From 976cd6413e9b2a1531a2ad17945342deaeec538c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:04:16 +0200 Subject: Fix moderator leak in undo_mark_statuses_as_sensitive (#18525) Signed-off-by: Eugen Rochko Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com> --- app/services/approve_appeal_service.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/approve_appeal_service.rb b/app/services/approve_appeal_service.rb index 37a08b46e..96aaaa7d0 100644 --- a/app/services/approve_appeal_service.rb +++ b/app/services/approve_appeal_service.rb @@ -52,8 +52,9 @@ class ApproveAppealService < BaseService end def undo_mark_statuses_as_sensitive! + representative_account = Account.representative @strike.statuses.includes(:media_attachments).each do |status| - UpdateStatusService.new.call(status, @current_account.id, sensitive: false) if status.with_media? + UpdateStatusService.new.call(status, representative_account.id, sensitive: false) if status.with_media? end end -- cgit From 1ff4877945e18820f3e518a1cfbac243da65e1a5 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:06:10 +0200 Subject: Fix empty votes arbitrarily increasing voters count in polls (#18526) --- app/services/vote_service.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/services') diff --git a/app/services/vote_service.rb b/app/services/vote_service.rb index ccd04dbfc..114ec285c 100644 --- a/app/services/vote_service.rb +++ b/app/services/vote_service.rb @@ -7,6 +7,8 @@ class VoteService < BaseService include Lockable def call(account, poll, choices) + return if choices.empty? + authorize_with account, poll, :vote? @account = account -- cgit From c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:08:02 +0200 Subject: Fix being able to report otherwise inaccessible statuses (#18528) --- app/models/admin/status_batch_action.rb | 6 +++++- app/services/report_service.rb | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'app/services') diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index 631af183c..7bf6fa6da 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -103,7 +103,7 @@ class Admin::StatusBatchAction def handle_report! @report = Report.new(report_params) unless with_report? - @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq + @report.status_ids = (@report.status_ids + allowed_status_ids).uniq @report.save! @report_id = @report.id @@ -135,4 +135,8 @@ class Admin::StatusBatchAction def report_params { account: current_account, target_account: target_account } end + + def allowed_status_ids + AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id) + end end diff --git a/app/services/report_service.rb b/app/services/report_service.rb index 9d784c341..d251bb33f 100644 --- a/app/services/report_service.rb +++ b/app/services/report_service.rb @@ -57,7 +57,7 @@ class ReportService < BaseService end def reported_status_ids - @target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id) + AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id) end def payload -- cgit From 8a9acbe604667215c9589154d72b3f313755c210 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:08:12 +0200 Subject: Fix being able to appeal a strike unlimited times (#18529) Peculiarity of the `has_one` association is that the convenience creation method deletes the previous association even if the new one is invalid --- app/services/appeal_service.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/appeal_service.rb b/app/services/appeal_service.rb index 1397c50f5..cef9be05f 100644 --- a/app/services/appeal_service.rb +++ b/app/services/appeal_service.rb @@ -14,7 +14,8 @@ class AppealService < BaseService private def create_appeal! - @appeal = @strike.create_appeal!( + @appeal = Appeal.create!( + strike: @strike, text: @text, account: @strike.target_account ) -- cgit From 52f4e834f293c9fdbf5805639d022ac4e3856b75 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:14:47 +0200 Subject: Fix concurrent unfollowing decrementing follower count more than once (#18527) --- app/services/unfollow_service.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/unfollow_service.rb b/app/services/unfollow_service.rb index 151f3674f..d83a60e4e 100644 --- a/app/services/unfollow_service.rb +++ b/app/services/unfollow_service.rb @@ -2,6 +2,8 @@ class UnfollowService < BaseService include Payloadable + include Redisable + include Lockable # Unfollow and notify the remote user # @param [Account] source_account Where to unfollow from @@ -13,7 +15,9 @@ class UnfollowService < BaseService @target_account = target_account @options = options - unfollow! || undo_follow_request! + with_lock("relationship:#{[source_account.id, target_account.id].sort.join(':')}") do + unfollow! || undo_follow_request! + end end private -- cgit