Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users

2016-12-22 21:34:19 +01:00
parent f91b6fa9e1
commit 2d2154ba75
9 changed files with 27 additions and 3 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -30,6 +30,10 @@ class ApiController < ApplicationController
    render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
  end

+  rescue_from Mastodon::NotPermitted do
+    render json: { error: 'This action is not allowed' }, status: 403
+  end
+
  def doorkeeper_unauthorized_render_options(error: nil)
    { json: { error: (error.try(:description) || 'Not authorized') } }
  end
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@ -1,12 +1,13 @@
 # frozen_string_literal: true

 class Settings::ProfilesController < ApplicationController
+  include ObfuscateFilename
+
  layout 'auth'

  before_action :authenticate_user!
  before_action :set_account

-  include ObfuscateFilename
  obfuscate_filename [:account, :avatar]
  obfuscate_filename [:account, :header]

@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController
  private

  def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header)
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked)
  end

  def set_account
--- a/app/lib/exceptions.rb
+++ b/app/lib/exceptions.rb
@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Mastodon
+  class Error < StandardError; end
+  class NotPermitted < Error; end
+end
--- a/app/services/block_service.rb
+++ b/app/services/block_service.rb
@ -5,7 +5,10 @@ class BlockService < BaseService
    return if account.id == target_account.id

    UnfollowService.new.call(account, target_account) if account.following?(target_account)
+    UnfollowService.new.call(target_account, account) if target_account.following?(account)
+
    account.block!(target_account)
+
    clear_timelines(account, target_account)
    clear_notifications(account, target_account)
  end
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@ -8,6 +8,7 @@ class FollowService < BaseService
    target_account = follow_remote_account_service.call(uri)

    raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
+    raise Mastodon::NotPermitted       if target_account.blocking?(source_account)

    follow = source_account.follow!(target_account)

--- a/app/views/settings/profiles/show.html.haml
+++ b/app/views/settings/profiles/show.html.haml
@ -8,6 +8,7 @@
  = f.input :note, placeholder: t('simple_form.labels.defaults.note')
  = f.input :avatar, wrapper: :with_label
  = f.input :header, wrapper: :with_label
+  = f.input :locked, as: :boolean, wrapper: :with_label

  .actions
    = f.button :button, t('generic.save_changes'), type: :submit