From 78fa926ed560e6a9738144bec7e152fa42104139 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 18 Aug 2018 03:03:12 +0200 Subject: Add remote interaction dialog for toots (#8202) * Add remote interaction dialog for toots * Change AuthorizeFollow into AuthorizeInteraction, support statuses * Update brakeman.ignore * Adjust how interaction buttons are display on public pages * Fix tests --- app/controllers/authorize_follows_controller.rb | 66 ---------------------- .../authorize_interactions_controller.rb | 66 ++++++++++++++++++++++ app/controllers/intents_controller.rb | 2 +- app/controllers/remote_follow_controller.rb | 1 + app/controllers/remote_interaction_controller.rb | 48 ++++++++++++++++ 5 files changed, 116 insertions(+), 67 deletions(-) delete mode 100644 app/controllers/authorize_follows_controller.rb create mode 100644 app/controllers/authorize_interactions_controller.rb create mode 100644 app/controllers/remote_interaction_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/authorize_follows_controller.rb b/app/controllers/authorize_follows_controller.rb deleted file mode 100644 index 775d5f23f..000000000 --- a/app/controllers/authorize_follows_controller.rb +++ /dev/null @@ -1,66 +0,0 @@ -# frozen_string_literal: true - -class AuthorizeFollowsController < ApplicationController - layout 'modal' - - before_action :authenticate_user! - before_action :set_body_classes - - def show - @account = located_account || render(:error) - end - - def create - @account = follow_attempt.try(:target_account) - - if @account.nil? - render :error - else - render :success - end - rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError - render :error - end - - private - - def follow_attempt - FollowService.new.call(current_account, acct_without_prefix) - end - - def located_account - if acct_param_is_url? - account_from_remote_fetch - else - account_from_remote_follow - end - end - - def account_from_remote_fetch - FetchRemoteAccountService.new.call(acct_without_prefix) - end - - def account_from_remote_follow - ResolveAccountService.new.call(acct_without_prefix) - end - - def acct_param_is_url? - parsed_uri.path && %w(http https).include?(parsed_uri.scheme) - end - - def parsed_uri - Addressable::URI.parse(acct_without_prefix).normalize - end - - def acct_without_prefix - acct_params.gsub(/\Aacct:/, '') - end - - def acct_params - params.fetch(:acct, '') - end - - def set_body_classes - @body_classes = 'modal-layout' - end -end diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb new file mode 100644 index 000000000..e27366ea3 --- /dev/null +++ b/app/controllers/authorize_interactions_controller.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +class AuthorizeInteractionsController < ApplicationController + include Authorization + + layout 'modal' + + before_action :authenticate_user! + before_action :set_body_classes + before_action :set_resource + + def show + if @resource.is_a?(Account) + render :show + elsif @resource.is_a?(Status) + redirect_to web_url("statuses/#{@resource.id}") + else + render :error + end + end + + def create + if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource) + render :success + else + render :error + end + rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError + render :error + end + + private + + def set_resource + @resource = located_resource || render(:error) + authorize(@resource, :show?) if @resource.is_a?(Status) + end + + def located_resource + if uri_param_is_url? + ResolveURLService.new.call(uri_param) + else + account_from_remote_follow + end + end + + def account_from_remote_follow + ResolveAccountService.new.call(uri_param) + end + + def uri_param_is_url? + parsed_uri.path && %w(http https).include?(parsed_uri.scheme) + end + + def parsed_uri + Addressable::URI.parse(uri_param).normalize + end + + def uri_param + params[:uri] || params.fetch(:acct, '').gsub(/\Aacct:/, '') + end + + def set_body_classes + @body_classes = 'modal-layout' + end +end diff --git a/app/controllers/intents_controller.rb b/app/controllers/intents_controller.rb index 56129d69a..9f41cf48a 100644 --- a/app/controllers/intents_controller.rb +++ b/app/controllers/intents_controller.rb @@ -8,7 +8,7 @@ class IntentsController < ApplicationController if uri.scheme == 'web+mastodon' case uri.host when 'follow' - return redirect_to authorize_follow_path(acct: uri.query_values['uri'].gsub(/\Aacct:/, '')) + return redirect_to authorize_interaction_path(uri: uri.query_values['uri'].gsub(/\Aacct:/, '')) when 'share' return redirect_to share_path(text: uri.query_values['text']) end diff --git a/app/controllers/remote_follow_controller.rb b/app/controllers/remote_follow_controller.rb index cd61fd763..8ba331cd1 100644 --- a/app/controllers/remote_follow_controller.rb +++ b/app/controllers/remote_follow_controller.rb @@ -42,5 +42,6 @@ class RemoteFollowController < ApplicationController def set_body_classes @body_classes = 'modal-layout' + @hide_header = true end end diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb new file mode 100644 index 000000000..6299a1e13 --- /dev/null +++ b/app/controllers/remote_interaction_controller.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +class RemoteInteractionController < ApplicationController + include Authorization + + layout 'modal' + + before_action :set_status + before_action :set_body_classes + + def new + @remote_follow = RemoteFollow.new(session_params) + end + + def create + @remote_follow = RemoteFollow.new(resource_params) + + if @remote_follow.valid? + session[:remote_follow] = @remote_follow.acct + redirect_to @remote_follow.interact_address_for(@status) + else + render :new + end + end + + private + + def resource_params + params.require(:remote_follow).permit(:acct) + end + + def session_params + { acct: session[:remote_follow] } + end + + def set_status + @status = Status.find(params[:id]) + authorize @status, :show? + rescue Mastodon::NotPermittedError + # Reraise in order to get a 404 + raise ActiveRecord::RecordNotFound + end + + def set_body_classes + @body_classes = 'modal-layout' + @hide_header = true + end +end -- cgit