diff options
Diffstat (limited to 'app/controllers')
17 files changed, 114 insertions, 36 deletions
diff --git a/app/controllers/about_controller.rb b/app/controllers/about_controller.rb index f459bab19..5850bd56d 100644 --- a/app/controllers/about_controller.rb +++ b/app/controllers/about_controller.rb @@ -17,7 +17,10 @@ class AboutController < ApplicationController private def new_user - User.new.tap(&:build_account) + User.new.tap do |user| + user.build_account + user.build_invite_request + end end helper_method :new_user diff --git a/app/controllers/activitypub/collections_controller.rb b/app/controllers/activitypub/collections_controller.rb index 995da9c55..853f4f907 100644 --- a/app/controllers/activitypub/collections_controller.rb +++ b/app/controllers/activitypub/collections_controller.rb @@ -6,13 +6,19 @@ class ActivityPub::CollectionsController < Api::BaseController before_action :set_account before_action :set_size before_action :set_statuses + before_action :set_cache_headers def show - render json: collection_presenter, - serializer: ActivityPub::CollectionSerializer, - adapter: ActivityPub::Adapter, - content_type: 'application/activity+json', - skip_activities: true + skip_session! + + render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do + ActiveModelSerializers::SerializableResource.new( + collection_presenter, + serializer: ActivityPub::CollectionSerializer, + adapter: ActivityPub::Adapter, + skip_activities: true + ) + end end private diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index be4289b21..438fa226e 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -7,8 +7,14 @@ class ActivityPub::OutboxesController < Api::BaseController before_action :set_account before_action :set_statuses + before_action :set_cache_headers def show + unless page_requested? + skip_session! + expires_in 1.minute, public: true + end + render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' end diff --git a/app/controllers/admin/pending_accounts_controller.rb b/app/controllers/admin/pending_accounts_controller.rb new file mode 100644 index 000000000..b62a9bc84 --- /dev/null +++ b/app/controllers/admin/pending_accounts_controller.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true + +module Admin + class PendingAccountsController < BaseController + before_action :set_accounts, only: :index + + def index + @form = Form::AccountBatch.new + end + + def batch + @form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button)) + @form.save + rescue ActionController::ParameterMissing + flash[:alert] = I18n.t('admin.accounts.no_account_selected') + ensure + redirect_to admin_pending_accounts_path(current_params) + end + + def approve_all + Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'approve').save + redirect_to admin_pending_accounts_path(current_params) + end + + def reject_all + Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'reject').save + redirect_to admin_pending_accounts_path(current_params) + end + + private + + def set_accounts + @accounts = Account.joins(:user).merge(User.pending.recent).includes(user: :invite_request).page(params[:page]) + end + + def form_account_batch_params + params.require(:form_account_batch).permit(:action, account_ids: []) + end + + def action_from_button + if params[:approve] + 'approve' + elsif params[:reject] + 'reject' + end + end + + def current_params + params.slice(:page).permit(:page) + end + end +end diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 7a45e6dd2..2dabb8398 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -19,13 +19,17 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController end def load_accounts - return [] if @account.user_hides_network? && current_account.id != @account.id + return [] if hide_results? default_accounts.merge(paginated_follows).to_a end + def hide_results? + (@account.user_hides_network? && current_account.id != @account.id) || (current_account && @account.blocking?(current_account)) + end + def default_accounts - Account.without_blocking(current_account).includes(:active_relationships, :account_stat).references(:active_relationships) + Account.includes(:active_relationships, :account_stat).references(:active_relationships) end def paginated_follows diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 0369cb25e..44e89804b 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -19,13 +19,17 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController end def load_accounts - return [] if @account.user_hides_network? && current_account.id != @account.id + return [] if hide_results? default_accounts.merge(paginated_follows).to_a end + def hide_results? + (@account.user_hides_network? && current_account.id != @account.id) || (current_account && @account.blocking?(current_account)) + end + def default_accounts - Account.without_blocking(current_account).includes(:passive_relationships, :account_stat).references(:passive_relationships) + Account.includes(:passive_relationships, :account_stat).references(:passive_relationships) end def paginated_follows diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 7aba2d0bd..8cd8f8e79 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -3,8 +3,6 @@ class Api::V1::Accounts::StatusesController < Api::BaseController before_action -> { authorize_if_got_token! :read, :'read:statuses' } before_action :set_account - before_action :check_account_suspension - before_action :check_account_block after_action :insert_pagination_headers respond_to :json @@ -20,14 +18,6 @@ class Api::V1::Accounts::StatusesController < Api::BaseController @account = Account.find(params[:account_id]) end - def check_account_suspension - gone if @account.suspended? - end - - def check_account_block - gone if current_account.present? && @account.blocking?(current_account) - end - def load_statuses cached_account_statuses end diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 685e044c3..b0c62778e 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -10,7 +10,6 @@ class Api::V1::AccountsController < Api::BaseController before_action :require_user!, except: [:show, :create] before_action :set_account, except: [:create] before_action :check_account_suspension, only: [:show] - before_action :check_account_block, only: [:show] before_action :check_enabled_registrations, only: [:create] respond_to :json @@ -76,10 +75,6 @@ class Api::V1::AccountsController < Api::BaseController gone if @account.suspended? end - def check_account_block - gone if current_account.present? && @account.blocking?