Kay Faraday 1 week ago
parent
commit
f7de445e44
  1. 12
      .env.production.sample
  2. 4
      .rubocop.yml
  3. 6
      Gemfile
  4. 20
      Gemfile.lock
  5. 4
      app/controllers/admin/account_actions_controller.rb
  6. 2
      app/controllers/admin/accounts_controller.rb
  7. 5
      app/controllers/admin/action_logs_controller.rb
  8. 2
      app/controllers/admin/base_controller.rb
  9. 2
      app/controllers/admin/custom_emojis_controller.rb
  10. 4
      app/controllers/admin/dashboard_controller.rb
  11. 1
      app/controllers/admin/domain_blocks_controller.rb
  12. 2
      app/controllers/admin/email_domain_blocks_controller.rb
  13. 2
      app/controllers/admin/follow_recommendations_controller.rb
  14. 2
      app/controllers/admin/ip_blocks_controller.rb
  15. 2
      app/controllers/admin/relationships_controller.rb
  16. 65
      app/controllers/admin/roles_controller.rb
  17. 2
      app/controllers/admin/statuses_controller.rb
  18. 20
      app/controllers/admin/subscriptions_controller.rb
  19. 4
      app/controllers/admin/tags_controller.rb
  20. 4
      app/controllers/admin/trends/links/preview_card_providers_controller.rb
  21. 4
      app/controllers/admin/trends/links_controller.rb
  22. 4
      app/controllers/admin/trends/statuses_controller.rb
  23. 4
      app/controllers/admin/trends/tags_controller.rb
  24. 33
      app/controllers/admin/users/roles_controller.rb
  25. 2
      app/controllers/admin/users/two_factor_authentications_controller.rb
  26. 7
      app/controllers/api/v1/admin/account_actions_controller.rb
  27. 6
      app/controllers/api/v1/admin/accounts_controller.rb
  28. 6
      app/controllers/api/v1/admin/dimensions_controller.rb
  29. 2
      app/controllers/api/v1/admin/domain_allows_controller.rb
  30. 2
      app/controllers/api/v1/admin/domain_blocks_controller.rb
  31. 6
      app/controllers/api/v1/admin/measures_controller.rb
  32. 2
      app/controllers/api/v1/admin/reports_controller.rb
  33. 6
      app/controllers/api/v1/admin/retention_controller.rb
  34. 20
      app/controllers/api/v1/admin/trends/links_controller.rb
  35. 20
      app/controllers/api/v1/admin/trends/statuses_controller.rb
  36. 20
      app/controllers/api/v1/admin/trends/tags_controller.rb
  37. 2
      app/controllers/api/v1/featured_tags/suggestions_controller.rb
  38. 4
      app/controllers/api/v1/featured_tags_controller.rb
  39. 52
      app/controllers/api/v1/followed_tags_controller.rb
  40. 30
      app/controllers/api/v1/tags_controller.rb
  41. 10
      app/controllers/api/v1/trends/links_controller.rb
  42. 10
      app/controllers/api/v1/trends/statuses_controller.rb
  43. 14
      app/controllers/api/v1/trends/tags_controller.rb
  44. 13
      app/controllers/api/v2/admin/accounts_controller.rb
  45. 8
      app/controllers/application_controller.rb
  46. 2
      app/controllers/custom_css_controller.rb
  47. 1
      app/controllers/settings/featured_tags_controller.rb
  48. 14
      app/helpers/accounts_helper.rb
  49. 2
      app/javascript/flavours/glitch/actions/importer/index.js
  50. 5
      app/javascript/flavours/glitch/actions/importer/normalizer.js
  51. 34
      app/javascript/flavours/glitch/actions/statuses.js
  52. 18
      app/javascript/flavours/glitch/components/hashtag.js
  53. 109
      app/javascript/flavours/glitch/components/status.js
  54. 6
      app/javascript/flavours/glitch/components/status_action_bar.js
  55. 6
      app/javascript/flavours/glitch/components/status_content.js
  56. 1
      app/javascript/flavours/glitch/containers/mastodon.js
  57. 17
      app/javascript/flavours/glitch/containers/status_container.js
  58. 9
      app/javascript/flavours/glitch/features/account/components/header.js
  59. 5
      app/javascript/flavours/glitch/features/direct_timeline/components/conversation.js
  60. 1
      app/javascript/flavours/glitch/features/direct_timeline/containers/conversation_container.js
  61. 75
      app/javascript/flavours/glitch/features/local_settings/page/index.js
  62. 10
      app/javascript/flavours/glitch/features/notifications/components/column_settings.js
  63. 6
      app/javascript/flavours/glitch/features/status/components/action_bar.js
  64. 26
      app/javascript/flavours/glitch/features/status/components/detailed_status.js
  65. 46
      app/javascript/flavours/glitch/features/status/index.js
  66. 26
      app/javascript/flavours/glitch/features/ui/components/image_loader.js
  67. 9
      app/javascript/flavours/glitch/features/ui/components/link_footer.js
  68. 3
      app/javascript/flavours/glitch/permissions.js
  69. 4
      app/javascript/flavours/glitch/reducers/local_settings.js
  70. 3
      app/javascript/flavours/glitch/reducers/meta.js
  71. 21
      app/javascript/flavours/glitch/reducers/statuses.js
  72. 6
      app/javascript/flavours/glitch/styles/accounts.scss
  73. 15
      app/javascript/flavours/glitch/styles/admin.scss
  74. 2
      app/javascript/flavours/glitch/styles/components/composer.scss
  75. 6
      app/javascript/flavours/glitch/styles/components/index.scss
  76. 7
      app/javascript/flavours/glitch/styles/components/search.scss
  77. 4
      app/javascript/flavours/glitch/styles/forms.scss
  78. 33
      app/javascript/flavours/glitch/util/content_warning.js
  79. 2
      app/javascript/flavours/glitch/util/initial_state.js
  80. 15
      app/javascript/mastodon/actions/compose.js
  81. 18
      app/javascript/mastodon/components/hashtag.js
  82. 6
      app/javascript/mastodon/components/status_action_bar.js
  83. 1
      app/javascript/mastodon/containers/mastodon.js
  84. 9
      app/javascript/mastodon/features/account/components/header.js
  85. 10
      app/javascript/mastodon/features/notifications/components/column_settings.js
  86. 6
      app/javascript/mastodon/features/status/components/action_bar.js
  87. 26
      app/javascript/mastodon/features/ui/components/image_loader.js
  88. 9
      app/javascript/mastodon/features/ui/components/link_footer.js
  89. 2
      app/javascript/mastodon/initial_state.js
  90. 9
      app/javascript/mastodon/locales/af.json
  91. 9
      app/javascript/mastodon/locales/ar.json
  92. 21
      app/javascript/mastodon/locales/ast.json
  93. 9
      app/javascript/mastodon/locales/bg.json
  94. 9
      app/javascript/mastodon/locales/bn.json
  95. 9
      app/javascript/mastodon/locales/br.json
  96. 9
      app/javascript/mastodon/locales/ca.json
  97. 9
      app/javascript/mastodon/locales/ckb.json
  98. 9
      app/javascript/mastodon/locales/co.json
  99. 9
      app/javascript/mastodon/locales/cs.json
  100. 19
      app/javascript/mastodon/locales/cy.json
  101. Some files were not shown because too many files have changed in this diff Show More

