about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/accounts_controller.rb2
-rw-r--r--app/controllers/activitypub/collections_controller.rb2
-rw-r--r--app/controllers/activitypub/outboxes_controller.rb5
-rw-r--r--app/controllers/admin/accounts_controller.rb4
-rw-r--r--app/controllers/api/v1/polls_controller.rb17
-rw-r--r--app/controllers/application_controller.rb5
-rw-r--r--app/controllers/concerns/account_controller_concern.rb1
-rw-r--r--app/controllers/custom_css_controller.rb1
-rw-r--r--app/controllers/emojis_controller.rb2
-rw-r--r--app/controllers/follower_accounts_controller.rb5
-rw-r--r--app/controllers/following_accounts_controller.rb5
-rw-r--r--app/controllers/statuses_controller.rb12
-rw-r--r--app/controllers/stream_entries_controller.rb14
13 files changed, 26 insertions, 49 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index fcdebb47f..051b6ecbd 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -47,8 +47,6 @@ class AccountsController < ApplicationController
       end
 
       format.json do
-        mark_cacheable!
-
         render_cached_json(['activitypub', 'actor', @account], content_type: 'application/activity+json') do
           ActiveModelSerializers::SerializableResource.new(@account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter)
         end
diff --git a/app/controllers/activitypub/collections_controller.rb b/app/controllers/activitypub/collections_controller.rb
index 853f4f907..012c3c538 100644
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@@ -9,8 +9,6 @@ class ActivityPub::CollectionsController < Api::BaseController
   before_action :set_cache_headers
 
   def show
-    skip_session!
-
     render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do
       ActiveModelSerializers::SerializableResource.new(
         collection_presenter,
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 438fa226e..5147afbf7 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -10,10 +10,7 @@ class ActivityPub::OutboxesController < Api::BaseController
   before_action :set_cache_headers
 
   def show
-    unless page_requested?
-      skip_session!
-      expires_in 1.minute, public: true
-    end
+    expires_in 1.minute, public: true unless page_requested?
 
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
   end
diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index e7795e95c..b0d45ce47 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -48,13 +48,13 @@ module Admin
     def approve
       authorize @account.user, :approve?
       @account.user.approve!
-      redirect_to admin_accounts_path(pending: '1')
+      redirect_to admin_pending_accounts_path
     end
 
     def reject
       authorize @account.user, :reject?
       SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true)
-      redirect_to admin_accounts_path(pending: '1')
+      redirect_to admin_pending_accounts_path
     end
 
     def unsilence
diff --git a/app/controllers/api/v1/polls_controller.rb b/app/controllers/api/v1/polls_controller.rb
index 4f4a6858d..031e6d42d 100644
--- a/app/controllers/api/v1/polls_controller.rb
+++ b/app/controllers/api/v1/polls_controller.rb
@@ -1,13 +1,28 @@
 # frozen_string_literal: true
 
 class Api::V1::PollsController < Api::BaseController
+  include Authorization
+
   before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show
+  before_action :set_poll
+  before_action :refresh_poll
 
   respond_to :json
 
   def show
+    render json: @poll, serializer: REST::PollSerializer, include_results: true
+  end
+
+  private
+
+  def set_poll
     @poll = Poll.attached.find(params[:id])
+    authorize @poll.status, :show?
+  rescue Mastodon::NotPermittedError
+    raise ActiveRecord::RecordNotFound
+  end
+
+  def refresh_poll
     ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
-    render json: @poll, serializer: REST::PollSerializer, include_results: true
   end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5401b9d59..333082f68 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -228,11 +228,6 @@ class ApplicationController < ActionController::Base
   end
 
   def mark_cacheable!
-    skip_session!
     expires_in 0, public: true
   end
-
-  def skip_session!
-    request.session_options[:skip] = true
-  end
 end
diff --git a/app/controllers/concerns/account_controller_concern.rb b/app/controllers/concerns/account_controller_concern.rb
index 4f28941ae..1c422096c 100644
--- a/app/controllers/concerns/account_controller_concern.rb
+++ b/app/controllers/concerns/account_controller_concern.rb
@@ -70,7 +70,6 @@ module AccountControllerConcern
 
   def check_account_suspension
     if @account.suspended?
-      skip_session!
       expires_in(3.minutes, public: true)
       gone
     end
diff --git a/app/controllers/custom_css_controller.rb b/app/controllers/custom_css_controller.rb
index 31e501609..be768c089 100644
--- a/app/controllers/custom_css_controller.rb
+++ b/app/controllers/custom_css_controller.rb
@@ -4,7 +4,6 @@ class CustomCssController < ApplicationController
   before_action :set_cache_headers
 
