diff options
Diffstat (limited to 'app/controllers')
13 files changed, 73 insertions, 102 deletions
diff --git a/app/controllers/admin/account_moderation_notes_controller.rb b/app/controllers/admin/account_moderation_notes_controller.rb index 44f6e34f8..4f36f33f4 100644 --- a/app/controllers/admin/account_moderation_notes_controller.rb +++ b/app/controllers/admin/account_moderation_notes_controller.rb @@ -14,7 +14,7 @@ module Admin else @account = @account_moderation_note.target_account @moderation_notes = @account.targeted_moderation_notes.latest - @warnings = @account.targeted_account_warnings.latest.custom + @warnings = @account.strikes.custom.latest render template: 'admin/accounts/show' end diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 0786985fa..e7f56e243 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -28,7 +28,7 @@ module Admin @deletion_request = @account.deletion_request @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account) @moderation_notes = @account.targeted_moderation_notes.latest - @warnings = @account.targeted_account_warnings.latest.custom + @warnings = @account.strikes.custom.latest @domain_block = DomainBlock.rule_for(@account.domain) end diff --git a/app/controllers/admin/report_notes_controller.rb b/app/controllers/admin/report_notes_controller.rb index b816c5b5d..3fd815b60 100644 --- a/app/controllers/admin/report_notes_controller.rb +++ b/app/controllers/admin/report_notes_controller.rb @@ -14,20 +14,17 @@ module Admin if params[:create_and_resolve] @report.resolve!(current_account) log_action :resolve, @report - - redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg') - return - end - - if params[:create_and_unresolve] + elsif params[:create_and_unresolve] @report.unresolve! log_action :reopen, @report end - redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg') + redirect_to after_create_redirect_path, notice: I18n.t('admin.report_notes.created_msg') else - @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at) - @form = Form::StatusBatch.new + @report_notes = @report.notes.includes(:account).order(id: :desc) + @action_logs = @report.history.includes(:target) + @form = Admin::StatusBatchAction.new + @statuses = @report.statuses.with_includes render template: 'admin/reports/show' end @@ -41,6 +38,14 @@ module Admin private + def after_create_redirect_path + if params[:create_and_resolve] + admin_reports_path + else + admin_report_path(@report) + end + end + def resource_params params.require(:report_note).permit( :content, diff --git a/app/controllers/admin/reported_statuses_controller.rb b/app/controllers/admin/reported_statuses_controller.rb deleted file mode 100644 index 3ba9f5df2..000000000 --- a/app/controllers/admin/reported_statuses_controller.rb +++ /dev/null @@ -1,44 +0,0 @@ -# frozen_string_literal: true - -module Admin - class ReportedStatusesController < BaseController - before_action :set_report - - def create - authorize :status, :update? - - @form = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button)) - flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save - - redirect_to admin_report_path(@report) - rescue ActionController::ParameterMissing - flash[:alert] = I18n.t('admin.statuses.no_status_selected') - - redirect_to admin_report_path(@report) - end - - private - - def status_params - params.require(:status).permit(:sensitive) - end - - def form_status_batch_params - params.require(:form_status_batch).permit(status_ids: []) - end - - def action_from_button - if params[:nsfw_on] - 'nsfw_on' - elsif params[:nsfw_off] - 'nsfw_off' - elsif params[:delete] - 'delete' - end - end - - def set_report - @report = Report.find(params[:report_id]) - end - end -end diff --git a/app/controllers/admin/reports_controller.rb b/app/controllers/admin/reports_controller.rb index 7c831b3d4..00d200d7c 100644 --- a/app/controllers/admin/reports_controller.rb +++ b/app/controllers/admin/reports_controller.rb @@ -13,8 +13,10 @@ module Admin authorize @report, :show? @report_note = @report.notes.new - @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at) - @form = Form::StatusBatch.new + @report_notes = @report.notes.includes(:account).order(id: :desc) + @action_logs = @report.history.includes(:target) + @form = Admin::StatusBatchAction.new + @statuses = @report.statuses.with_includes end def assign_to_self diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb index b3fd4c424..8d039b281 100644 --- a/app/controllers/admin/statuses_controller.rb +++ b/app/controllers/admin/statuses_controller.rb @@ -2,71 +2,57 @@ module Admin class StatusesController < BaseController - helper_method :current_params - before_action :set_account + before_action :set_statuses PER_PAGE = 20 def index authorize :status, :index? - @statuses = @account.statuses.where(visibility: [:public, :unlisted]) - - if params[:media] - @statuses = @statuses.merge(Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)).reorder('statuses.id desc') - end - - @statuses = @statuses.preload(:media_attachments, :mentions).page(params[:page]).per(PER_PAGE) - @form = Form::StatusBatch.new - end - - def show - authorize :status, :index? - - @statuses = @account.statuses.where(id: params[:id]) - authorize @statuses.first, :show? - - @form = Form::StatusBatch.new + @status_batch_action = Admin::StatusBatchAction.new end - def create - authorize :status, :update? - - @form = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button)) - flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save - - redirect_to admin_account_statuses_path(@account.id, current_params) + def batch + @status_batch_action = Admin::StatusBatchAction.new(admin_status_batch_action_params.merge(current_account: current_account, report_id: params[:report_id], type: action_from_button)) + @status_batch_action.save! rescue