diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/admin/account_actions_controller.rb | 36 | ||||
-rw-r--r-- | app/controllers/admin/account_moderation_notes_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/admin/accounts_controller.rb | 23 | ||||
-rw-r--r-- | app/controllers/admin/reports_controller.rb | 79 | ||||
-rw-r--r-- | app/controllers/admin/silences_controller.rb | 27 | ||||
-rw-r--r-- | app/controllers/admin/suspensions_controller.rb | 60 | ||||
-rw-r--r-- | app/controllers/admin/warning_presets_controller.rb | 58 | ||||
-rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/web/embeds_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/directories_controller.rb | 2 |
10 files changed, 137 insertions, 152 deletions
diff --git a/app/controllers/admin/account_actions_controller.rb b/app/controllers/admin/account_actions_controller.rb new file mode 100644 index 000000000..e847495f1 --- /dev/null +++ b/app/controllers/admin/account_actions_controller.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +module Admin + class AccountActionsController < BaseController + before_action :set_account + + def new + @account_action = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true) + @warning_presets = AccountWarningPreset.all + end + + def create + account_action = Admin::AccountAction.new(resource_params) + account_action.target_account = @account + account_action.current_account = current_account + + account_action.save! + + if account_action.with_report? + redirect_to admin_report_path(account_action.report) + else + redirect_to admin_account_path(@account.id) + end + end + + private + + def set_account + @account = Account.find(params[:account_id]) + end + + def resource_params + params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification) + end + end +end diff --git a/app/controllers/admin/account_moderation_notes_controller.rb b/app/controllers/admin/account_moderation_notes_controller.rb index 7d5b9bf52..44f6e34f8 100644 --- a/app/controllers/admin/account_moderation_notes_controller.rb +++ b/app/controllers/admin/account_moderation_notes_controller.rb @@ -14,6 +14,7 @@ module Admin else @account = @account_moderation_note.target_account @moderation_notes = @account.targeted_moderation_notes.latest + @warnings = @account.targeted_account_warnings.latest.custom render template: 'admin/accounts/show' end diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 771302db8..10abd1e6a 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -2,9 +2,9 @@ module Admin class AccountsController < BaseController - before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :disable, :memorialize] + before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :memorialize] before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload] - before_action :require_local_account!, only: [:enable, :disable, :memorialize] + before_action :require_local_account!, only: [:enable, :memorialize] def index authorize :account, :index? @@ -13,8 +13,10 @@ module Admin def show authorize @account, :show? + @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account) - @moderation_notes = @account.targeted_moderation_notes.latest + @moderation_notes = @account.targeted_moderation_notes.latest + @warnings = @account.targeted_account_warnings.latest.custom end def subscribe @@ -43,10 +45,17 @@ module Admin redirect_to admin_account_path(@account.id) end - def disable - authorize @account.user, :disable? - @account.user.disable! - log_action :disable, @account.user + def unsilence + authorize @account, :unsilence? + @account.unsilence! + log_action :unsilence, @account + redirect_to admin_account_path(@account.id) + end + + def unsuspend + authorize @account, :unsuspend? + @account.unsuspend! + log_action :unsuspend, @account redirect_to admin_account_path(@account.id) end diff --git a/app/controllers/admin/reports_controller.rb b/app/controllers/admin/reports_controller.rb index e97ddb9b6..f138376b2 100644 --- a/app/controllers/admin/reports_controller.rb +++ b/app/controllers/admin/reports_controller.rb @@ -13,75 +13,42 @@ module Admin authorize @report, :show? @report_note = @report.notes.new - @report_notes = (@report.notes.latest + @report.history).sort_by(&:created_at) + @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at) @form = Form::StatusBatch.new end - def update + def assign_to_self authorize @report, :update? - process_report - - if @report.action_taken? - redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg') - else - redirect_to admin_report_path(@report) - end + @report.update!(assigned_account_id: current_account.id) + log_action :assigned_to_self, @report + redirect_to admin_report_path(@report) end - private - - def process_report - case params[:outcome].to_s - when 'assign_to_self' - @report.update!(assigned_account_id: current_account.id) - log_action :assigned_to_self, @report - when 'unassign' - @report.update!(assigned_account_id: nil) - log_action :unassigned, @report - when 'reopen' - @report.unresolve! - log_action :reopen, @report - when 'resolve' - @report.resolve!(current_account) - log_action :resolve, @report - when 'disable' - @report.resolve!(current_account) - @report.target_account.user.disable! - - log_action :resolve, @report - log_action :disable, @report.target_account.user - - resolve_all_target_account_reports - when 'silence' - @report.resolve!(current_account) - @report.target_account.update!(silenced: true) - - log_action :resolve, @report - log_action :silence, @report.target_account - - resolve_all_target_account_reports - else - raise ActiveRecord::RecordNotFound - end - - @report.reload + def unassign + authorize @report, :update? + @report.update!(assigned_account_id: nil) + log_action :unassigned, @report + redirect_to admin_report_path(@report) end - def resolve_all_target_account_reports - unresolved_reports_for_target_account.update_all(action_taken: true, action_taken_by_account_id: current_account.id) + def reopen + authorize @report, :update? + @report.unresolve! + log_action :reopen, @report + redirect_to admin_report_path(@report) end - def unresolved_reports_for_target_account - Report.where( - target_account: @report.target_account - ).unresolved + def resolve + authorize @report, :update? + @report.resolve!