From 2d2154ba75279186b064c887452b7d6ee70b8ba2 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 22 Dec 2016 21:34:19 +0100 Subject: [PATCH] Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users --- app/controllers/api_controller.rb | 4 ++++ app/controllers/settings/profiles_controller.rb | 5 +++-- app/lib/exceptions.rb | 6 ++++++ app/services/block_service.rb | 3 +++ app/services/follow_service.rb | 1 + app/views/settings/profiles/show.html.haml | 1 + config/application.rb | 2 ++ db/migrate/20161222201034_add_locked_to_accounts.rb | 5 +++++ db/schema.rb | 3 ++- 9 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 app/lib/exceptions.rb create mode 100644 db/migrate/20161222201034_add_locked_to_accounts.rb diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index d2d3bc4a4b..8f1c8ac8ad 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -30,6 +30,10 @@ class ApiController < ApplicationController render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 end + rescue_from Mastodon::NotPermitted do + render json: { error: 'This action is not allowed' }, status: 403 + end + def doorkeeper_unauthorized_render_options(error: nil) { json: { error: (error.try(:description) || 'Not authorized') } } end diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb index 9e8a7da8cf..4be5499586 100644 --- a/app/controllers/settings/profiles_controller.rb +++ b/app/controllers/settings/profiles_controller.rb @@ -1,12 +1,13 @@ # frozen_string_literal: true class Settings::ProfilesController < ApplicationController + include ObfuscateFilename + layout 'auth' before_action :authenticate_user! before_action :set_account - include ObfuscateFilename obfuscate_filename [:account, :avatar] obfuscate_filename [:account, :header] @@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController private def account_params - params.require(:account).permit(:display_name, :note, :avatar, :header) + params.require(:account).permit(:display_name, :note, :avatar, :header, :locked) end def set_account diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb new file mode 100644 index 0000000000..359228c297 --- /dev/null +++ b/app/lib/exceptions.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +module Mastodon + class Error < StandardError; end + class NotPermitted < Error; end +end diff --git a/app/services/block_service.rb b/app/services/block_service.rb index 6a032a5a1a..66146a72ab 100644 --- a/app/services/block_service.rb +++ b/app/services/block_service.rb @@ -5,7 +5,10 @@ class BlockService < BaseService return if account.id == target_account.id UnfollowService.new.call(account, target_account) if account.following?(target_account) + UnfollowService.new.call(target_account, account) if target_account.following?(account) + account.block!(target_account) + clear_timelines(account, target_account) clear_notifications(account, target_account) end diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index ed9b624552..02baa65536 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -8,6 +8,7 @@ class FollowService < BaseService target_account = follow_remote_account_service.call(uri) raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended? + raise Mastodon::NotPermitted if target_account.blocking?(source_account) follow = source_account.follow!(target_account) diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml index c2f1adb12e..a8ea9bbc4b 100644 --- a/app/views/settings/profiles/show.html.haml +++ b/app/views/settings/profiles/show.html.haml @@ -8,6 +8,7 @@ = f.input :note, placeholder: t('simple_form.labels.defaults.note') = f.input :avatar, wrapper: :with_label = f.input :header, wrapper: :with_label + = f.input :locked, as: :boolean, wrapper: :with_label .actions = f.button :button, t('generic.save_changes'), type: :submit diff --git a/config/application.rb b/config/application.rb index 427c0e2ba4..091f9c5350 100644 --- a/config/application.rb +++ b/config/application.rb @@ -2,6 +2,8 @@ require_relative 'boot' require 'rails/all' +require_relative '../app/lib/exceptions' + # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) diff --git a/db/migrate/20161222201034_add_locked_to_accounts.rb b/db/migrate/20161222201034_add_locked_to_accounts.rb new file mode 100644 index 0000000000..c246a90cef --- /dev/null +++ b/db/migrate/20161222201034_add_locked_to_accounts.rb @@ -0,0 +1,5 @@ +class AddLockedToAccounts < ActiveRecord::Migration[5.0] + def change + add_column :accounts, :locked, :boolean, null: false, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 7060998972..47e1b098d4 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161221152630) do +ActiveRecord::Schema.define(version: 20161222201034) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20161221152630) do t.datetime "subscription_expires_at" t.boolean "silenced", default: false, null: false t.boolean "suspended", default: false, null: false + t.boolean "locked", default: false, null: false t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree end