diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/admin/statuses_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/api/base_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/api/v1/follow_requests_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 15 | ||||
-rw-r--r-- | app/controllers/oauth/authorizations_controller.rb | 14 | ||||
-rw-r--r-- | app/controllers/settings/notifications_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/settings/preferences_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 1 |
9 files changed, 46 insertions, 6 deletions
diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb index a69f12084..62f49806c 100644 --- a/app/controllers/admin/statuses_controller.rb +++ b/app/controllers/admin/statuses_controller.rb @@ -22,6 +22,15 @@ module Admin @form = Form::StatusBatch.new end + def show + authorize :status, :index? + + @statuses = @account.statuses.where(id: params[:id]) + authorize @statuses[0], :show? + + @form = Form::StatusBatch.new + end + def create authorize :status, :update? diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 0b3735087..90f42251e 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -53,10 +53,6 @@ class Api::BaseController < ApplicationController [params[:limit].to_i.abs, default_limit * 2].min end - def truthy_param?(key) - ActiveModel::Type::Boolean.new.cast(params[key]) - end - def current_resource_owner @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb index 313fe2f81..e9aca5f8a 100644 --- a/app/controllers/api/v1/follow_requests_controller.rb +++ b/app/controllers/api/v1/follow_requests_controller.rb @@ -13,6 +13,7 @@ class Api::V1::FollowRequestsController < Api::BaseController def authorize AuthorizeFollowService.new.call(account, current_account) + NotifyService.new.call(current_account, Follow.find_by(account: account, target_account: current_account)) render_empty end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ffc31bb4..dca6c5a5a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -128,6 +128,10 @@ class ApplicationController < ActionController::Base protected + def truthy_param?(key) + ActiveModel::Type::Boolean.new.cast(params[key]) + end + def forbidden respond_with_error(403) end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 7cd46662f..d4a659409 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -11,6 +11,7 @@ class Auth::SessionsController < Devise::SessionsController prepend_before_action :set_pack before_action :set_instance_presenter, only: [:new] before_action :set_body_classes + after_action :clear_site_data, only: [:destroy] def new Devise.omniauth_configs.each do |provider, config| @@ -28,8 +29,10 @@ class Auth::SessionsController < Devise::SessionsController end def destroy + tmp_stored_location = stored_location_for(:user) super flash.delete(:notice) + store_location_for(:user, tmp_stored_location) if continue_after? end protected @@ -126,4 +129,16 @@ class Auth::SessionsController < Devise::SessionsController end paths end + + def clear_site_data + return if continue_after? + + # Should be '"*"' but that doesn't work in Chrome (neither does '"executionContexts"') + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data + response.headers['Clear-Site-Data'] = '"cache", "cookies"' + end + + def continue_after? + truthy_param?(:continue) + end end diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index eb977510b..f6f5d1ecc 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -18,4 +18,18 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController def set_pack use_pack 'auth' end + + def render_success + if skip_authorization? || (matching_token? && !truthy_param?('force_login')) + redirect_or_render authorize_response + elsif Doorkeeper.configuration.api_only + render json: pre_auth + else + render :new + end + end + + def truthy_param?(key) + ActiveModel::Type::Boolean.new.cast(params[key]) + end end diff --git a/app/controllers/settings/notifications_controller.rb b/app/controllers/settings/notifications_controller.rb index 6286e3ebf..68ebddfc9 100644 --- a/app/controllers/settings/notifications_controller.rb +++ b/app/controllers/settings/notifications_controller.rb @@ -21,7 +21,7 @@ class Settings::NotificationsController < Settings::BaseController def user_settings_params params.require(:user).permit( - notification_emails: %i(follow follow_request reblog favourite mention digest), + notification_emails: %i(follow follow_request reblog favourite mention digest report), interactions: %i(must_be_follower must_be_following must_be_following_dm) ) end diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index 4733170dc..d60e6a89f 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -42,7 +42,7 @@ class Settings::PreferencesController < Settings::BaseController :setting_system_font_ui, :setting_noindex, :setting_hide_network, - notification_emails: %i(follow follow_request reblog favourite mention digest), + notification_emails: %i(follow follow_request reblog favourite mention digest report), interactions: %i(must_be_follower must_be_following) ) end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index cf750f4bb..145e77918 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -60,6 +60,7 @@ class StatusesController < ApplicationController skip_session! expires_in 180, public: true response.headers['X-Frame-Options'] = 'ALLOWALL' + @autoplay = ActiveModel::Type::Boolean.new.cast(params[:autoplay]) render 'stream_entries/embed', layout: 'embedded' end |