12
.env.production.sample

@ -283,8 +283,8 @@ MAX_POLL_OPTION_CHARS=100
# If undefined or smaller than MAX_EMOJI_SIZE, the value
# of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE
# Units are in bytes
MAX_EMOJI_SIZE=51200
MAX_REMOTE_EMOJI_SIZE=204800
# MAX_EMOJI_SIZE=262144
# MAX_REMOTE_EMOJI_SIZE=262144
# Search all visible toots
# (Normally searches only a user's own toots, favs, bookmarks, and mentions)
@ -304,3 +304,11 @@ MAX_REMOTE_EMOJI_SIZE=204800
# Optional hCaptcha support
# HCAPTCHA_SECRET_KEY=
# HCAPTCHA_SITE_KEY=
# IP and session retention
# -----------------------
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
# -----------------------
IP_RETENTION_PERIOD=31556952
SESSION_RETENTION_PERIOD=31556952

4
.rubocop.yml

@ -67,7 +67,7 @@ Lint/UselessAccessModifier:
- class_methods
Metrics/AbcSize:
Max: 100
Max: 115
Exclude:
- 'lib/mastodon/*_cli.rb'
@ -84,7 +84,7 @@ Metrics/BlockNesting:
Metrics/ClassLength:
CountComments: false
Max: 400
Max: 500
Exclude:
- 'lib/mastodon/*_cli.rb'

6
Gemfile

@ -10,7 +10,7 @@ gem 'puma', '~> 5.6'
gem 'rails', '~> 6.1.6'
gem 'sprockets', '~> 3.7.2'
gem 'thor', '~> 1.2'
gem 'rack', '~> 2.2.3'
gem 'rack', '~> 2.2.4'
gem 'hamlit-rails', '~> 0.2'
gem 'pg', '~> 1.4'
@ -40,7 +40,7 @@ end
gem 'net-ldap', '~> 0.17'
gem 'omniauth-cas', '~> 2.0'
gem 'omniauth-saml', '~> 1.10'
gem 'gitlab-omniauth-openid-connect', '~>0.9.1', require: 'omniauth_openid_connect'
gem 'gitlab-omniauth-openid-connect', '~>0.10.0', require: 'omniauth_openid_connect'
gem 'omniauth', '~> 1.9'
gem 'omniauth-rails_csrf_protection', '~> 0.1'
@ -78,7 +78,7 @@ gem 'rqrcode', '~> 2.1'
gem 'ruby-progressbar', '~> 1.11'
gem 'sanitize', '~> 6.0'
gem 'scenic', '~> 1.6'
gem 'sidekiq', '~> 6.4'
gem 'sidekiq', '~> 6.5'
gem 'sidekiq-scheduler', '~> 4.0'
gem 'sidekiq-unique-jobs', '~> 7.1'
gem 'sidekiq-bulk', '~> 0.2.0'

