Add "locked" flag to accounts, prevent blocked users from following, force-unfollow...

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index d2d3bc4a4bb3e2bb55d1c989e211f49766495eec..8f1c8ac8adbbd16b1a8023f63134d36b92d8bd0c 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -30,6 +30,10 @@ class ApiController < ApplicationController
     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
   end
 
+  rescue_from Mastodon::NotPermitted do
+    render json: { error: 'This action is not allowed' }, status: 403
+  end
+
   def doorkeeper_unauthorized_render_options(error: nil)
     { json: { error: (error.try(:description) || 'Not authorized') } }
   end

diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 9e8a7da8cf59b526cd37f0d8f6a4e785e35a242a..4be549958633113775bcde77d234ae8b2dc9009f 100644 (file)
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
 class Settings::ProfilesController < ApplicationController
+  include ObfuscateFilename
+
   layout 'auth'
 
   before_action :authenticate_user!
   before_action :set_account
 
-  include ObfuscateFilename
   obfuscate_filename [:account, :avatar]
   obfuscate_filename [:account, :header]
 
@@ -23,7 +24,7 @@ class Settings::ProfilesController < ApplicationController
   private
 
   def account_params
-    params.require(:account).permit(:display_name, :note, :avatar, :header)
+    params.require(:account).permit(:display_name, :note, :avatar, :header, :locked)
   end
 
   def set_account

diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb
new file mode 100644 (file)
index 0000000..359228c
--- /dev/null
+++ b/app/lib/exceptions.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Mastodon
+  class Error < StandardError; end
+  class NotPermitted < Error; end
+end

diff --git a/app/services/block_service.rb b/app/services/block_service.rb
index 6a032a5a1a1f79876aacab89fd35d4bad4ca6923..66146a72ab6be972b56e3a6b20fff6fe82b5c64b 100644 (file)
--- a/app/services/block_service.rb
+++ b/app/services/block_service.rb
@@ -5,7 +5,10 @@ class BlockService < BaseService
     return if account.id == target_account.id
 
     UnfollowService.new.call(account, target_account) if account.following?(target_account)
+    UnfollowService.new.call(target_account, account) if target_account.following?(account)
+
     account.block!(target_account)
+
     clear_timelines(account, target_account)
     clear_notifications(account, target_account)
   end

diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index ed9b624552c022339caba481f67a32ef18e50bd2..02baa65536fd4f1ce1d75d107d131aa55bf2be73 100644 (file)
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -8,6 +8,7 @@ class FollowService < BaseService
     target_account = follow_remote_account_service.call(uri)
 
     raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
+    raise Mastodon::NotPermitted       if target_account.blocking?(source_account)
 
     follow = source_account.follow!(target_account)
 

diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml
index c2f1adb12e6deab93abe4a0fa46dbc1a1faca441..a8ea9bbc4b31e4dc67a4742902f605e2041471f8 100644 (file)
--- a/app/views/settings/profiles/show.html.haml
+++ b/app/views/settings/profiles/show.html.haml
@@ -8,6 +8,7 @@
   = f.input :note, placeholder: t('simple_form.labels.defaults.note')
   = f.input :avatar, wrapper: :with_label
   = f.input :header, wrapper: :with_label
+  = f.input :locked, as: :boolean, wrapper: :with_label
 
   .actions
     = f.button :button, t('generic.save_changes'), type: :submit

diff --git a/config/application.rb b/config/application.rb
index 427c0e2ba407b965c023cc04eb2012685dad281a..091f9c535060cd75b4d7486b3ffa95e785a1461f 100644 (file)
--- a/config/application.rb
+++ b/config/application.rb
@@ -2,6 +2,8 @@ require_relative 'boot'
 
 require 'rails/all'
 
+require_relative '../app/lib/exceptions'
+
 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)

diff --git a/db/migrate/20161222201034_add_locked_to_accounts.rb b/db/migrate/20161222201034_add_locked_to_accounts.rb
new file mode 100644 (file)
index 0000000..c246a90
--- /dev/null
+++ b/db/migrate/20161222201034_add_locked_to_accounts.rb
@@ -0,0 +1,5 @@
+class AddLockedToAccounts < ActiveRecord::Migration[5.0]
+  def change
+    add_column :accounts, :locked, :boolean, null: false, default: false
+  end
+end

diff --git a/db/schema.rb b/db/schema.rb
index 706099897202e6b0f5b5b2a21ca2ff02d59fcdb7..47e1b098d428674ed8574a8e8a86cd20f03f2d41 100644 (file)
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161221152630) do
+ActiveRecord::Schema.define(version: 20161222201034) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20161221152630) do
     t.datetime "subscription_expires_at"
     t.boolean  "silenced",                default: false, null: false
     t.boolean  "suspended",               default: false, null: false
+    t.boolean  "locked",                  default: false, null: false
     t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree
   end