6 files changed, 102 insertions, 10 deletions

diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index 95107b3dc..df2c7bebf 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -19,19 +19,26 @@ class Admin::AccountsController < ApplicationController
 
   def show; end
 
-  def update
-    if @account.update(account_params)
-      redirect_to admin_accounts_path
-    else
-      render :show
-    end
-  end
-
   def suspend
     Admin::SuspensionWorker.perform_async(@account.id)
     redirect_to admin_accounts_path
   end
 
+  def unsuspend
+    @account.update(suspended: false)
+    redirect_to admin_accounts_path
+  end
+
+  def silence
+    @account.update(silenced: true)
+    redirect_to admin_accounts_path
+  end
+
+  def unsilence
+    @account.update(silenced: false)
+    redirect_to admin_accounts_path
+  end
+
   private
 
   def set_account
diff --git a/app/controllers/admin/reports_controller.rb b/app/controllers/admin/reports_controller.rb
new file mode 100644
index 000000000..67d57e4eb
--- /dev/null
+++ b/app/controllers/admin/reports_controller.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class Admin::ReportsController < ApplicationController
+  before_action :require_admin!
+  before_action :set_report, except: [:index]
+
+  layout 'admin'
+
+  def index
+    @reports = Report.includes(:account, :target_account).paginate(page: params[:page], per_page: 40)
+    @reports = params[:action_taken].present? ? @reports.resolved : @reports.unresolved
+  end
+
+  def show
+    @statuses = Status.where(id: @report.status_ids)
+  end
+
+  def resolve
+    @report.update(action_taken: true)
+    redirect_to admin_report_path(@report)
+  end
+
+  def suspend
+    Admin::SuspensionWorker.perform_async(@report.target_account.id)
+    @report.update(action_taken: true)
+    redirect_to admin_report_path(@report)
+  end
+
+  def silence
+    @report.target_account.update(silenced: true)
+    @report.update(action_taken: true)
+    redirect_to admin_report_path(@report)
+  end
+
+  def remove
+    RemovalWorker.perform_async(params[:status_id])
+    redirect_to admin_report_path(@report)
+  end
+
+  private
+
+  def set_report
+    @report = Report.find(params[:id])
+  end
+end
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index d97010c0e..0d02294eb 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -58,6 +58,21 @@ class Api::V1::AccountsController < ApiController
     set_pagination_headers(next_path, prev_path)
   end
 
+  def media_statuses
+    media_ids = MediaAttachment.where(account: @account).where.not(status_id: nil).reorder('').select('distinct status_id')
+    @statuses = @account.statuses.where(id: media_ids).permitted_for(@account, current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
+    @statuses = cache_collection(@statuses, Status)
+
+    set_maps(@statuses)
+    set_counters_maps(@statuses)
+
+    next_path = media_statuses_api_v1_account_url(max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
+    prev_path = media_statuses_api_v1_account_url(since_id: @statuses.first.id) unless @statuses.empty?
+
+    set_pagination_headers(next_path, prev_path)
+    render action: :statuses
+  end
+
   def follow
     FollowService.new.call(current_user.account, @account.acct)
     set_relationship
diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb
new file mode 100644
index 000000000..46bdddbc1
--- /dev/null
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class Api::V1::ReportsController < ApiController
+  before_action -> { doorkeeper_authorize! :read }, except: [:create]
+  before_action -> { doorkeeper_authorize! :write }, only:  [:create]
+  before_action :require_user!
+
+  respond_to :json
+
+  def index
+    @reports = Report.where(account: current_account)
+  end
+
+  def create
+    status_ids = params[:status_ids].is_a?(Enumerable) ? params[:status_ids] : [params[:status_ids]]
+
+    @report = Report.create!(account: current_account,
+                             target_account: Account.find(params[:account_id]),
+                             status_ids: Status.find(status_ids).pluck(:id),
+                             comment: params[:comment])
+
+    render :show
+  end
+end
diff --git a/app/controllers/settings/two_factor_auths_controller.rb b/app/controllers/settings/two_factor_auths_controller.rb
index f34295cb9..cfee92391 100644
--- a/app/controllers/settings/two_factor_auths_controller.rb
+++ b/app/controllers/settings/two_factor_auths_controller.rb
@@ -8,7 +8,8 @@ class Settings::TwoFactorAuthsController < ApplicationController
   def show
     return unless current_user.otp_required_for_login
 
-    @qrcode = RQRCode::QRCode.new(current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain))
+    @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
+    @qrcode        = RQRCode::QRCode.new(@provision_url)
   end
 
   def enable
diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb
index da284d80e..c43d372ed 100644
--- a/app/controllers/stream_entries_controller.rb
+++ b/app/controllers/stream_entries_controller.rb
@@ -43,7 +43,7 @@ class StreamEntriesController < ApplicationController
   end
 
   def set_stream_entry
-    @stream_entry = @account.stream_entries.find(params[:id])
+    @stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id])
     @type         = @stream_entry.activity_type.downcase
 
     raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil? || (@stream_entry.hidden? && (@stream_entry.activity_type != 'Status' || (@stream_entry.activity_type == 'Status' && !@stream_entry.activity.permitted?(current_account))))