about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/accounts_controller.rb2
-rw-r--r--app/controllers/api/v1/announcements_controller.rb2
-rw-r--r--app/controllers/api/v1/statuses/bookmarks_controller.rb27
-rw-r--r--app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb3
-rw-r--r--app/controllers/api/v1/statuses/favourites_controller.rb26
-rw-r--r--app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb3
-rw-r--r--app/controllers/api/v1/statuses/reblogs_controller.rb27
-rw-r--r--app/controllers/auth/registrations_controller.rb3
8 files changed, 55 insertions, 38 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index ee48da177..c4ee22847 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -9,7 +9,7 @@ class AccountsController < ApplicationController
   before_action :set_cache_headers
   before_action :set_body_classes
 
-  skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
+  skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format) }
   skip_before_action :require_functional!
 
   def show
diff --git a/app/controllers/api/v1/announcements_controller.rb b/app/controllers/api/v1/announcements_controller.rb
index ee79fc19f..1e692ff75 100644
--- a/app/controllers/api/v1/announcements_controller.rb
+++ b/app/controllers/api/v1/announcements_controller.rb
@@ -11,7 +11,7 @@ class Api::V1::AnnouncementsController < Api::BaseController
   end
 
   def dismiss
-    AnnouncementMute.find_or_create_by!(account: current_account, announcement: @announcement)
+    AnnouncementMute.create!(account: current_account, announcement: @announcement)
     render_empty
   end
 
diff --git a/app/controllers/api/v1/statuses/bookmarks_controller.rb b/app/controllers/api/v1/statuses/bookmarks_controller.rb
index a7f1eed00..bb9729cf5 100644
--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@@ -5,28 +5,35 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
 
   before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
   before_action :require_user!
-  before_action :set_status
 
   respond_to :json
 
   def create
-    current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
+    @status = bookmarked_status
     render json: @status, serializer: REST::StatusSerializer
   end
 
   def destroy
-    bookmark = current_account.bookmarks.find_by(status: @status)
-    bookmark&.destroy!
+    @status = requested_status
+    @bookmarks_map = { @status.id => false }
 
-    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
+    bookmark = Bookmark.find_by!(account: current_user.account, status: @status)
+    bookmark.destroy!
+
+    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, bookmarks_map: @bookmarks_map)
   end
 
   private
 
-  def set_status
-    @status = Status.find(params[:status_id])
-    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
+  def bookmarked_status
+    authorize_with current_user.account, requested_status, :show?
+
+    bookmark = Bookmark.find_or_create_by!(account: current_user.account, status: requested_status)
+
+    bookmark.status.reload
+  end
+
+  def requested_status
+    Status.find(params[:status_id])
   end
 end
diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
index 05f4acc33..99eff360e 100644
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@@ -69,7 +69,8 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
     @status = Status.find(params[:status_id])
     authorize @status, :show?
   rescue Mastodon::NotPermittedError
-    not_found
+    # Reraise in order to get a 404 instead of a 403 error code
+    raise ActiveRecord::RecordNotFound
   end
 
   def pagination_params(core_params)
diff --git a/app/controllers/api/v1/statuses/favourites_controller.rb b/app/controllers/api/v1/statuses/favourites_controller.rb
index f18ace996..cceee9060 100644
--- a/app/controllers/api/v1/statuses/favourites_controller.rb
+++ b/app/controllers/api/v1/statuses/favourites_controller.rb
@@ -5,26 +5,34 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
 
   before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
   before_action :require_user!
-  before_action :set_status
 
   respond_to :json
 
   def create
-    FavouriteService.new.call(current_account, @status)
+    @status = favourited_status
     render json: @status, serializer: REST::StatusSerializer
   end
 
   def destroy
-    UnfavouriteWorker.perform_async(current_account.id, @status.id)
-    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false })
+    @status = requested_status
+    @favourites_map = { @status.id => false }
+
+    UnfavouriteWorker.perform_async(current_user.account_id, @status.id)
+
+    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, favourites_map: @favourites_map)
   end
 
   private
 
-  def set_status
-    @status = Status.find(params[:status_id])
-    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
+  def favourited_status
+    service_result.status.reload
+  end
+
+  def service_result
+    FavouriteService.new.call(current_user.account, requested_status)
+  end
+
+  def requested_status
+    Status.find(params[:status_id])
   end
 end
diff --git a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
index fa60e7d84..cc285ad23 100644
--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@@ -66,7 +66,8 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
     @status = Status.find(params[:status_id])
     authorize @status, :show?
   rescue Mastodon::NotPermittedError
-    not_found
+    # Reraise in order to get a 404 instead of a 403 error code
+    raise ActiveRecord::RecordNotFound
   end
 
   def pagination_params(core_params)
diff --git a/app/controllers/api/v1/statuses/reblogs_controller.rb b/app/controllers/api/v1/statuses/reblogs_controller.rb
index 67106ccbe..42381a37f 100644
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@@ -5,34 +5,33 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
 
   before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
   before_action :require_user!
-  before_action :set_reblog
 
   respond_to :json
 
   def create
-    @status = ReblogService.new.call(current_account, @reblog, reblog_params)
+    @status = ReblogService.new.call(current_user.account, status_for_reblog, reblog_params)
     render json: @status, serializer: REST::StatusSerializer
   end
 
   def destroy
-    @status = current_account.statuses.find_by(reblog_of_id: @reblog.id)
+    @status = status_for_destroy.reblog
+    @reblogs_map = { @status.id => false }
 
-    if @status
-      authorize @status, :unreblog?
-      @status.discard
-      RemovalWorker.perform_async(@status.id)
-    end
+    authorize status_for_destroy, :unreblog?
+    status_for_destroy.discard
+    RemovalWorker.perform_async(status_for_destroy.id)
 
-    render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })
+    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, reblogs_map: @reblogs_map)
   end
 
   private
 
-  def set_reblog
-    @reblog = Status.find(params[:status_id])
-    authorize @reblog, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
+  def status_for_reblog
+    Status.find params[:status_id]
+  end
+
+  def status_for_destroy
+    @status_for_destroy ||= current_user.account.statuses.where(reblog_of_id: params[:status_id]).first!
   end
 
   def reblog_params
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index f6a85d87e..531df7751 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -42,6 +42,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
     resource.locale             = I18n.locale
     resource.invite_code        = params[:invite_code] if resource.invite_code.blank?
+    resource.agreement          = true
     resource.current_sign_in_ip = request.remote_ip
 
     resource.build_account if resource.account.nil?
@@ -49,7 +50,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
   def configure_sign_up_params
     devise_parameter_sanitizer.permit(:sign_up) do |u|
-      u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement)
+      u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code)
     end
   end
generated by cgit-pink (git 2.37.1) at 2024-07-23 12:48:29 +0000