20
Gemfile.lock

@ -270,9 +270,9 @@ GEM
fuubar (2.5.1)
rspec-core (~> 3.0)
ruby-progressbar (~> 1.4)
gitlab-omniauth-openid-connect (0.9.1)
gitlab-omniauth-openid-connect (0.10.0)
addressable (~> 2.7)
omniauth (~> 1.9)
omniauth (>= 1.9, < 3)
openid_connect (~> 1.2)
globalid (1.0.0)
activesupport (>= 5.0)
@ -407,7 +407,7 @@ GEM
net-ssh (>= 2.6.5, < 7.0.0)
net-ssh (6.1.0)
nio4r (2.5.8)
nokogiri (1.13.6)
nokogiri (1.13.7)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
nsa (0.2.8)
@ -415,7 +415,7 @@ GEM
concurrent-ruby (~> 1.0, >= 1.0.2)
sidekiq (>= 3.5)
statsd-ruby (~> 1.4, >= 1.4.0)
oj (3.13.14)
oj (3.13.17)
omniauth (1.9.1)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
@ -477,7 +477,7 @@ GEM
activesupport (>= 3.0.0)
raabro (1.4.0)
racc (1.6.0)
rack (2.2.3.1)
rack (2.2.4)
rack-attack (6.6.1)
rack (>= 1.0, < 3)
rack-cors (1.1.1)
@ -604,7 +604,7 @@ GEM
railties (>= 4.0.0)
securecompare (1.0.0)
semantic_range (3.0.0)
sidekiq (6.4.2)
sidekiq (6.5.1)
connection_pool (>= 2.2.2)
rack (~> 2.0)
redis (>= 4.2.0)
@ -686,7 +686,7 @@ GEM
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
validate_url (1.0.13)
validate_url (1.0.15)
activemodel (>= 3.0.0)
public_suffix
warden (1.2.9)
@ -768,7 +768,7 @@ DEPENDENCIES
fog-core (<= 2.1.0)
fog-openstack (~> 0.3)
fuubar (~> 2.5)
gitlab-omniauth-openid-connect (~> 0.9.1)
gitlab-omniauth-openid-connect (~> 0.10.0)
hamlit-rails (~> 0.2)
hcaptcha (~> 7.1)
hiredis (~> 0.6)
@ -811,7 +811,7 @@ DEPENDENCIES
pry-rails (~> 0.3)
puma (~> 5.6)
pundit (~> 2.2)
rack (~> 2.2.3)
rack (~> 2.2.4)
rack-attack (~> 6.6)
rack-cors (~> 1.1)
rails (~> 6.1.6)
@ -832,7 +832,7 @@ DEPENDENCIES
ruby-progressbar (~> 1.11)
sanitize (~> 6.0)
scenic (~> 1.6)
sidekiq (~> 6.4)
sidekiq (~> 6.5)
sidekiq-bulk (~> 0.2.0)
sidekiq-scheduler (~> 4.0)
sidekiq-unique-jobs (~> 7.1)

4
app/controllers/admin/account_actions_controller.rb

@ -5,11 +5,15 @@ module Admin
before_action :set_account
def new
authorize @account, :show?
@account_action = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true, include_statuses: true)
@warning_presets = AccountWarningPreset.all
end
def create
authorize @account, :show?
account_action = Admin::AccountAction.new(resource_params)
account_action.target_account = @account
account_action.current_account = current_account

2
app/controllers/admin/accounts_controller.rb

@ -14,6 +14,8 @@ module Admin
end
def batch
authorize :account, :index?
@form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

5
app/controllers/admin/action_logs_controller.rb

@ -4,7 +4,10 @@ module Admin
class ActionLogsController < BaseController
before_action :set_action_logs
def index; end
def index
authorize :audit_log, :index?
@auditable_accounts = Account.where(id: Admin::ActionLog.reorder(nil).select('distinct account_id')).select(:id, :username)
end
private

2
app/controllers/admin/base_controller.rb

@ -7,9 +7,9 @@ module Admin
layout 'admin'
before_action :require_staff!
before_action :set_pack
before_action :set_body_classes
after_action :verify_authorized
private

2
app/controllers/admin/custom_emojis_controller.rb

@ -29,6 +29,8 @@ module Admin
end
def batch
authorize :custom_emoji, :index?
@form = Form::CustomEmojiBatch.new(form_custom_emoji_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

