From e8ffecbd3606a1558563e0cb5f8ea296a6ab2ede Mon Sep 17 00:00:00 2001 From: Yamagishi Kazutoshi Date: Thu, 25 Oct 2018 07:10:01 +0900 Subject: Set @body_classes to admin layout (#9081) --- app/controllers/admin/base_controller.rb | 9 ++++++++- app/controllers/filters_controller.rb | 5 +++++ app/controllers/invites_controller.rb | 5 +++++ app/controllers/settings/applications_controller.rb | 5 +++++ app/controllers/settings/deletes_controller.rb | 5 +++++ app/controllers/settings/exports_controller.rb | 7 +++++++ app/controllers/settings/follower_domains_controller.rb | 5 +++++ app/controllers/settings/imports_controller.rb | 5 +++++ app/controllers/settings/migrations_controller.rb | 5 +++++ app/controllers/settings/notifications_controller.rb | 5 +++++ app/controllers/settings/preferences_controller.rb | 5 +++++ app/controllers/settings/profiles_controller.rb | 5 +++++ app/controllers/settings/sessions_controller.rb | 5 +++++ .../two_factor_authentication/confirmations_controller.rb | 5 +++++ .../two_factor_authentication/recovery_codes_controller.rb | 7 +++++++ .../settings/two_factor_authentications_controller.rb | 5 +++++ 16 files changed, 87 insertions(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 7fb69d578..8593b582a 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -5,8 +5,15 @@ module Admin include Authorization include AccountableConcern + layout 'admin' + before_action :require_staff! + before_action :set_body_classes - layout 'admin' + private + + def set_body_classes + @body_classes = 'admin' + end end end diff --git a/app/controllers/filters_controller.rb b/app/controllers/filters_controller.rb index 175dbab07..d2e0fb739 100644 --- a/app/controllers/filters_controller.rb +++ b/app/controllers/filters_controller.rb @@ -7,6 +7,7 @@ class FiltersController < ApplicationController before_action :set_filters, only: :index before_action :set_filter, only: [:edit, :update, :destroy] + before_action :set_body_classes def index @filters = current_account.custom_filters @@ -54,4 +55,8 @@ class FiltersController < ApplicationController def resource_params params.require(:custom_filter).permit(:phrase, :expires_in, :irreversible, :whole_word, context: []) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 3aaa2776f..fdb3a0962 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -6,6 +6,7 @@ class InvitesController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def index authorize :invite, :create? @@ -44,4 +45,8 @@ class InvitesController < ApplicationController def resource_params params.require(:invite).permit(:max_uses, :expires_in, :autofollow) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/applications_controller.rb b/app/controllers/settings/applications_controller.rb index 2a4962311..a1a2c57fa 100644 --- a/app/controllers/settings/applications_controller.rb +++ b/app/controllers/settings/applications_controller.rb @@ -6,6 +6,7 @@ class Settings::ApplicationsController < ApplicationController before_action :authenticate_user! before_action :set_application, only: [:show, :update, :destroy, :regenerate] before_action :prepare_scopes, only: [:create, :update] + before_action :set_body_classes def index @applications = current_user.applications.order(id: :desc).page(params[:page]) @@ -69,4 +70,8 @@ class Settings::ApplicationsController < ApplicationController scopes = params.fetch(:doorkeeper_application, {}).fetch(:scopes, nil) params[:doorkeeper_application][:scopes] = scopes.join(' ') if scopes.is_a? Array end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/deletes_controller.rb b/app/controllers/settings/deletes_controller.rb index 80002b995..97f3946c8 100644 --- a/app/controllers/settings/deletes_controller.rb +++ b/app/controllers/settings/deletes_controller.rb @@ -5,6 +5,7 @@ class Settings::DeletesController < ApplicationController before_action :check_enabled_deletion before_action :authenticate_user! + before_action :set_body_classes def show @confirmation = Form::DeleteConfirmation.new @@ -29,4 +30,8 @@ class Settings::DeletesController < ApplicationController def delete_params params.require(:form_delete_confirmation).permit(:password) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/exports_controller.rb b/app/controllers/settings/exports_controller.rb index 869e11d3b..3a2334ef0 100644 --- a/app/controllers/settings/exports_controller.rb +++ b/app/controllers/settings/exports_controller.rb @@ -6,6 +6,7 @@ class Settings::ExportsController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def show @export = Export.new(current_account) @@ -20,4 +21,10 @@ class Settings::ExportsController < ApplicationController redirect_to settings_export_path end + + private + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/follower_domains_controller.rb b/app/controllers/settings/follower_domains_controller.rb index a128bd136..9c39e66bb 100644 --- a/app/controllers/settings/follower_domains_controller.rb +++ b/app/controllers/settings/follower_domains_controller.rb @@ -4,6 +4,7 @@ class Settings::FollowerDomainsController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def show @account = current_account @@ -25,4 +26,8 @@ class Settings::FollowerDomainsController < ApplicationController def bulk_params params.permit(select: []) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/imports_controller.rb b/app/controllers/settings/imports_controller.rb index 0db13d1ca..e9548ce62 100644 --- a/app/controllers/settings/imports_controller.rb +++ b/app/controllers/settings/imports_controller.rb @@ -5,6 +5,7 @@ class Settings::ImportsController < ApplicationController before_action :authenticate_user! before_action :set_account + before_action :set_body_classes def show @import = Import.new @@ -31,4 +32,8 @@ class Settings::ImportsController < ApplicationController def import_params params.require(:import).permit(:data, :type) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/migrations_controller.rb b/app/controllers/settings/migrations_controller.rb index bc6436b87..bd4f9c87a 100644 --- a/app/controllers/settings/migrations_controller.rb +++ b/app/controllers/settings/migrations_controller.rb @@ -4,6 +4,7 @@ class Settings::MigrationsController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def show @migration = Form::Migration.new(account: current_account.moved_to_account) @@ -31,4 +32,8 @@ class Settings::MigrationsController < ApplicationController current_account.moved_to_account_id != @migration.account&.id && current_account.id != @migration.account&.id end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/notifications_controller.rb b/app/controllers/settings/notifications_controller.rb index fe45c17b2..d0754296c 100644 --- a/app/controllers/settings/notifications_controller.rb +++ b/app/controllers/settings/notifications_controller.rb @@ -4,6 +4,7 @@ class Settings::NotificationsController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def show; end @@ -29,4 +30,8 @@ class Settings::NotificationsController < ApplicationController interactions: %i(must_be_follower must_be_following must_be_following_dm) ) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index b83900f07..7bb5fb112 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -4,6 +4,7 @@ class Settings::PreferencesController < ApplicationController layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def show; end @@ -51,4 +52,8 @@ class Settings::PreferencesController < ApplicationController interactions: %i(must_be_follower must_be_following) ) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index fe265c81d..5b3bfd71f 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -7,6 +7,7 @@ class Settings::ProfilesController < ApplicationController before_action :authenticate_user! before_action :set_account + before_action :set_body_classes obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :header] @@ -34,4 +35,8 @@ class Settings::ProfilesController < ApplicationController def set_account @account = current_user.account end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/sessions_controller.rb b/app/controllers/settings/sessions_controller.rb index 0da1b027b..74cebc07b 100644 --- a/app/controllers/settings/sessions_controller.rb +++ b/app/controllers/settings/sessions_controller.rb @@ -2,6 +2,7 @@ class Settings::SessionsController < ApplicationController before_action :set_session, only: :destroy + before_action :set_body_classes def destroy @session.destroy! @@ -14,4 +15,8 @@ class Settings::SessionsController < ApplicationController def set_session @session = current_user.session_activations.find(params[:id]) end + + def set_body_classes + @body_classes = 'admin' + end end diff --git a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb index 8d534960d..ee567c2a7 100644 --- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb +++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb @@ -7,6 +7,7 @@ module Settings before_action :authenticate_user! before_action :ensure_otp_secret + before_action :set_body_classes def new prepare_two_factor_form @@ -43,6 +44,10 @@ module Settings def ensure_otp_secret redirect_to settings_two_factor_authentication_path unless current_user.otp_secret end + + def set_body_classes + @body_classes = 'admin' + end end end end diff --git a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb index e591e9502..bfb103620 100644 --- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb +++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb @@ -6,6 +6,7 @@ module Settings layout 'admin' before_action :authenticate_user! + before_action :set_body_classes def create @recovery_codes = current_user.generate_otp_backup_codes! @@ -13,6 +14,12 @@ module Settings flash[:notice] = I18n.t('two_factor_authentication.recovery_codes_regenerated') render :index end + + private + + def set_body_classes + @body_classes = 'admin' + end end end end diff --git a/app/controllers/settings/two_factor_authentications_controller.rb b/app/controllers/settings/two_factor_authentications_controller.rb index 863cc7351..e4d8aed41 100644 --- a/app/controllers/settings/two_factor_authentications_controller.rb +++ b/app/controllers/settings/two_factor_authentications_controller.rb @@ -6,6 +6,7 @@ module Settings before_action :authenticate_user! before_action :verify_otp_required, only: [:create] + before_action :set_body_classes def show @confirmation = Form::TwoFactorConfirmation.new @@ -43,5 +44,9 @@ module Settings current_user.validate_and_consume_otp!(confirmation_params[:code]) || current_user.invalidate_otp_backup_code!(confirmation_params[:code]) end + + def set_body_classes + @body_classes = 'admin' + end end end -- cgit From d4cf963749d2f6bb8e47a670e8cc4819ff659f49 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 25 Oct 2018 18:12:22 +0200 Subject: Allow inbox owner to view implicitly targeted ActivityPub payload (#9093) Fix #9091 --- app/controllers/activitypub/inboxes_controller.rb | 2 +- app/lib/activitypub/activity/create.rb | 13 ++++++++++++- app/workers/activitypub/processing_worker.rb | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index af51e32d5..8f5e1887e 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -36,6 +36,6 @@ class ActivityPub::InboxesController < Api::BaseController end def process_payload - ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8')) + ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id) end end diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 7e6702a63..92cdf4578 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -81,11 +81,22 @@ class ActivityPub::Activity::Create < ActivityPub::Activity @mentions << Mention.new(account: account, silent: true) # If there is at least one silent mention, then the status can be considered - # as a limited-audience status, and not strictly a direct message + # as a limited-audience status, and not strictly a direct message, but only + # if we considered a direct message in the first place next unless @params[:visibility] == :direct @params[:visibility] = :limited end + + # If the payload was delivered to a specific inbox, the inbox owner must have + # access to it, unless they already have access to it anyway + return if @options[:delivered_to_account_id].nil? || @mentions.any? { mention.account_id == @options[:delivered_to_account_id] } + + @mentions << Mention.new(account_id: @options[:delivered_to_account_id], silent: true) + + return unless @param[:visibility] == :direct + + @params[:visibility] = :limited end def attach_tags(status) diff --git a/app/workers/activitypub/processing_worker.rb b/app/workers/activitypub/processing_worker.rb index 0e2e0eddd..a8a3ebf0f 100644 --- a/app/workers/activitypub/processing_worker.rb +++ b/app/workers/activitypub/processing_worker.rb @@ -5,7 +5,7 @@ class ActivityPub::ProcessingWorker sidekiq_options backtrace: true - def perform(account_id, body) - ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true) + def perform(account_id, body, delivered_to_account_id = nil) + ActivityPub::ProcessCollectionService.new.call(body, Account.find(account_id), override_timestamps: true, delivered_to_account_id: delivered_to_account_id) end end -- cgit