From b891a81008d2cf595cb37432a8e1f36606db16d6 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 22 Dec 2016 23:03:57 +0100 Subject: Follow call on locked account creates follow request instead Reflect "requested" relationship in API and UI Reflect inability of private posts to be reblogged in the UI Disable Webfinger for locked accounts --- app/controllers/api/v1/accounts_controller.rb | 3 +++ app/controllers/stream_entries_controller.rb | 4 +++- app/controllers/xrd_controller.rb | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index de53a9602..05ff806c5 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -84,10 +84,12 @@ class Api::V1::AccountsController < ApiController def relationships ids = params[:id].is_a?(Enumerable) ? params[:id].map(&:to_i) : [params[:id].to_i] + @accounts = Account.where(id: ids).select('id') @following = Account.following_map(ids, current_user.account_id) @followed_by = Account.followed_by_map(ids, current_user.account_id) @blocking = Account.blocking_map(ids, current_user.account_id) + @requested = Account.requested_map(ids, current_user.account_id) end def search @@ -109,5 +111,6 @@ class Api::V1::AccountsController < ApiController @following = Account.following_map([@account.id], current_user.account_id) @followed_by = Account.followed_by_map([@account.id], current_user.account_id) @blocking = Account.blocking_map([@account.id], current_user.account_id) + @requested = Account.requested_map([@account.id], current_user.account_id) end end diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index 438d51a84..3f60bb0c4 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -43,8 +43,10 @@ class StreamEntriesController < ApplicationController end def set_stream_entry - @stream_entry = @account.stream_entries.where(hidden: false).find(params[:id]) + @stream_entry = @account.stream_entries.find(params[:id]) @type = @stream_entry.activity_type.downcase + + raise ActiveRecord::RecordNotFound if @stream_entry.hidden? && (@stream_entry.activity_type != 'Status' || (@stream_entry.activity_type == 'Status' && !@stream_entry.activity.permitted?(current_account))) end def check_account_suspension diff --git a/app/controllers/xrd_controller.rb b/app/controllers/xrd_controller.rb index 9e0277860..c3c38063c 100644 --- a/app/controllers/xrd_controller.rb +++ b/app/controllers/xrd_controller.rb @@ -13,7 +13,7 @@ class XrdController < ApplicationController end def webfinger - @account = Account.find_local!(username_from_resource) + @account = Account.where(locked: false).find_local!(username_from_resource) @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}" @magic_key = pem_to_magic_key(@account.keypair.public_key) -- cgit