include RateLimitHeaders
skip_before_action :store_current_location
+ skip_before_action :check_user_permissions
+
protect_from_forgery with: :null_session
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
rescue_from Mastodon::NotPermittedError, with: :forbidden
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
- before_action :check_suspension, if: :user_signed_in?
+ before_action :check_user_permissions, if: :user_signed_in?
def raise_not_found
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
forbidden unless current_user&.staff?
end
- def check_suspension
- forbidden if current_user.account.suspended?
+ def check_user_permissions
+ forbidden if current_user.disabled? || current_user.account.suspended?
end
def after_sign_out_path_for(_resource_or_scope)
layout 'auth'
skip_before_action :require_no_authentication, only: [:create]
- skip_before_action :check_suspension, only: [:destroy]
+ skip_before_action :check_user_permissions, only: [:destroy]
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
before_action :set_instance_presenter, only: [:new]
before_action :set_body_classes
save!
end
- def active_for_authentication?
- super && !disabled?
- end
-
def setting_default_privacy
settings.default_privacy || (account.locked? ? 'private' : 'public')
end
end
def enable?
- admin?
+ staff?
end
def disable?
- admin? && !record.admin?
+ staff? && !record.admin?
end
def promote?
context 'when user is confirmed' do
let(:confirmed_at) { Time.zone.now }
- it { is_expected.to be false }
+ it { is_expected.to be true }
end
context 'when user is not confirmed' do
cat aescling's git repositories / mastodon.git / commitdiff