4
app/controllers/admin/dashboard_controller.rb

@ -5,7 +5,9 @@ module Admin
include Redisable
def index
@system_checks = Admin::SystemCheck.perform
authorize :dashboard, :index?
@system_checks = Admin::SystemCheck.perform(current_user)
@time_period = (29.days.ago.to_date...Time.now.utc.to_date)
@pending_users_count = User.pending.count
@pending_reports_count = Report.unresolved.count

1
app/controllers/admin/domain_blocks_controller.rb

@ -5,6 +5,7 @@ module Admin
before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
def batch
authorize :domain_block, :create?
@form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

2
app/controllers/admin/email_domain_blocks_controller.rb

@ -12,6 +12,8 @@ module Admin
end
def batch
authorize :email_domain_block, :index?
@form = Form::EmailDomainBlockBatch.new(form_email_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

2
app/controllers/admin/follow_recommendations_controller.rb

@ -12,6 +12,8 @@ module Admin
end
def update
authorize :follow_recommendation, :show?
@form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

2
app/controllers/admin/ip_blocks_controller.rb

@ -29,6 +29,8 @@ module Admin
end
def batch
authorize :ip_block, :index?
@form = Form::IpBlockBatch.new(form_ip_block_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

2
app/controllers/admin/relationships_controller.rb

@ -7,7 +7,7 @@ module Admin
PER_PAGE = 40
def index
authorize :account, :index?
authorize @account, :show?
@accounts = RelationshipFilter.new(@account, filter_params).results.includes(:account_stat, user: [:ips, :invite_request]).page(params[:page]).per(PER_PAGE)
@form = Form::AccountBatch.new

65
app/controllers/admin/roles_controller.rb

@ -2,20 +2,63 @@
module Admin
class RolesController < BaseController
before_action :set_user
before_action :set_role, except: [:index, :new, :create]
def promote
authorize @user, :promote?
@user.promote!
log_action :promote, @user
redirect_to admin_account_path(@user.account_id)
def index
authorize :user_role, :index?
@roles = UserRole.order(position: :desc).page(params[:page])
end
def new
authorize :user_role, :create?
@role = UserRole.new
end
def create
authorize :user_role, :create?
@role = UserRole.new(resource_params)
@role.current_account = current_account
if @role.save
redirect_to admin_roles_path
else
render :new
end
end
def edit
authorize @role, :update?
end
def update
authorize @role, :update?
@role.current_account = current_account
if @role.update(resource_params)
redirect_to admin_roles_path
else
render :edit
end
end
def destroy
authorize @role, :destroy?
@role.destroy!
redirect_to admin_roles_path
end
private
def set_role
@role = UserRole.find(params[:id])
end
def demote
authorize @user, :demote?
@user.demote!
log_action :demote, @user
redirect_to admin_account_path(@user.account_id)
def resource_params
params.require(:user_role).permit(:name, :color, :highlighted, :position, permissions_as_keys: [])
end
end
end

2
app/controllers/admin/statuses_controller.rb

@ -14,6 +14,8 @@ module Admin
end
def batch
authorize :status, :index?
@status_batch_action = Admin::StatusBatchAction.new(admin_status_batch_action_params.merge(current_account: current_account, report_id: params[:report_id], type: action_from_button))
@status_batch_action.save!
rescue ActionController::ParameterMissing

20
app/controllers/admin/subscriptions_controller.rb

@ -1,20 +0,0 @@
# frozen_string_literal: true
module Admin
class SubscriptionsController < BaseController
def index
authorize :subscription, :index?
@subscriptions = ordered_subscriptions.page(requested_page)
end
private
def ordered_subscriptions
Subscription.order(id: :desc).includes(:account)
end
def requested_page
params[:page].to_i
end
end
end

4
app/controllers/admin/tags_controller.rb

@ -16,6 +16,8 @@ module Admin
if @tag.update(tag_params.merge(reviewed_at: Time.now.utc))
redirect_to admin_tag_path(@tag.id), notice: I18n.t('admin.tags.updated_msg')
else
@time_period = (6.days.ago.to_date...Time.now.utc.to_date)
render :show
end
end
@ -27,7 +29,7 @@ module Admin
end
def tag_params
params.require(:tag).permit(:name, :trendable, :usable, :listable)
params.require(:tag).permit(:name, :display_name, :trendable, :usable, :listable)
end
end
end

4
app/controllers/admin/trends/links/preview_card_providers_controller.rb

@ -2,13 +2,15 @@
class Admin::Trends::Links::PreviewCardProvidersController < Admin::BaseController
def index
authorize :preview_card_provider, :index?
authorize :preview_card_provider, :review?
@preview_card_providers = filtered_preview_card_providers.page(params[:page])
@form = Trends::PreviewCardProviderBatch.new
end
def batch
authorize :preview_card_provider, :review?
@form = Trends::PreviewCardProviderBatch.new(trends_preview_card_provider_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

