diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/accounts_controller.rb | 13 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/settings/profiles_controller.rb | 2 |
3 files changed, 13 insertions, 6 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 3359eafdf..8bff3ab18 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -16,7 +16,8 @@ class AccountsController < ApplicationController unless current_account&.id == @account.id if @account.hidden || @account&.user&.hides_public_profile? - return not_found unless current_account&.following?(@account) + not_found unless current_account&.following?(@account) + return end end @@ -44,10 +45,12 @@ class AccountsController < ApplicationController format.rss do expires_in 1.minute, public: true - return not_found unless current_account&.user&.allows_rss? - - @statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE) - @statuses = cache_collection(@statuses, Status) + if current_account&.user&.allows_rss? + @statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE) + @statuses = cache_collection(@statuses, Status) + else + @statuses = [] + end render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag]) end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3169151a8..b6c2feafb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -63,6 +63,10 @@ class ApplicationController < ActionController::Base forbidden unless current_user&.staff? end + def require_halfmod! + forbidden unless current_user&.halfmod? + end + def check_user_permissions forbidden if current_user.disabled? || current_user.account.suspended? end diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index 6b3f0d311..dab613085 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -25,7 +25,7 @@ class Settings::ProfilesController < Settings::BaseController private def account_params - params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :block_anon, :gently, :kobold, :adult_content, :bot, :discoverable, :filter_undescribed, fields_attributes: [:name, :value]) + params.require(:account).permit(:display_name, :note, :avatar, :header, :replies, :locked, :hidden, :unlisted, :block_anon, :gently, :kobold, :adult_content, :bot, :discoverable, :filter_undescribed, :user_defanged, fields_attributes: [:name, :value]) end def set_account |