about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api_controller.rb4
-rw-r--r--app/controllers/settings/profiles_controller.rb5
2 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index d2d3bc4a4..8f1c8ac8a 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -30,6 +30,10 @@ class ApiController < ApplicationController
     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
   end
 
+  rescue_from Mastodon::NotPermitted do
+    render json: { error: 'This action is not allowed' }, status: 403
+  end
+
   def doorkeeper_unauthorized_render_options(error: nil)
     { json: { error: (error.try(:description) || 'Not authorized') } }
   end
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 9e8a7da8c..4be549958 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
 class Settings::ProfilesController < ApplicationController
+  include ObfuscateFilename
+
   layout 'auth'
 
   before_action :authenticate_user!
   before_action :set_account
 
-  include ObfuscateFilename
   obfuscate_filename [:account, :avatar]
   obfuscate_filename [:account, :header]
 
@@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header)
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked)
   end
 
   def set_account
generated by cgit-pink (git 2.37.1) at 2024-07-22 21:14:30 +0000