4
app/controllers/admin/trends/links_controller.rb

@ -2,13 +2,15 @@
class Admin::Trends::LinksController < Admin::BaseController
def index
authorize :preview_card, :index?
authorize :preview_card, :review?
@preview_cards = filtered_preview_cards.page(params[:page])
@form = Trends::PreviewCardBatch.new
end
def batch
authorize :preview_card, :review?
@form = Trends::PreviewCardBatch.new(trends_preview_card_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

4
app/controllers/admin/trends/statuses_controller.rb

@ -2,13 +2,15 @@
class Admin::Trends::StatusesController < Admin::BaseController
def index
authorize :status, :index?
authorize :status, :review?
@statuses = filtered_statuses.page(params[:page])
@form = Trends::StatusBatch.new
end
def batch
authorize :status, :review?
@form = Trends::StatusBatch.new(trends_status_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

4
app/controllers/admin/trends/tags_controller.rb

@ -2,13 +2,15 @@
class Admin::Trends::TagsController < Admin::BaseController
def index
authorize :tag, :index?
authorize :tag, :review?
@tags = filtered_tags.page(params[:page])
@form = Trends::TagBatch.new
end
def batch
authorize :tag, :review?
@form = Trends::TagBatch.new(trends_tag_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing

33
app/controllers/admin/users/roles_controller.rb

@ -0,0 +1,33 @@
# frozen_string_literal: true
module Admin
class Users::RolesController < BaseController
before_action :set_user
def show
authorize @user, :change_role?
end
def update
authorize @user, :change_role?
@user.current_account = current_account
if @user.update(resource_params)
redirect_to admin_account_path(@user.account_id), notice: I18n.t('admin.accounts.change_role.changed_msg')
else
render :show
end
end
private
def set_user
@user = User.find(params[:user_id])
end
def resource_params
params.require(:user).permit(:role_id)
end
end
end

2
app/controllers/admin/two_factor_authentications_controller.rb → app/controllers/admin/users/two_factor_authentications_controller.rb

@ -1,7 +1,7 @@
# frozen_string_literal: true
module Admin
class TwoFactorAuthenticationsController < BaseController
class Users::TwoFactorAuthenticationsController < BaseController
before_action :set_target_user
def destroy

7
app/controllers/api/v1/admin/account_actions_controller.rb

@ -1,11 +1,16 @@
# frozen_string_literal: true
class Api::V1::Admin::AccountActionsController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
before_action :require_staff!
before_action :set_account
after_action :verify_authorized
def create
authorize @account, :show?
account_action = Admin::AccountAction.new(resource_params)
account_action.target_account = @account
account_action.current_account = current_account

6
app/controllers/api/v1/admin/accounts_controller.rb

@ -8,11 +8,11 @@ class Api::V1::Admin::AccountsController < Api::BaseController
before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
before_action :require_staff!
before_action :set_accounts, only: :index
before_action :set_account, except: :index
before_action :require_local_account!, only: [:enable, :approve, :reject]
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
FILTER_PARAMS = %i(
@ -119,7 +119,9 @@ class Api::V1::Admin::AccountsController < Api::BaseController
translated_params[:status] = status.to_s if params[status].present?
end
translated_params[:permissions] = 'staff' if params[:staff].present?
if params[:staff].present?
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id)
end
translated_params
end

6
app/controllers/api/v1/admin/dimensions_controller.rb

@ -1,11 +1,15 @@
# frozen_string_literal: true
class Api::V1::Admin::DimensionsController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_dimensions
after_action :verify_authorized
def create
authorize :dashboard, :index?
render json: @dimensions, each_serializer: REST::Admin::DimensionSerializer
end

2
app/controllers/api/v1/admin/domain_allows_controller.rb

@ -8,10 +8,10 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:domain_allows' }, only: [:index, :show]
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:domain_allows' }, except: [:index, :show]
before_action :require_staff!
before_action :set_domain_allows, only: :index
before_action :set_domain_allow, only: [:show, :destroy]
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
PAGINATION_PARAMS = %i(limit).freeze

2
app/controllers/api/v1/admin/domain_blocks_controller.rb

@ -8,10 +8,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:domain_blocks' }, only: [:index, :show]
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:domain_blocks' }, except: [:index, :show]
before_action :require_staff!
before_action :set_domain_blocks, only: :index
before_action :set_domain_block, only: [:show, :update, :destroy]
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
PAGINATION_PARAMS = %i(limit).freeze

6
app/controllers/api/v1/admin/measures_controller.rb

@ -1,11 +1,15 @@
# frozen_string_literal: true
class Api::V1::Admin::MeasuresController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_measures
after_action :verify_authorized
def create
authorize :dashboard, :index?
render json: @measures, each_serializer: REST::Admin::MeasureSerializer
end

