app/lib/exceptions.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +module Mastodon + class Error < StandardError; end + class NotPermitted < Error; end +end diff --git a/app/services/block_service.rb b/app/services/block_service.rb index 6a032a5a1..66146a72a 100644 --- a/app/services/block_service.rb +++ b/app/services/block_service.rb @@ -5,7 +5,10 @@ class BlockService < BaseService return if account.id == target_account.id UnfollowService.new.call(account, target_account) if account.following?(target_account) + UnfollowService.new.call(target_account, account) if target_account.following?(account) + account.block!(target_account) + clear_timelines(account, target_account) clear_notifications(account, target_account) end diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index ed9b62455..02baa6553 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -8,6 +8,7 @@ class FollowService < BaseService target_account = follow_remote_account_service.call(uri) raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended? + raise Mastodon::NotPermitted if target_account.blocking?(source_account) follow = source_account.follow!(target_account) diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml index c2f1adb12..a8ea9bbc4 100644 --- a/app/views/settings/profiles/show.html.haml +++ b/app/views/settings/profiles/show.html.haml @@ -8,6 +8,7 @@ = f.input :note, placeholder: t('simple_form.labels.defaults.note') = f.input :avatar, wrapper: :with_label = f.input :header, wrapper: :with_label + = f.input :locked, as: :boolean, wrapper: :with_label .actions = f.button :button, t('generic.save_changes'), type: :submit diff --git a/config/application.rb b/config/application.rb index 427c0e2ba..091f9c535 100644 --- a/config/application.rb +++ b/config/application.rb @@ -2,6 +2,8 @@ require_relative 'boot' require 'rails/all' +require_relative '../app/lib/exceptions' + # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) diff --git a/db/migrate/20161222201034_add_locked_to_accounts.rb b/db/migrate/20161222201034_add_locked_to_accounts.rb new file mode 100644 index 000000000..c246a90ce --- /dev/null +++ b/db/migrate/20161222201034_add_locked_to_accounts.rb @@ -0,0 +1,5 @@ +class AddLockedToAccounts < ActiveRecord::Migration[5.0] + def change + add_column :accounts, :locked, :boolean, null: false, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 706099897..47e1b098d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161221152630) do +ActiveRecord::Schema.define(version: 20161222201034) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20161221152630) do t.datetime "subscription_expires_at" t.boolean "silenced", default: false, null: false t.boolean "suspended", default: false, null: false + t.boolean "locked", default: false, null: false t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree end |