4.1.3-gh23188

2023-07-07 16:24:49 +01:00 · 2023-07-07 16:24:49 +01:00 · 5812b02c24
commit 5812b02c24
parent b7ca3ea498 0d5781ca76
62 changed files with 860 additions and 216 deletions
--- a/app/models/account_conversation.rb
+++ b/app/models/account_conversation.rb
@ -16,34 +16,44 @@
 class AccountConversation < ApplicationRecord
  include Redisable

+  attr_writer :participant_accounts
+
+  before_validation :set_last_status
  after_commit :push_to_streaming_api

  belongs_to :account
  belongs_to :conversation
  belongs_to :last_status, class_name: 'Status'

-  before_validation :set_last_status
-
  def participant_account_ids=(arr)
    self[:participant_account_ids] = arr.sort
+    @participant_accounts = nil
  end

  def participant_accounts
-    if participant_account_ids.empty?
-      [account]
-    else
-      participants = Account.where(id: participant_account_ids)
-      participants.empty? ? [account] : participants
-    end
+    @participant_accounts ||= Account.where(id: participant_account_ids).to_a
+    @participant_accounts.presence || [account]
  end

  class << self
    def to_a_paginated_by_id(limit, options = {})
-      if options[:min_id]
-        paginate_by_min_id(limit, options[:min_id], options[:max_id]).reverse
-      else
-        paginate_by_max_id(limit, options[:max_id], options[:since_id]).to_a
+      array = begin
+        if options[:min_id]
+          paginate_by_min_id(limit, options[:min_id], options[:max_id]).reverse
+        else
+          paginate_by_max_id(limit, options[:max_id], options[:since_id]).to_a
+        end
      end
+
+      # Preload participants
+      participant_ids = array.flat_map(&:participant_account_ids)
+      accounts_by_id = Account.where(id: participant_ids).index_by(&:id)
+
+      array.each do |conversation|
+        conversation.participant_accounts = conversation.participant_account_ids.filter_map { |id| accounts_by_id[id] }
+      end
+
+      array
    end

    def paginate_by_min_id(limit, min_id = nil, max_id = nil)
--- a/app/models/concerns/attachmentable.rb
+++ b/app/models/concerns/attachmentable.rb
@ -22,15 +22,14 @@ module Attachmentable

  included do
    def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName
-      options = { validate_media_type: false }.merge(options)
      super(name, options)
-      send(:"before_#{name}_post_process") do
+
+      send(:"before_#{name}_validate") do
        attachment = send(name)
        check_image_dimension(attachment)
        set_file_content_type(attachment)
        obfuscate_file_name(attachment)
        set_file_extension(attachment)
-        Paperclip::Validators::MediaTypeSpoofDetectionValidator.new(attributes: [name]).validate(self)
      end
    end
  end
--- a/app/models/form/account_batch.rb
+++ b/app/models/form/account_batch.rb
@ -123,7 +123,18 @@ class Form::AccountBatch
      account: current_account,
      action: :suspend
    )
+
    Admin::SuspensionWorker.perform_async(account.id)
+
+    # Suspending a single account closes their associated reports, so
+    # mass-suspending would be consistent.
+    Report.where(target_account: account).unresolved.find_each do |report|
+      authorize(report, :update?)
+      log_action(:resolve, report)
+      report.resolve!(current_account)
+    rescue Mastodon::NotPermittedError
+      # This should not happen, but just in case, do not fail early
+    end
  end

  def approve_account(account)
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@ -12,7 +12,7 @@
 #

 class Identity < ApplicationRecord
-  belongs_to :user, dependent: :destroy
+  belongs_to :user
  validates :uid, presence: true, uniqueness: { scope: :provider }
  validates :provider, presence: true

--- a/app/models/webhook.rb
+++ b/app/models/webhook.rb
@ -20,6 +20,8 @@ class Webhook < ApplicationRecord
    report.created
  ).freeze

+  attr_writer :current_account
+
  scope :enabled, -> { where(enabled: true) }

  validates :url, presence: true, url: true
@ -27,6 +29,7 @@ class Webhook < ApplicationRecord
  validates :events, presence: true

  validate :validate_events
+  validate :validate_permissions

  before_validation :strip_events
  before_validation :generate_secret
@ -43,12 +46,29 @@ class Webhook < ApplicationRecord
    update!(enabled: false)
  end

+  def required_permissions
+    events.map { |event| Webhook.permission_for_event(event) }
+  end
+
+  def self.permission_for_event(event)
+    case event
+    when 'account.approved', 'account.created', 'account.updated'
+      :manage_users
+    when 'report.created'
+      :manage_reports
+    end
+  end
+
  private

  def validate_events
    errors.add(:events, :invalid) if events.any? { |e| !EVENTS.include?(e) }
  end

+  def validate_permissions
+    errors.add(:events, :invalid_permissions) if defined?(@current_account) && required_permissions.any? { |permission| !@current_account.user_role.can?(permission) }
+  end
+
  def strip_events
    self.events = events.map { |str| str.strip.presence }.compact if events.present?
  end