2
app/controllers/api/v1/admin/reports_controller.rb

@ -8,10 +8,10 @@ class Api::V1::Admin::ReportsController < Api::BaseController
before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:reports' }, only: [:index, :show]
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:reports' }, except: [:index, :show]
before_action :require_staff!
before_action :set_reports, only: :index
before_action :set_report, except: :index
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
FILTER_PARAMS = %i(

6
app/controllers/api/v1/admin/retention_controller.rb

@ -1,11 +1,15 @@
# frozen_string_literal: true
class Api::V1::Admin::RetentionController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_cohorts
after_action :verify_authorized
def create
authorize :dashboard, :index?
render json: @cohorts, each_serializer: REST::Admin::CohortSerializer
end

20
app/controllers/api/v1/admin/trends/links_controller.rb

@ -1,17 +1,19 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::LinksController < Api::BaseController
class Api::V1::Admin::Trends::LinksController < Api::V1::Trends::LinksController
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_links
def index
render json: @links, each_serializer: REST::Trends::LinkSerializer
end
private
def set_links
@links = Trends.links.query.limit(limit_param(10))
def enabled?
super || current_user&.can?(:manage_taxonomies)
end
def links_from_trends
if current_user&.can?(:manage_taxonomies)
Trends.links.query
else
super
end
end
end

20
app/controllers/api/v1/admin/trends/statuses_controller.rb

@ -1,17 +1,19 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::StatusesController < Api::BaseController
class Api::V1::Admin::Trends::StatusesController < Api::V1::Trends::StatusesController
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_statuses
def index
render json: @statuses, each_serializer: REST::StatusSerializer
end
private
def set_statuses
@statuses = cache_collection(Trends.statuses.query.limit(limit_param(DEFAULT_STATUSES_LIMIT)), Status)
def enabled?
super || current_user&.can?(:manage_taxonomies)
end
def statuses_from_trends
if current_user&.can?(:manage_taxonomies)
Trends.statuses.query
else
super
end
end
end

20
app/controllers/api/v1/admin/trends/tags_controller.rb

@ -1,17 +1,19 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::TagsController < Api::BaseController
class Api::V1::Admin::Trends::TagsController < Api::V1::Trends::TagsController
before_action -> { authorize_if_got_token! :'admin:read' }
before_action :require_staff!
before_action :set_tags
def index
render json: @tags, each_serializer: REST::Admin::TagSerializer
end
private
def set_tags
@tags = Trends.tags.query.limit(limit_param(10))
def enabled?
super || current_user&.can?(:manage_taxonomies)
end
def tags_from_trends
if current_user&.can?(:manage_taxonomies)
Trends.tags.query
else
super
end
end
end

2
app/controllers/api/v1/featured_tags/suggestions_controller.rb

@ -6,7 +6,7 @@ class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
before_action :set_recently_used_tags, only: :index
def index
render json: @recently_used_tags, each_serializer: REST::TagSerializer
render json: @recently_used_tags, each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@recently_used_tags, current_user&.account_id)
end
private

4
app/controllers/api/v1/featured_tags_controller.rb

@ -13,9 +13,7 @@ class Api::V1::FeaturedTagsController < Api::BaseController
end
def create
@featured_tag = current_account.featured_tags.new(featured_tag_params)
@featured_tag.reset_data
@featured_tag.save!
@featured_tag = current_account.featured_tags.create!(featured_tag_params)
render json: @featured_tag, serializer: REST::FeaturedTagSerializer
end

52
app/controllers/api/v1/followed_tags_controller.rb

@ -0,0 +1,52 @@
# frozen_string_literal: true
class Api::V1::FollowedTagsController < Api::BaseController
TAGS_LIMIT = 100
before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' }, except: :show
before_action :require_user!
before_action :set_results
after_action :insert_pagination_headers, only: :show
def index
render json: @results.map(&:tag), each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@results.map(&:tag), current_user&.account_id)
end
private
def set_results
@results = TagFollow.where(account: current_account).joins(:tag).eager_load(:tag).to_a_paginated_by_id(
limit_param(TAGS_LIMIT),
params_slice(:max_id, :since_id, :min_id)
)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
api_v1_followed_tags_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
api_v1_followed_tags_url pagination_params(since_id: pagination_since_id) unless @results.empty?
end
def pagination_max_id
@results.last.id
end
def pagination_since_id
@results.first.id
end
def records_continue?
@results.size == limit_param(TAG_LIMIT)
end
def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end

30
app/controllers/api/v1/tags_controller.rb

@ -0,0 +1,30 @@
# frozen_string_literal: true
class Api::V1::TagsController < Api::BaseController
before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, except: :show
before_action :require_user!, except: :show
before_action :set_or_create_tag
override_rate_limit_headers :follow, family: :follows
def show
render json: @tag, serializer: REST::TagSerializer
end
def follow
TagFollow.create!(tag: @tag, account: current_account, rate_limit: true)
render json: @tag, serializer: REST::TagSerializer
end
def unfollow
TagFollow.find_by(account: current_account, tag: @tag)&.destroy!
render json: @tag, serializer: REST::TagSerializer
end
private
def set_or_create_tag
return not_found unless /\A(#{Tag::HASHTAG_NAME_RE})\z/.match?(params[:id])
@tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id])
end
end