(current_account) + log_action :resolve, @report + redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg') end + private + def filtered_reports - ReportFilter.new(filter_params).results.order(id: :desc).includes( - :account, - :target_account - ) + ReportFilter.new(filter_params).results.order(id: :desc).includes(:account, :target_account) end def filter_params diff --git a/app/controllers/admin/silences_controller.rb b/app/controllers/admin/silences_controller.rb deleted file mode 100644 index 4c06a9c0c..000000000 --- a/app/controllers/admin/silences_controller.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -module Admin - class SilencesController < BaseController - before_action :set_account - - def create - authorize @account, :silence? - @account.update!(silenced: true) - log_action :silence, @account - redirect_to admin_accounts_path - end - - def destroy - authorize @account, :unsilence? - @account.update!(silenced: false) - log_action :unsilence, @account - redirect_to admin_accounts_path - end - - private - - def set_account - @account = Account.find(params[:account_id]) - end - end -end diff --git a/app/controllers/admin/suspensions_controller.rb b/app/controllers/admin/suspensions_controller.rb deleted file mode 100644 index f9bbf36fb..000000000 --- a/app/controllers/admin/suspensions_controller.rb +++ /dev/null @@ -1,60 +0,0 @@ -# frozen_string_literal: true - -module Admin - class SuspensionsController < BaseController - before_action :set_account - - def new - @suspension = Form::AdminSuspensionConfirmation.new(report_id: params[:report_id]) - end - - def create - authorize @account, :suspend? - - @suspension = Form::AdminSuspensionConfirmation.new(suspension_params) - - if suspension_params[:acct] == @account.acct - resolve_report! if suspension_params[:report_id].present? - perform_suspend! - mark_reports_resolved! - redirect_to admin_accounts_path - else - flash.now[:alert] = I18n.t('admin.suspensions.bad_acct_msg') - render :new - end - end - - def destroy - authorize @account, :unsuspend? - @account.unsuspend! - log_action :unsuspend, @account - redirect_to admin_accounts_path - end - - private - - def set_account - @account = Account.find(params[:account_id]) - end - - def suspension_params - params.require(:form_admin_suspension_confirmation).permit(:acct, :report_id) - end - - def resolve_report! - report = Report.find(suspension_params[:report_id]) - report.resolve!(current_account) - log_action :resolve, report - end - - def perform_suspend! - @account.suspend! - Admin::SuspensionWorker.perform_async(@account.id) - log_action :suspend, @account - end - - def mark_reports_resolved! - Report.where(target_account: @account).unresolved.update_all(action_taken: true, action_taken_by_account_id: current_account.id) - end - end -end diff --git a/app/controllers/admin/warning_presets_controller.rb b/app/controllers/admin/warning_presets_controller.rb new file mode 100644 index 000000000..37be842c5 --- /dev/null +++ b/app/controllers/admin/warning_presets_controller.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +module Admin + class WarningPresetsController < BaseController + before_action :set_warning_preset, except: [:index, :create] + + def index + authorize :account_warning_preset, :index? + + @warning_presets = AccountWarningPreset.all + @warning_preset = AccountWarningPreset.new + end + + def create + authorize :account_warning_preset, :create? + + @warning_preset = AccountWarningPreset.new(warning_preset_params) + + if @warning_preset.save + redirect_to admin_warning_presets_path + else + @warning_presets = AccountWarningPreset.all + render :index + end + end + + def edit + authorize @warning_preset, :update? + end + + def update + authorize @warning_preset, :update? + + if @warning_preset.update(warning_preset_params) + redirect_to admin_warning_presets_path + else + render :edit + end + end + + def destroy + authorize @warning_preset, :destroy? + + @warning_preset.destroy! + redirect_to admin_warning_presets_path + end + + private + + def set_warning_preset + @warning_preset = AccountWarningPreset.find(params[:id]) + end + + def warning_preset_params + params.require(:account_warning_preset).permit(:text) + end + end +end diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index b68a8805f..d3f1197f8 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Accounts::StatusesController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:statuses' } + before_action -> { authorize_if_got_token! :read, :'read:statuses' } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/web/embeds_controller.rb b/app/controllers/api/web/embeds_controller.rb index 987290a14..6231733b7 100644 --- a/app/controllers/api/web/embeds_controller.rb +++ b/app/controllers/api/web/embeds_controller.rb @@ -10,6 +10,7 @@ class Api::Web::EmbedsController < Api::Web::BaseController render json: status, serializer: OEmbedSerializer, width: 400 rescue ActiveRecord::RecordNotFound oembed = FetchOEmbedService.new.call(params[:url]) + oembed[:html] = Formatter.instance.sanitize(oembed[:html], Sanitize::Config::MASTODON_OEMBED) if oembed[:html].present? if oembed render json: oembed diff --git a/app/controllers/directories_controller.rb b/app/controllers/directories_controller.rb index e91e784a5..4f0f1380c 100644 --- a/app/controllers/directories_controller.rb +++ b/app/controllers/directories_controller.rb @@ -37,7 +37,7 @@ class DirectoriesController < ApplicationController end def set_accounts - @accounts = Account.discoverable.page(params[:page]).per(30).tap do |query| + @accounts = Account.discoverable.page(params[:page]).per(40).tap do |query| query.merge!(Account.tagged_with(@tag.id)) if @tag end end |