From f406e01fcf7d69045cf3ad8ea8dea51acd85535b Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 6 Dec 2016 18:03:30 +0100 Subject: Add filters for suspended accounts --- app/controllers/accounts_controller.rb | 6 ++++++ app/controllers/application_controller.rb | 5 +++++ app/controllers/settings/preferences_controller.rb | 3 +-- app/controllers/settings/profiles_controller.rb | 3 +-- app/controllers/stream_entries_controller.rb | 5 +++++ 5 files changed, 18 insertions(+), 4 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 46231dd97..57f25a273 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -5,6 +5,8 @@ class AccountsController < ApplicationController before_action :set_account before_action :set_link_headers + before_action :authenticate_user!, only: [:follow, :unfollow] + before_action :check_account_suspension def show respond_to do |format| @@ -50,4 +52,8 @@ class AccountsController < ApplicationController def webfinger_account_url webfinger_url(resource: "acct:#{@account.acct}@#{Rails.configuration.x.local_domain}") end + + def check_account_suspension + head 410 if @account.suspended? + end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7270686de..e2d879d58 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -15,6 +15,7 @@ class ApplicationController < ActionController::Base before_action :store_current_location, except: :raise_not_found, unless: :devise_controller? before_action :set_locale before_action :set_user_activity + before_action :check_suspension, if: :user_signed_in? def raise_not_found raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}" @@ -40,6 +41,10 @@ class ApplicationController < ActionController::Base current_user.touch(:current_sign_in_at) if !current_user.nil? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < 24.hours.ago) end + def check_suspension + head 403 if current_user.account.suspended? + end + protected def not_found diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index cacc03b65..692cf95ac 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -5,8 +5,7 @@ class Settings::PreferencesController < ApplicationController before_action :authenticate_user! - def show - end + def show; end def update current_user.settings(:notification_emails).follow = user_params[:notification_emails][:follow] == '1' diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index 0276f5fed..9e8a7da8c 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -10,8 +10,7 @@ class Settings::ProfilesController < ApplicationController obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :header] - def show - end + def show; end def update if @account.update(account_params) diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index caab1237d..98d029030 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -6,6 +6,7 @@ class StreamEntriesController < ApplicationController before_action :set_account before_action :set_stream_entry before_action :set_link_headers + before_action :check_account_suspension def show @type = @stream_entry.activity_type.downcase @@ -37,4 +38,8 @@ class StreamEntriesController < ApplicationController def set_stream_entry @stream_entry = @account.stream_entries.find(params[:id]) end + + def check_account_suspension + head 410 if @account.suspended? + end end -- cgit