From 4e4b3a0c8e69a724e229f028896ce774ef26df3b Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 11 Sep 2020 20:56:35 +0200 Subject: Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports --- app/views/auth/registrations/_sessions.html.haml | 2 +- app/views/auth/registrations/edit.html.haml | 21 +++++++++++---------- .../oauth/authorized_applications/index.html.haml | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) (limited to 'app/views') diff --git a/app/views/auth/registrations/_sessions.html.haml b/app/views/auth/registrations/_sessions.html.haml index 395e36a9f..d3a04c00e 100644 --- a/app/views/auth/registrations/_sessions.html.haml +++ b/app/views/auth/registrations/_sessions.html.haml @@ -27,5 +27,5 @@ - else %time.time-ago{ datetime: session.updated_at.iso8601, title: l(session.updated_at) }= l(session.updated_at) %td - - if current_session.session_id != session.session_id + - if current_session.session_id != session.session_id && !current_account.suspended? = table_link_to 'times', t('sessions.revoke'), settings_session_path(session), method: :delete diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml index 4a46b27a9..a3445b421 100644 --- a/app/views/auth/registrations/edit.html.haml +++ b/app/views/auth/registrations/edit.html.haml @@ -30,18 +30,19 @@ = render 'sessions' -%hr.spacer/ +- unless current_account.suspended? + %hr.spacer/ -%h3= t('auth.migrate_account') -%p.muted-hint= t('auth.migrate_account_html', path: settings_migration_path) + %h3= t('auth.migrate_account') + %p.muted-hint= t('auth.migrate_account_html', path: settings_migration_path) -%hr.spacer/ + %hr.spacer/ -%h3= t('migrations.incoming_migrations') -%p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path) + %h3= t('migrations.incoming_migrations') + %p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path) -- if open_deletion? && !current_account.suspended? - %hr.spacer/ + - if open_deletion? + %hr.spacer/ - %h3= t('auth.delete_account') - %p.muted-hint= t('auth.delete_account_html', path: settings_delete_path) + %h3= t('auth.delete_account') + %p.muted-hint= t('auth.delete_account_html', path: settings_delete_path) diff --git a/app/views/oauth/authorized_applications/index.html.haml b/app/views/oauth/authorized_applications/index.html.haml index 7b77108a9..fbb733db4 100644 --- a/app/views/oauth/authorized_applications/index.html.haml +++ b/app/views/oauth/authorized_applications/index.html.haml @@ -20,5 +20,5 @@ %th!= application.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.join(', ') %td= l application.created_at %td - - unless application.superapp? + - unless application.superapp? || current_account.suspended? = table_link_to 'times', t('doorkeeper.authorized_applications.buttons.revoke'), oauth_authorized_application_path(application), method: :delete, data: { confirm: t('doorkeeper.authorized_applications.confirmations.revoke') } -- cgit