(current_account) - end - def account_params params.permit(:username, :email, :password, :agreement, :locale) end diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb index e00c4d708..657e57831 100644 --- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb @@ -22,7 +22,6 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController def default_accounts Account - .without_blocking(current_account) .includes(:favourites, :account_stat) .references(:favourites) .where(favourites: { status_id: @status.id }) diff --git a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb index 9b2d0e59e..6851099f6 100644 --- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb @@ -21,7 +21,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController end def default_accounts - Account.without_blocking(current_account).includes(:statuses, :account_stat).references(:statuses) + Account.includes(:statuses, :account_stat).references(:statuses) end def paginated_statuses diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index 74dd7ff34..84099bd96 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -11,6 +11,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController before_action :set_instance_presenter, only: [:new, :create, :update] before_action :set_body_classes, only: [:new, :create, :edit, :update] + def new + super(&:build_invite_request) + end + def destroy not_found end @@ -25,17 +29,17 @@ class Auth::RegistrationsController < Devise::RegistrationsController def build_resource(hash = nil) super(hash) - resource.locale = I18n.locale - resource.invite_code = params[:invite_code] if resource.invite_code.blank? - resource.agreement = true + resource.locale = I18n.locale + resource.invite_code = params[:invite_code] if resource.invite_code.blank? + resource.agreement = true + resource.current_sign_in_ip = request.remote_ip - resource.current_sign_in_ip = request.remote_ip if resource.current_sign_in_ip.nil? resource.build_account if resource.account.nil? end def configure_sign_up_params devise_parameter_sanitizer.permit(:sign_up) do |u| - u.permit({ account_attributes: [:username] }, :email, :password, :password_confirmation, :invite_code) + u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code) end end diff --git a/app/controllers/follower_accounts_controller.rb b/app/controllers/follower_accounts_controller.rb index 213c209ab..1462b94fc 100644 --- a/app/controllers/follower_accounts_controller.rb +++ b/app/controllers/follower_accounts_controller.rb @@ -3,6 +3,8 @@ class FollowerAccountsController < ApplicationController include AccountControllerConcern + before_action :set_cache_headers + def index respond_to do |format| format.html do @@ -18,6 +20,11 @@ class FollowerAccountsController < ApplicationController format.json do raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network? + if params[:page].blank? + skip_session! + expires_in 3.minutes, public: true + end + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb index 098b2a20c..181f85221 100644 --- a/app/controllers/following_accounts_controller.rb +++ b/app/controllers/following_accounts_controller.rb @@ -3,10 +3,13 @@ class FollowingAccountsController < ApplicationController include AccountControllerConcern + before_action :set_cache_headers + def index respond_to do |format| format.html do use_pack 'public' + mark_cacheable! unless user_signed_in? next if @account.user_hides_network? @@ -17,6 +20,11 @@ class FollowingAccountsController < ApplicationController format.json do raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network? + if params[:page].blank? + skip_session! + expires_in 3.minutes, public: true + end + render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 82e5265f5..06ca03e34 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -56,7 +56,7 @@ class HomeController < ApplicationController push_subscription: current_account.user.web_push_subscription(current_session), current_account: current_account, token: current_session.token, - admin: Account.find_local(Setting.site_contact_username), + admin: Account.find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')), } end diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb index 8f857fdcc..e22b4d9be 100644 --- a/app/controllers/settings/identity_proofs_controller.rb +++ b/app/controllers/settings/identity_proofs_controller.rb @@ -18,7 +18,7 @@ class Settings::IdentityProofsController < Settings::BaseController provider_username: params[:provider_username] ) - if current_account.username == params[:username] + if current_account.username.casecmp(params[:username]).zero? render layout: 'auth' else flash[:alert] = I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username) diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index 241053261..eb7a0eb4a 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -46,7 +46,7 @@ class Settings::PreferencesController < Settings::BaseController :setting_hide_followers_count, :setting_aggregate_reblogs, :setting_show_application, - notification_emails: %i(follow follow_request reblog favourite mention digest report), + notification_emails: %i(follow follow_request reblog favourite mention digest report pending_account), interactions: %i(must_be_follower must_be_following) ) end diff --git a/app/controllers/shares_controller.rb b/app/controllers/shares_controller.rb index 4624c29a6..ada4eec54 100644 --- a/app/controllers/shares_controller.rb +++ b/app/controllers/shares_controller.rb @@ -22,7 +22,7 @@ class SharesController < ApplicationController push_subscription: current_account.user.web_push_subscription(current_session), current_account: current_account, token: current_session.token, - admin: Account.find_local(Setting.site_contact_username), + admin: Account.find_local(Setting.site_contact_username.strip.gsub(/\A@/, '')), text: text, } end |