diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/api_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/settings/profiles_controller.rb | 5 | ||||
-rw-r--r-- | app/lib/exceptions.rb | 6 | ||||
-rw-r--r-- | app/services/block_service.rb | 3 | ||||
-rw-r--r-- | app/services/follow_service.rb | 1 | ||||
-rw-r--r-- | app/views/settings/profiles/show.html.haml | 1 |
6 files changed, 18 insertions, 2 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index d2d3bc4a4..8f1c8ac8a 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -30,6 +30,10 @@ class ApiController < ApplicationController render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 end + rescue_from Mastodon::NotPermitted do + render json: { error: 'This action is not allowed' }, status: 403 + end + def doorkeeper_unauthorized_render_options(error: nil) { json: { error: (error.try(:description) || 'Not authorized') } } end diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index 9e8a7da8c..4be549958 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -1,12 +1,13 @@ # frozen_string_literal: true class Settings::ProfilesController < ApplicationController + include ObfuscateFilename + layout 'auth' before_action :authenticate_user! before_action :set_account - include ObfuscateFilename obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :header] @@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController private def account_params - params.require(:account).permit(:display_name, :note, :avatar, :header) + params.require(:account).permit(:display_name, :note, :avatar, :header, :locked) end def set_account diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb new file mode 100644 index 000000000..359228c29 --- /dev/null +++ b/app/lib/exceptions.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +module Mastodon + class Error < StandardError; end + class NotPermitted < Error; end +end diff --git a/app/services/block_service.rb b/app/services/block_service.rb index 6a032a5a1..66146a72a 100644 --- a/app/services/block_service.rb +++ b/app/services/block_service.rb @@ -5,7 +5,10 @@ class BlockService < BaseService return if account.id == target_account.id UnfollowService.new.call(account, target_account) if account.following?(target_account) + UnfollowService.new.call(target_account, account) if target_account.following?(account) + account.block!(target_account) + clear_timelines(account, target_account) clear_notifications(account, target_account) end diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index ed9b62455..02baa6553 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -8,6 +8,7 @@ class FollowService < BaseService target_account = follow_remote_account_service.call(uri) raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended? + raise Mastodon::NotPermitted if target_account.blocking?(source_account) follow = source_account.follow!(target_account) diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml index c2f1adb12..a8ea9bbc4 100644 --- a/app/views/settings/profiles/show.html.haml +++ b/app/views/settings/profiles/show.html.haml @@ -8,6 +8,7 @@ = f.input :note, placeholder: t('simple_form.labels.defaults.note') = f.input :avatar, wrapper: :with_label = f.input :header, wrapper: :with_label + = f.input :locked, as: :boolean, wrapper: :with_label .actions = f.button :button, t('generic.save_changes'), type: :submit |