about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/accounts_controller.rb13
-rw-r--r--app/controllers/application_controller.rb4
-rw-r--r--app/controllers/settings/profiles_controller.rb2
3 files changed, 13 insertions, 6 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 3359eafdf..8bff3ab18 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -16,7 +16,8 @@ class AccountsController < ApplicationController
 
         unless current_account&.id == @account.id
           if @account.hidden || @account&.user&.hides_public_profile?
-            return not_found unless current_account&.following?(@account)
+            not_found unless current_account&.following?(@account)
+            return
           end
         end
 
@@ -44,10 +45,12 @@ class AccountsController < ApplicationController
       format.rss do
         expires_in 1.minute, public: true
 
-        return not_found unless current_account&.user&.allows_rss?
-
-        @statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE)
-        @statuses = cache_collection(@statuses, Status)
+        if current_account&.user&.allows_rss?
+          @statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE)
+          @statuses = cache_collection(@statuses, Status)
+        else
+          @statuses = []
+        end
 
         render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
       end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3169151a8..b6c2feafb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -63,6 +63,10 @@ class ApplicationController < ActionController::Base
     forbidden unless current_user&.staff?
   end
 
+  def require_halfmod!
+    forbidden unless current_user&.halfmod?
+  end
+
   def check_user_permissions
     forbidden if current_user.disabled? || current_user.account.suspended?
   end
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 6b3f0d311..dab613085 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -25,7 +25,7 @@ class Settings::ProfilesController < Settings::BaseController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :block_anon, :gently, :kobold, :adult_content, :bot, :discoverable, :filter_undescribed, fields_attributes: [:name, :value])
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :block_anon, :gently, :kobold, :adult_content, :bot, :discoverable, :filter_undescribed, :user_defanged, fields_attributes: [:name, :value])
   end
 
   def set_account
generated by cgit-pink (git 2.37.1) at 2024-07-10 04:58:47 +0000