   def show
-    skip_session!
     render plain: Setting.custom_css || '', content_type: 'text/css'
   end
 end
diff --git a/app/controllers/emojis_controller.rb b/app/controllers/emojis_controller.rb
index 5d306e600..3feb08132 100644
--- a/app/controllers/emojis_controller.rb
+++ b/app/controllers/emojis_controller.rb
@@ -7,8 +7,6 @@ class EmojisController < ApplicationController
   def show
     respond_to do |format|
       format.json do
-        skip_session!
-
         render_cached_json(['activitypub', 'emoji', @emoji], content_type: 'application/activity+json') do
           ActiveModelSerializers::SerializableResource.new(@emoji, serializer: ActivityPub::EmojiSerializer, adapter: ActivityPub::Adapter)
         end
diff --git a/app/controllers/follower_accounts_controller.rb b/app/controllers/follower_accounts_controller.rb
index 1462b94fc..fab9c8462 100644
--- a/app/controllers/follower_accounts_controller.rb
+++ b/app/controllers/follower_accounts_controller.rb
@@ -20,10 +20,7 @@ class FollowerAccountsController < ApplicationController
       format.json do
         raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network?
 
-        if params[:page].blank?
-          skip_session!
-          expires_in 3.minutes, public: true
-        end
+        expires_in 3.minutes, public: true if params[:page].blank?
 
         render json: collection_presenter,
                serializer: ActivityPub::CollectionSerializer,
diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb
index 181f85221..272116040 100644
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@@ -20,10 +20,7 @@ class FollowingAccountsController < ApplicationController
       format.json do
         raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network?
 
-        if params[:page].blank?
-          skip_session!
-          expires_in 3.minutes, public: true
-        end
+        expires_in 3.minutes, public: true if params[:page].blank?
 
         render json: collection_presenter,
                serializer: ActivityPub::CollectionSerializer,
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 28eebda28..66ba260aa 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -29,10 +29,7 @@ class StatusesController < ApplicationController
       format.html do
         use_pack 'public'
 
-        unless user_signed_in?
-          skip_session!
-          expires_in 10.seconds, public: true
-        end
+        expires_in 10.seconds, public: true if current_account.nil?
 
         @body_classes = 'with-modals'
 
@@ -43,8 +40,6 @@ class StatusesController < ApplicationController
       end
 
       format.json do
-        mark_cacheable! unless @stream_entry.hidden?
-
         render_cached_json(['activitypub', 'note', @status], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
           ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)
         end
@@ -53,8 +48,6 @@ class StatusesController < ApplicationController
   end
 
   def activity
-    skip_session!
-
     render_cached_json(['activitypub', 'activity', @status], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
       ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)
     end
@@ -64,7 +57,6 @@ class StatusesController < ApplicationController
     use_pack 'embed'
     raise ActiveRecord::RecordNotFound if @status.hidden?
 
-    skip_session!
     expires_in 180, public: true
     response.headers['X-Frame-Options'] = 'ALLOWALL'
     @autoplay = ActiveModel::Type::Boolean.new.cast(params[:autoplay])
@@ -73,8 +65,6 @@ class StatusesController < ApplicationController
   end
 
   def replies
-    skip_session!
-
     render json: replies_collection_presenter,
            serializer: ActivityPub::CollectionSerializer,
            adapter: ActivityPub::Adapter,
diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb
index 1e16c5157..1ee85592c 100644
--- a/app/controllers/stream_entries_controller.rb
+++ b/app/controllers/stream_entries_controller.rb
@@ -17,19 +17,13 @@ class StreamEntriesController < ApplicationController
       format.html do
         use_pack 'public'
 
-        unless user_signed_in?
-          skip_session!
-          expires_in 5.minutes, public: true
-        end
+        expires_in 5.minutes, public: true unless @stream_entry.hidden?
 
-        redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) if @type == 'status'
+        redirect_to short_account_status_url(params[:account_username], @stream_entry.activity)
       end
 
       format.atom do
-        unless @stream_entry.hidden?
-          skip_session!
-          expires_in 3.minutes, public: true
-        end
+        expires_in 3.minutes, public: true unless @stream_entry.hidden?
 
         render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true))
       end
@@ -57,7 +51,7 @@ class StreamEntriesController < ApplicationController
 
   def set_stream_entry
     @stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id])
-    @type         = @stream_entry.activity_type.downcase
+    @type         = 'status'
 
     raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil?
     authorize @stream_entry.activity, :show? if @stream_entry.hidden? || @stream_entry.local_only?