about summary refs log tree commit diff
path: root/app/controllers/remote_interaction_controller.rb
blob: baffb84d64be0f37d3319ce3ed4720616f0ffc59 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# frozen_string_literal: true

class RemoteInteractionController < ApplicationController
  include Authorization

  layout 'modal'

  before_action :authenticate_user!, if: :whitelist_mode?
  before_action :set_interaction_type
  before_action :set_status
  before_action :set_body_classes
  before_action :set_pack

  skip_before_action :require_functional!

  def new
    raise Mastodon::NotPermittedError unless user_signed_in?

    case params[:type]
    when 'reblog'
      if current_account.statuses.where(reblog: @status).exists?
        status = current_account.statuses.find_by(reblog: @status)
        RemoveStatusService.new.call(status)
      else
        ReblogService.new.call(current_account, @status)
      end
    when 'favourite'
      if Favourite.where(account: current_account, status: @status).exists?
        UnfavouriteService.new.call(current_account, @status)
      else
        FavouriteService.new.call(current_account, @status, skip_authorize: true)
      end
    when 'follow'
      FollowService.new.call(current_account, @status.account)
    when 'unfollow'
      UnfollowService.new.call(current_account, @status.account)
    end

    redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey)
  end

  private

  def resource_params
    params.require(:remote_follow).permit(:acct)
  end

  def session_params
    { acct: session[:remote_follow] }
  end

  def set_status
    @status = Status.find(params[:id])
    @sharekey = params[:key]

    if @status.sharekey.present? && @sharekey == @status.sharekey.key
      skip_authorization
    else
      authorize @status, :show?
    end
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404
    raise ActiveRecord::RecordNotFound
  end

  def set_body_classes
    @body_classes = 'modal-layout'
    @hide_header  = true
  end

  def set_pack
    use_pack 'modal'
  end
end