diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/about_controller.rb | 27 | ||||
| -rw-r--r-- | app/controllers/accounts_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/admin/accounts_controller.rb | 17 | ||||
| -rw-r--r-- | app/controllers/admin/dashboard_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/admin/settings_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/api/base_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/api/v1/timelines/tag_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/auth/registrations_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/concerns/account_controller_concern.rb | 14 | ||||
| -rw-r--r-- | app/controllers/public_timelines_controller.rb | 39 | ||||
| -rw-r--r-- | app/controllers/settings/exports_controller.rb | 18 | ||||
| -rw-r--r-- | app/controllers/tags_controller.rb | 18 |
14 files changed, 122 insertions, 50 deletions
diff --git a/app/controllers/about_controller.rb b/app/controllers/about_controller.rb index ce1e8293c..f459bab19 100644 --- a/app/controllers/about_controller.rb +++ b/app/controllers/about_controller.rb @@ -2,21 +2,17 @@ class AboutController < ApplicationController before_action :set_pack - before_action :set_body_classes + layout 'public' + before_action :set_instance_presenter, only: [:show, :more, :terms] def show - serializable_resource = ActiveModelSerializers::SerializableResource.new(InitialStatePresenter.new(initial_state_params), serializer: InitialStateSerializer) - @initial_state_json = serializable_resource.to_json + @hide_navbar = true end - def more - render layout: 'public' - end + def more; end - def terms - render layout: 'public' - end + def terms; end private @@ -27,21 +23,10 @@ class AboutController < ApplicationController helper_method :new_user def set_pack - use_pack action_name == 'show' ? 'about' : 'common' + use_pack 'common' end def set_instance_presenter @instance_presenter = InstancePresenter.new end - - def set_body_classes - @body_classes = 'with-modals' - end - - def initial_state_params - { - settings: { known_fediverse: Setting.show_known_fediverse_at_about_page }, - token: current_session&.token, - } - end end diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 442e99089..157ea8569 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -81,11 +81,17 @@ class AccountsController < ApplicationController end def hashtag_scope - Status.tagged_with(Tag.find_by(name: params[:tag].downcase)&.id) + tag = Tag.find_normalized(params[:tag]) + + if tag + Status.tagged_with(tag.id) + else + Status.none + end end - def set_account - @account = Account.find_local!(params[:username]) + def username_param + params[:username] end def older_url diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 562fba996..e160c603a 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -2,9 +2,9 @@ module Admin class AccountsController < BaseController - before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize] + before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject] before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload] - before_action :require_local_account!, only: [:enable, :memorialize] + before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject] def index authorize :account, :index? @@ -45,6 +45,18 @@ module Admin redirect_to admin_account_path(@account.id) end + def approve + authorize @account.user, :approve? + @account.user.approve! + redirect_to admin_accounts_path(pending: '1') + end + + def reject + authorize @account.user, :reject? + SuspendAccountService.new.call(@account, including_user: true, destroy: true) + redirect_to admin_accounts_path(pending: '1') + end + def unsilence authorize @account, :unsilence? @account.unsilence! @@ -114,6 +126,7 @@ module Admin :remote, :by_domain, :active, + :pending, :silenced, :suspended, :username, diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index bb923c185..22bbcec19 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -10,7 +10,7 @@ module Admin @interactions_week = Redis.current.get("activity:interactions:#{current_week}") || 0 @relay_enabled = Relay.enabled.exists? @single_user_mode = Rails.configuration.x.single_user_mode - @registrations_enabled = Setting.open_registrations + @registrations_enabled = Setting.registrations_mode != 'none' @deletions_enabled = Setting.open_deletion @invites_enabled = Setting.min_invite_role == 'user' @search_enabled = Chewy.enabled? diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb index 9624df96b..a64e98868 100644 --- a/app/controllers/admin/settings_controller.rb +++ b/app/controllers/admin/settings_controller.rb @@ -10,7 +10,7 @@ module Admin site_description site_extended_description site_terms - open_registrations + registrations_mode closed_registrations_message open_deletion timeline_preview @@ -33,7 +33,6 @@ module Admin ).freeze BOOLEAN_SETTINGS = %w( - open_registrations open_deletion timeline_preview show_staff_badge diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index a1dd30918..3a92ee4e4 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -73,7 +73,9 @@ class Api::BaseController < ApplicationController elsif current_user.disabled? render json: { error: 'Your login is currently disabled' }, status: 403 elsif !current_user.confirmed? - render json: { error: 'Email confirmation is not completed' }, status: 403 + render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403 + elsif !current_user.approved? + render json: { error: 'Your login is currently pending approval' }, status: 403 else set_user_activity end diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index ed10f3f6a..8cd8f8e79 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -69,7 +69,13 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def hashtag_scope - Status.tagged_with(Tag.find_by(name: params[:tagged])&.id) + tag = Tag.find_normalized(params[:tagged]) + + if