aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update ComposeController, add parental controls support

Browse Source
pull/4862/head
Daniel Supernault 1 year ago
parent 1a16ec2078
commit 2dcfc81495
No known key found for this signature in database
GPG Key ID: 23740873EE6F76A1
2 changed files with 771 additions and 740 deletions
Show Stats Download Patch File Download Diff File

11
app/Http/Controllers/Api/ApiV1Controller.php
Unescape Escape View File

@ -1750,6 +1750,8 @@ class ApiV1Controller extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
AccountService::setLastActive($user->id);
$media = Media::whereUserId($user->id)
@ -2983,6 +2985,15 @@ class ApiV1Controller extends Controller
$in_reply_to_id = $request->input('in_reply_to_id');
$user = $request->user();
if($user->has_roles) {
if($in_reply_to_id != null) {
abort_if(!UserRoleService::can('can-comment', $user->id), 403, 'Invalid permissions for this action');
} else {
abort_if(!UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
}
}
$profile = $user->profile;
$limitKey = 'compose:rate-limit:store:' . $user->id;

26
app/Http/Controllers/ComposeController.php
Unescape Escape View File

@ -229,6 +229,8 @@ class ComposeController extends Controller
'id' => 'required|integer|min:1|exists:media,id'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$media = Media::whereNull('status_id')
->whereUserId(Auth::id())
->findOrFail($request->input('id'));
@ -258,6 +260,8 @@ class ComposeController extends Controller
$q = mb_substr($q, 1);
}
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$blocked = UserFilter::whereFilterableType('App\Profile')
->whereFilterType('block')
->whereFilterableId($request->user()->profile_id)
@ -292,6 +296,8 @@ class ComposeController extends Controller
'profile_id' => 'required'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$user = $request->user();
$status_id = $request->input('status_id');
$profile_id = (int) $request->input('profile_id');
@ -322,6 +328,7 @@ class ComposeController extends Controller
$this->validate($request, [
'q' => 'required|string|max:100'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
abort_if(!$pid, 400);
$q = e($request->input('q'));
@ -400,6 +407,8 @@ class ComposeController extends Controller
'q' => 'required|string|min:2|max:50'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$q = $request->input('q');
if(Str::of($q)->startsWith('@')) {
@ -440,6 +449,8 @@ class ComposeController extends Controller
'q' => 'required|string|min:2|max:50'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$q = $request->input('q');
$results = Hashtag::select('slug')
@ -478,6 +489,8 @@ class ComposeController extends Controller
// 'optimize_media' => 'nullable'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
if(config('costar.enabled') == true) {
$blockedKeywords = config('costar.keyword.block');
if($blockedKeywords !== null && $request->caption) {
@ -490,7 +503,7 @@ class ComposeController extends Controller
}
}
$user = Auth::user();
$user = $request->user();
$profile = $user->profile;
$limitKey = 'compose:rate-limit:store:' . $user->id;
@ -646,6 +659,8 @@ class ComposeController extends Controller
'tagged' => 'nullable',
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
if(config('costar.enabled') == true) {
$blockedKeywords = config('costar.keyword.block');
if($blockedKeywords !== null && $request->caption) {
@ -658,7 +673,7 @@ class ComposeController extends Controller
}
}
$user = Auth::user();
$user = $request->user();
$profile = $user->profile;
$visibility = $request->input('visibility');
$status = new Status;
@ -723,6 +738,8 @@ class ComposeController extends Controller
'id' => 'required|integer|min:1'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$media = Media::whereUserId($request->user()->id)
->whereNull('status_id')
->findOrFail($request->input('id'));
@ -755,6 +772,8 @@ class ComposeController extends Controller
public function composeSettings(Request $request)
{
$uid = $request->user()->id;
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$default = [
'default_license' => 1,
'media_descriptions' => false,
@ -780,8 +799,9 @@ class ComposeController extends Controller
'expiry' => 'required|in:60,360,1440,10080',
'pollOptions' => 'required|array|min:1|max:4'
]);
abort(404);
abort_if(config('instance.polls.enabled') == false, 404, 'Polls not enabled');
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
abort_if(Status::whereType('poll')
->whereProfileId($request->user()->profile_id)

Write Preview
Loading…
Cancel
Save