ActionController::ParameterMissing flash[:alert] = I18n.t('admin.statuses.no_status_selected') - - redirect_to admin_account_statuses_path(@account.id, current_params) + ensure + redirect_to after_create_redirect_path end private - def form_status_batch_params - params.require(:form_status_batch).permit(:action, status_ids: []) + def admin_status_batch_action_params + params.require(:admin_status_batch_action).permit(status_ids: []) + end + + def after_create_redirect_path + if @status_batch_action.report_id.present? + admin_report_path(@status_batch_action.report_id) + else + admin_account_statuses_path(params[:account_id], current_params) + end end def set_account @account = Account.find(params[:account_id]) end - def current_params - page = (params[:page] || 1).to_i + def set_statuses + @statuses = Admin::StatusFilter.new(@account, filter_params).results.preload(:application, :preloadable_poll, :media_attachments, active_mentions: :account, reblog: [:account, :application, :preloadable_poll, :media_attachments, active_mentions: :account]).page(params[:page]).per(PER_PAGE) + end - { - media: params[:media], - page: page > 1 && page, - }.select { |_, value| value.present? } + def filter_params + params.slice(*Admin::StatusFilter::KEYS).permit(*Admin::StatusFilter::KEYS) end def action_from_button - if params[:nsfw_on] - 'nsfw_on' - elsif params[:nsfw_off] - 'nsfw_off' + if params[:report] + 'report' + elsif params[:remove_from_report] + 'remove_from_report' elsif params[:delete] 'delete' end diff --git a/app/controllers/api/v1/admin/account_actions_controller.rb b/app/controllers/api/v1/admin/account_actions_controller.rb index 29c9b7107..15af50822 100644 --- a/app/controllers/api/v1/admin/account_actions_controller.rb +++ b/app/controllers/api/v1/admin/account_actions_controller.rb @@ -1,7 +1,9 @@ # frozen_string_literal: true class Api::V1::Admin::AccountActionsController < Api::BaseController - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' } + protect_from_forgery with: :exception + + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' } before_action :require_staff! before_action :set_account diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 9b8f2fb05..65330b8c8 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -1,13 +1,15 @@ # frozen_string_literal: true class Api::V1::Admin::AccountsController < Api::BaseController + protect_from_forgery with: :exception + include Authorization include AccountableConcern LIMIT = 100 - before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] before_action :require_staff! before_action :set_accounts, only: :index before_action :set_account, except: :index diff --git a/app/controllers/api/v1/admin/dimensions_controller.rb b/app/controllers/api/v1/admin/dimensions_controller.rb index 5e8f0f89f..b1f738990 100644 --- a/app/controllers/api/v1/admin/dimensions_controller.rb +++ b/app/controllers/api/v1/admin/dimensions_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::DimensionsController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_dimensions diff --git a/app/controllers/api/v1/admin/measures_controller.rb b/app/controllers/api/v1/admin/measures_controller.rb index f28191753..d64c3cdf7 100644 --- a/app/controllers/api/v1/admin/measures_controller.rb +++ b/app/controllers/api/v1/admin/measures_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::MeasuresController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_measures diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb index c8f4cd8d8..fbfd0ee12 100644 --- a/app/controllers/api/v1/admin/reports_controller.rb +++ b/app/controllers/api/v1/admin/reports_controller.rb @@ -1,13 +1,15 @@ # frozen_string_literal: true class Api::V1::Admin::ReportsController < Api::BaseController + protect_from_forgery with: :exception + include Authorization include AccountableConcern LIMIT = 100 - before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:reports' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:reports' }, except: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:reports' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:reports' }, except: [:index, :show] before_action :require_staff! before_action :set_reports, only: :index before_action :set_report, except: :index @@ -32,6 +34,12 @@ class Api::V1::Admin::ReportsController < Api::BaseController render json: @report, serializer: REST::Admin::ReportSerializer end + def update + authorize @report, :update? + @report.update!(report_params) + render json: @report, serializer: REST::Admin::ReportSerializer + end + def assign_to_self authorize @report, :update? @report.update!(assigned_account_id: current_account.id) @@ -74,6 +82,10 @@ class Api::V1::Admin::ReportsController < Api::BaseController ReportFilter.new(filter_params).results end + def report_params + params.permit(:category, rule_ids: []) + end + def filter_params params.permit(*FILTER_PARAMS) end diff --git a/app/controllers/api/v1/admin/retention_controller.rb b/app/controllers/api/v1/admin/retention_controller.rb index a8ff64f21..4af5a5c4d 100644 --- a/app/controllers/api/v1/admin/retention_controller.rb +++ b/app/controllers/api/v1/admin/retention_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::RetentionController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_cohorts diff --git a/app/controllers/api/v1/admin/trends/tags_controller.rb b/app/controllers/api/v1/admin/trends/tags_controller.rb index 3653d1dd1..4815af31e 100644 --- a/app/controllers/api/v1/admin/trends/tags_controller.rb +++ b/app/controllers/api/v1/admin/trends/tags_controller.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::TagsController < Api::BaseController + protect_from_forgery with: :exception + + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_tags |