10
app/controllers/api/v1/trends/links_controller.rb

@ -13,10 +13,14 @@ class Api::V1::Trends::LinksController < Api::BaseController
private
def enabled?
Setting.trends
end
def set_links
@links = begin
if Setting.trends
links_from_trends
if enabled?
links_from_trends.offset(offset_param).limit(limit_param(DEFAULT_LINKS_LIMIT))
else
[]
end
@ -24,7 +28,7 @@ class Api::V1::Trends::LinksController < Api::BaseController
end
def links_from_trends
Trends.links.query.allowed.in_locale(content_locale).offset(offset_param).limit(limit_param(DEFAULT_LINKS_LIMIT))
Trends.links.query.allowed.in_locale(content_locale)
end
def insert_pagination_headers

10
app/controllers/api/v1/trends/statuses_controller.rb

@ -11,10 +11,14 @@ class Api::V1::Trends::StatusesController < Api::BaseController
private
def enabled?
Setting.trends
end
def set_statuses
@statuses = begin
if Setting.trends
cache_collection(statuses_from_trends, Status)
if enabled?
cache_collection(statuses_from_trends.offset(offset_param).limit(limit_param(DEFAULT_STATUSES_LIMIT)), Status)
else
[]
end
@ -24,7 +28,7 @@ class Api::V1::Trends::StatusesController < Api::BaseController
def statuses_from_trends
scope = Trends.statuses.query.allowed.in_locale(content_locale)
scope = scope.filtered_for(current_account) if user_signed_in?
scope.offset(offset_param).limit(limit_param(DEFAULT_STATUSES_LIMIT))
scope
end
def insert_pagination_headers

14
app/controllers/api/v1/trends/tags_controller.rb

@ -8,21 +8,29 @@ class Api::V1::Trends::TagsController < Api::BaseController
DEFAULT_TAGS_LIMIT = 10
def index
render json: @tags, each_serializer: REST::TagSerializer
render json: @tags, each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@tags, current_user&.account_id)
end
private
def enabled?
Setting.trends
end
def set_tags
@tags = begin
if Setting.trends
Trends.tags.query.allowed.offset(offset_param).limit(limit_param(DEFAULT_TAGS_LIMIT))
if enabled?
tags_from_trends.offset(offset_param).limit(limit_param(DEFAULT_TAGS_LIMIT))
else
[]
end
end
end
def tags_from_trends
Trends.tags.query.allowed
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end

13
app/controllers/api/v2/admin/accounts_controller.rb

@ -11,6 +11,7 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
email
ip
invited_by
role_ids
).freeze
PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
@ -18,7 +19,17 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
private
def filtered_accounts
AccountFilter.new(filter_params).results
AccountFilter.new(translated_filter_params).results
end
def translated_filter_params
translated_params = filter_params.slice(*AccountFilter::KEYS)
if params[:permissions] == 'staff'
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id)
end
translated_params
end
def filter_params

8
app/controllers/application_controller.rb

@ -58,14 +58,6 @@ class ApplicationController < ActionController::Base
store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)
end
def require_admin!
forbidden unless current_user&.admin?
end
def require_staff!
forbidden unless current_user&.staff?
end
def require_functional!
redirect_to edit_user_registration_path unless current_user.functional?
end

2
app/controllers/custom_css_controller.rb

@ -13,6 +13,6 @@ class CustomCssController < ApplicationController
def show
expires_in 3.minutes, public: true
request.session_options[:skip] = true
render plain: Setting.custom_css || '', content_type: 'text/css'
render content_type: 'text/css'
end
end

1
app/controllers/settings/featured_tags_controller.rb

@ -11,7 +11,6 @@ class Settings::FeaturedTagsController < Settings::BaseController
def create
@featured_tag = current_account.featured_tags.new(featured_tag_params)
@featured_tag.reset_data
if @featured_tag.save
redirect_to settings_featured_tags_path

14
app/helpers/accounts_helper.rb

@ -61,21 +61,13 @@ module AccountsHelper
end
end
def account_badge(account, all: false)
def account_badge(account)
if account.bot?
content_tag(:div, content_tag(:div, t('accounts.roles.bot'), class: 'account-role bot'), class: 'roles')
elsif account.group?
content_tag(:div, content_tag(:div, t('accounts.roles.group'), class: 'account-role group'), class: 'roles')
elsif (Setting.show_staff_badge && account.user_staff?) || all
content_tag(:div, class: 'roles') do
if all && !account.user_staff?
content_tag(:div, t('admin.accounts.roles.user'), class: 'account-role')
elsif account.user_admin?
content_tag(:div, t('accounts.roles.admin'), class: 'account-role admin')
elsif account.user_moderator?
content_tag(:div, t('accounts.roles.moderator'), class: 'account-role moderator')
end
end
elsif account.user_role&.highlighted?
content_tag(:div, content_tag(:div, account.user_role.name, class: "account-role user-role-#{account.user_role.id}"), class: 'roles')
end
end

2
app/javascript/flavours/glitch/actions/importer/index.js

@ -63,7 +63,7 @@ export function importFetchedStatuses(statuses) {
const polls = [];
function processStatus(status) {
pushUnique(normalStatuses, normalizeStatus(status, getState().getIn(['statuses', status.id])));
pushUnique(normalStatuses, normalizeStatus(status, getState().getIn(['statuses', status.id]), getState().get('local_settings')));
pushUnique(accounts, status.account);
if (status.reblog && status.reblog.id) {

5
app/javascript/flavours/glitch/actions/importer/normalizer.js

@ -1,6 +1,7 @@
import escapeTextContentForBrowser from 'escape-html';
import emojify from 'flavours/glitch/util/emoji';
import { unescapeHTML } from 'flavours/glitch/util/html';
import { autoHideCW } from 'flavours/glitch/util/content_warning';
const domParser = new DOMParser();
@ -41,7 +42,7 @@ export function normalizeAccount(account) {
return account;
}
export function normalizeStatus(status, normalOldStatus) {
export function normalizeStatus(status, normalOldStatus, settings) {
const normalStatus = { ...status };
normalStatus.account = status.account.id;
@ -60,6 +61,7 @@ export function normalizeStatus(status, normalOldStatus) {
normalStatus.search_index = normalOldStatus.get('search_index');
normalStatus.contentHtml = normalOldStatus.get('contentHtml');
normalStatus.spoilerHtml = normalOldStatus.get('spoilerHtml');
normalStatus.hidden = normalOldStatus.get('hidden');
} else {
const spoilerText = normalStatus.spoiler_text || '';
const searchContent = ([spoilerText, status.content].concat((status.poll && status.poll.options) ? status.poll.options.map(option => option.title) : [])).concat(status.media_attachments.map(att => att.description)).join('\n\n').replace(/<br\s*\/?>/g, '\n').replace(/<\/p><p>/g, '\n\n');
@ -68,6 +70,7 @@ export function normalizeStatus(status, normalOldStatus) {
normalStatus.search_index = domParser.parseFromString(searchContent, 'text/html').documentElement.textContent;
normalStatus.contentHtml = emojify(normalStatus.content, emojiMap);
normalStatus.spoilerHtml = emojify(escapeTextContentForBrowser(spoilerText), emojiMap);
normalStatus.hidden = (spoilerText.length > 0 || normalStatus.sensitive) && autoHideCW(settings, spoilerText);
}
return normalStatus;

34
app/javascript/flavours/glitch/actions/statuses.js

@ -24,6 +24,10 @@ export const STATUS_UNMUTE_REQUEST = 'STATUS_UNMUTE_REQUEST';
export const STATUS_UNMUTE_SUCCESS = 'STATUS_UNMUTE_SUCCESS';
export const STATUS_UNMUTE_FAIL = 'STATUS_UNMUTE_FAIL';
export const STATUS_REVEAL = 'STATUS_REVEAL';
export const STATUS_HIDE = 'STATUS_HIDE';
export const STATUS_COLLAPSE = 'STATUS_COLLAPSE';
export const REDRAFT = 'REDRAFT';
export const STATUS_FETCH_SOURCE_REQUEST = 'STATUS_FETCH_SOURCE_REQUEST';
@ -277,3 +281,33 @@ export function unmuteStatusFail(id, error) {
error,
};
};
export function hideStatus(ids) {
if (!Array.isArray(ids)) {
ids = [ids];
}
return {
type: STATUS_HIDE,
ids,
};
};
export function revealStatus(ids) {
if (!Array.isArray(ids)) {
ids = [ids];
}
return {
type: STATUS_REVEAL,
ids,
};
};
export function toggleStatusCollapse(id, isCollapsed) {
return {
type: STATUS_COLLAPSE,
id,
isCollapsed,
};
}

18
app/javascript/flavours/glitch/components/hashtag.js

@ -1,7 +1,7 @@
// @ts-check
import React from 'react';
import { Sparklines, SparklinesCurve } from 'react-sparklines';
import { FormattedMessage } from 'react-intl';
import { FormattedMessage, injectIntl, defineMessages } from 'react-intl';
import PropTypes from 'prop-types';
import ImmutablePropTypes from 'react-immutable-proptypes';
import Permalink from './permalink';
@ -9,6 +9,10 @@ import ShortNumber from 'flavours/glitch/components/short_number';
import Skeleton from 'flavours/glitch/components/skeleton';