mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-20 11:35:29 +01:00
Add validation of media attachments, clean up mastodon-own exception classes
This commit is contained in:
parent
063432d7e3
commit
5f511324b6
@ -62,11 +62,11 @@ class Api::V1::StatusesController < ApiController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
|
@status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
|
||||||
sensitive: params[:sensitive],
|
sensitive: params[:sensitive],
|
||||||
spoiler_text: params[:spoiler_text],
|
spoiler_text: params[:spoiler_text],
|
||||||
visibility: params[:visibility],
|
visibility: params[:visibility],
|
||||||
application: doorkeeper_token.application)
|
application: doorkeeper_token.application)
|
||||||
render action: :show
|
render action: :show
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ class ApiController < ApplicationController
|
|||||||
|
|
||||||
before_action :set_rate_limit_headers
|
before_action :set_rate_limit_headers
|
||||||
|
|
||||||
rescue_from ActiveRecord::RecordInvalid do |e|
|
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
|
||||||
render json: { error: e.to_s }, status: 422
|
render json: { error: e.to_s }, status: 422
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -30,7 +30,7 @@ class ApiController < ApplicationController
|
|||||||
render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
|
render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from Mastodon::NotPermitted do
|
rescue_from Mastodon::NotPermittedError do
|
||||||
render json: { error: 'This action is not allowed' }, status: 403
|
render json: { error: 'This action is not allowed' }, status: 403
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ class AuthorizeFollowController < ApplicationController
|
|||||||
else
|
else
|
||||||
redirect_to web_url("accounts/#{@account.id}")
|
redirect_to web_url("accounts/#{@account.id}")
|
||||||
end
|
end
|
||||||
rescue ActiveRecord::RecordNotFound, Mastodon::NotPermitted
|
rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
|
||||||
render :error
|
render :error
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -2,5 +2,6 @@
|
|||||||
|
|
||||||
module Mastodon
|
module Mastodon
|
||||||
class Error < StandardError; end
|
class Error < StandardError; end
|
||||||
class NotPermitted < Error; end
|
class NotPermittedError < Error; end
|
||||||
|
class ValidationError < Error; end
|
||||||
end
|
end
|
||||||
|
@ -6,7 +6,7 @@ class FavouriteService < BaseService
|
|||||||
# @param [Status] status
|
# @param [Status] status
|
||||||
# @return [Favourite]
|
# @return [Favourite]
|
||||||
def call(account, status)
|
def call(account, status)
|
||||||
raise Mastodon::NotPermitted unless status.permitted?(account)
|
raise Mastodon::NotPermittedError unless status.permitted?(account)
|
||||||
|
|
||||||
favourite = Favourite.create!(account: account, status: status)
|
favourite = Favourite.create!(account: account, status: status)
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ class FollowService < BaseService
|
|||||||
target_account = FollowRemoteAccountService.new.call(uri)
|
target_account = FollowRemoteAccountService.new.call(uri)
|
||||||
|
|
||||||
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
|
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
|
||||||
raise Mastodon::NotPermitted if target_account.blocking?(source_account) || source_account.blocking?(target_account)
|
raise Mastodon::NotPermittedError if target_account.blocking?(source_account) || source_account.blocking?(target_account)
|
||||||
|
|
||||||
if target_account.locked?
|
if target_account.locked?
|
||||||
request_follow(source_account, target_account)
|
request_follow(source_account, target_account)
|
||||||
|
@ -13,7 +13,7 @@ class PostStatusService < BaseService
|
|||||||
# @option [Doorkeeper::Application] :application
|
# @option [Doorkeeper::Application] :application
|
||||||
# @return [Status]
|
# @return [Status]
|
||||||
def call(account, text, in_reply_to = nil, options = {})
|
def call(account, text, in_reply_to = nil, options = {})
|
||||||
media = validate_media options[:media_ids]
|
media = validate_media!(options[:media_ids])
|
||||||
status = account.statuses.create!(text: text,
|
status = account.statuses.create!(text: text,
|
||||||
thread: in_reply_to,
|
thread: in_reply_to,
|
||||||
sensitive: options[:sensitive],
|
sensitive: options[:sensitive],
|
||||||
@ -34,17 +34,16 @@ class PostStatusService < BaseService
|
|||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def validate_media(media_ids)
|
def validate_media!(media_ids)
|
||||||
return if media_ids.nil? || !media_ids.is_a?(Enumerable)
|
return if media_ids.nil? || !media_ids.is_a?(Enumerable)
|
||||||
|
|
||||||
|
raise Mastodon::ValidationError, 'Cannot attach more than 4 files' if media_ids.size > 4
|
||||||
|
|
||||||
media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i))
|
media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i))
|
||||||
if media.length > 1
|
|
||||||
media.each do |m|
|
raise Mastodon::ValidationError, 'Cannot attach a video to a toot that already contains images' if media.size > 1 && media.find(&:video?)
|
||||||
if m.video?
|
|
||||||
raise Mastodon::NotPermitted, 'Cannot attach a video to a toot that already contains images'
|
media
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return media
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def attach_media(status, media)
|
def attach_media(status, media)
|
||||||
|
@ -10,7 +10,7 @@ class ReblogService < BaseService
|
|||||||
def call(account, reblogged_status)
|
def call(account, reblogged_status)
|
||||||
reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
|
reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
|
||||||
|
|
||||||
raise Mastodon::NotPermitted if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
|
raise Mastodon::NotPermittedError if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
|
||||||
|
|
||||||
reblog = account.statuses.create!(reblog: reblogged_status, text: '')
|
reblog = account.statuses.create!(reblog: reblogged_status, text: '')
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user