tag + Status.tagged_with(tag.id) + else + Status.none + end end def pagination_params(core_params) diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 2ccbc3cbb..b0c62778e 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -80,6 +80,10 @@ class Api::V1::AccountsController < Api::BaseController end def check_enabled_registrations - forbidden if single_user_mode? || !Setting.open_registrations + forbidden if single_user_mode? || !allowed_registrations? + end + + def allowed_registrations? + Setting.registrations_mode != 'none' end end diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 92c32c178..9adc4ad29 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -14,7 +14,7 @@ class Api::V1::Timelines::TagController < Api::BaseController private def load_tag - @tag = Tag.find_by(name: params[:id].downcase) + @tag = Tag.find_normalized(params[:id]) end def load_statuses diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index efe29b53f..74dd7ff34 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -66,7 +66,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController end def allowed_registrations? - Setting.open_registrations || @invite&.valid_for_use? + Setting.registrations_mode != 'none' || @invite&.valid_for_use? end def invite_code diff --git a/app/controllers/concerns/account_controller_concern.rb b/app/controllers/concerns/account_controller_concern.rb index 6c27ef330..8817fd7de 100644 --- a/app/controllers/concerns/account_controller_concern.rb +++ b/app/controllers/concerns/account_controller_concern.rb @@ -7,16 +7,18 @@ module AccountControllerConcern included do layout 'public' + before_action :set_account + before_action :check_account_approval + before_action :check_account_suspension before_action :set_instance_presenter before_action :set_link_headers - before_action :check_account_suspension end private def set_account - @account = Account.find_local!(params[:account_username]) + @account = Account.find_local!(username_param) end def set_instance_presenter @@ -33,6 +35,10 @@ module AccountControllerConcern ) end + def username_param + params[:account_username] + end + def webfinger_account_link [ webfinger_account_url, @@ -58,6 +64,10 @@ module AccountControllerConcern webfinger_url(resource: @account.to_webfinger_s) end + def check_account_approval + not_found if @account.user_pending? + end + def check_account_suspension gone if @account.suspended? end diff --git a/app/controllers/public_timelines_controller.rb b/app/controllers/public_timelines_controller.rb new file mode 100644 index 000000000..c5fe789f4 --- /dev/null +++ b/app/controllers/public_timelines_controller.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +class PublicTimelinesController < ApplicationController + before_action :set_pack + layout 'public' + + before_action :check_enabled + before_action :set_body_classes + before_action :set_instance_presenter + + def show + respond_to do |format| + format.html do + @initial_state_json = ActiveModelSerializers::SerializableResource.new( + InitialStatePresenter.new(settings: { known_fediverse: Setting.show_known_fediverse_at_about_page }, token: current_session&.token), + serializer: InitialStateSerializer + ).to_json + end + end + end + + private + + def check_enabled + raise ActiveRecord::RecordNotFound unless Setting.timeline_preview + end + + def set_body_classes + @body_classes = 'with-modals' + end + + def set_instance_presenter + @instance_presenter = InstancePresenter.new + end + + def set_pack + use_pack 'about' + end +end diff --git a/app/controllers/settings/exports_controller.rb b/app/controllers/settings/exports_controller.rb index cf8745576..7f76668d5 100644 --- a/app/controllers/settings/exports_controller.rb +++ b/app/controllers/settings/exports_controller.rb @@ -9,11 +9,25 @@ class Settings::ExportsController < Settings::BaseController end def create - authorize :backup, :create? + raise Mastodon::NotPermittedError unless user_signed_in? + + backup = nil + + RedisLock.acquire(lock_options) do |lock| + if lock.acquired? + authorize :backup, :create? + backup = current_user.backups.create! + else + raise Mastodon::RaceConditionError + end + end - backup = current_user.backups.create! BackupWorker.perform_async(backup.id) redirect_to settings_export_path end + + def lock_options + { redis: Redis.current, key: "backup:#{current_user.id}" } + end end diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb index 186d276c2..5cb048c1a 100644 --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -9,13 +9,15 @@ class TagsController < ApplicationController before_action :set_instance_presenter def show - @tag = Tag.find_by!(name: params[:id].downcase) + @tag = Tag.find_normalized!(params[:id]) respond_to do |format| format.html do use_pack 'about' - serializable_resource = ActiveModelSerializers::SerializableResource.new(InitialStatePresenter.new(initial_state_params), serializer: InitialStateSerializer) - @initial_state_json = serializable_resource.to_json + @initial_state_json = ActiveModelSerializers::SerializableResource.new( + InitialStatePresenter.new(settings: {}, token: current_session&.token), + serializer: InitialStateSerializer + ).to_json end format.rss do @@ -26,8 +28,7 @@ class TagsController < ApplicationController end format.json do - @statuses = HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, params[:local]) - .paginate_by_max_id(PAGE_SIZE, params[:max_id]) + @statuses = HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, params[:local]).paginate_by_max_id(PAGE_SIZE, params[:max_id]) @statuses = cache_collection(@statuses, Status) render json: collection_presenter, @@ -56,11 +57,4 @@ class TagsController < ApplicationController items: @statuses.map { |s| ActivityPub::TagManager.instance.uri_for(s) } ) end - - def initial_state_params - { - settings: {}, - token: current_session&.token, - } - end end |