Commit 2d2154ba authored by Eugen Rochko's avatar Eugen Rochko

Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users

parent f91b6fa9
......@@ -30,6 +30,10 @@ class ApiController < ApplicationController
render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
end
rescue_from Mastodon::NotPermitted do
render json: { error: 'This action is not allowed' }, status: 403
end
def doorkeeper_unauthorized_render_options(error: nil)
{ json: { error: (error.try(:description) || 'Not authorized') } }
end
......
# frozen_string_literal: true
class Settings::ProfilesController < ApplicationController
include ObfuscateFilename
layout 'auth'
before_action :authenticate_user!
before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
......@@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController
private
def account_params
params.require(:account).permit(:display_name, :note, :avatar, :header)
params.require(:account).permit(:display_name, :note, :avatar, :header, :locked)
end
def set_account
......
# frozen_string_literal: true
module Mastodon
class Error < StandardError; end
class NotPermitted < Error; end
end
......@@ -5,7 +5,10 @@ class BlockService < BaseService
return if account.id == target_account.id
UnfollowService.new.call(account, target_account) if account.following?(target_account)
UnfollowService.new.call(target_account, account) if target_account.following?(account)
account.block!(target_account)
clear_timelines(account, target_account)
clear_notifications(account, target_account)
end
......
......@@ -8,6 +8,7 @@ class FollowService < BaseService
target_account = follow_remote_account_service.call(uri)
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
raise Mastodon::NotPermitted if target_account.blocking?(source_account)
follow = source_account.follow!(target_account)
......
......@@ -8,6 +8,7 @@
= f.input :note, placeholder: t('simple_form.labels.defaults.note')
= f.input :avatar, wrapper: :with_label
= f.input :header, wrapper: :with_label
= f.input :locked, as: :boolean, wrapper: :with_label
.actions
= f.button :button, t('generic.save_changes'), type: :submit
......
......@@ -2,6 +2,8 @@ require_relative 'boot'
require 'rails/all'
require_relative '../app/lib/exceptions'
# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)
......
class AddLockedToAccounts < ActiveRecord::Migration[5.0]
def change
add_column :accounts, :locked, :boolean, null: false, default: false
end
end
......@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20161221152630) do
ActiveRecord::Schema.define(version: 20161222201034) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
......@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20161221152630) do
t.datetime "subscription_expires_at"
t.boolean "silenced", default: false, null: false
t.boolean "suspended", default: false, null: false
t.boolean "locked", default: false, null: false
t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment