Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026)

diff --git a/app/controllers/settings/migrations_controller.rb b/app/controllers/settings/migrations_controller.rb
index b18403a7f04798561a5850776c0799ec06b73c80..bc6436b87aff6f6967350eb8013f7866be17d45e 100644 (file)
--- a/app/controllers/settings/migrations_controller.rb
+++ b/app/controllers/settings/migrations_controller.rb
@@ -28,6 +28,7 @@ class Settings::MigrationsController < ApplicationController
   end
 
   def migration_account_changed?
-    current_account.moved_to_account_id != @migration.account&.id
+    current_account.moved_to_account_id != @migration.account&.id &&
+      current_account.id != @migration.account&.id
   end
 end

diff --git a/app/serializers/rest/account_serializer.rb b/app/serializers/rest/account_serializer.rb
index bab944c5a5691e57a139a1939ceaed8896db3faf..19b746520f2f4cc1e3da469e5d072deef17827bb 100644 (file)
--- a/app/serializers/rest/account_serializer.rb
+++ b/app/serializers/rest/account_serializer.rb
@@ -7,9 +7,7 @@ class REST::AccountSerializer < ActiveModel::Serializer
              :note, :url, :avatar, :avatar_static, :header, :header_static,
              :followers_count, :following_count, :statuses_count
 
-  has_one :moved_to_account, key: :moved, serializer: REST::AccountSerializer, if: :moved?
-
-  delegate :moved?, to: :object
+  has_one :moved_to_account, key: :moved, serializer: REST::AccountSerializer, if: :moved_and_not_nested?
 
   def id
     object.id.to_s
@@ -38,4 +36,8 @@ class REST::AccountSerializer < ActiveModel::Serializer
   def header_static
     full_asset_url(object.header_static_url)
   end
+
+  def moved_and_not_nested?
+    object.moved? && object.moved_to_account.moved_to_account_id.nil?
+  end
 end