mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-22 06:21:27 +00:00
Update ComposeController, add parental controls support
This commit is contained in:
parent
1a16ec2078
commit
2dcfc81495
2 changed files with 661 additions and 630 deletions
|
@ -1750,6 +1750,8 @@ class ApiV1Controller extends Controller
|
|||
]);
|
||||
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
AccountService::setLastActive($user->id);
|
||||
|
||||
$media = Media::whereUserId($user->id)
|
||||
|
@ -2983,6 +2985,15 @@ class ApiV1Controller extends Controller
|
|||
$in_reply_to_id = $request->input('in_reply_to_id');
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
if($user->has_roles) {
|
||||
if($in_reply_to_id != null) {
|
||||
abort_if(!UserRoleService::can('can-comment', $user->id), 403, 'Invalid permissions for this action');
|
||||
} else {
|
||||
abort_if(!UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
|
||||
}
|
||||
}
|
||||
|
||||
$profile = $user->profile;
|
||||
|
||||
$limitKey = 'compose:rate-limit:store:' . $user->id;
|
||||
|
|
|
@ -229,6 +229,8 @@ class ComposeController extends Controller
|
|||
'id' => 'required|integer|min:1|exists:media,id'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$media = Media::whereNull('status_id')
|
||||
->whereUserId(Auth::id())
|
||||
->findOrFail($request->input('id'));
|
||||
|
@ -258,6 +260,8 @@ class ComposeController extends Controller
|
|||
$q = mb_substr($q, 1);
|
||||
}
|
||||
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$blocked = UserFilter::whereFilterableType('App\Profile')
|
||||
->whereFilterType('block')
|
||||
->whereFilterableId($request->user()->profile_id)
|
||||
|
@ -292,6 +296,8 @@ class ComposeController extends Controller
|
|||
'profile_id' => 'required'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$user = $request->user();
|
||||
$status_id = $request->input('status_id');
|
||||
$profile_id = (int) $request->input('profile_id');
|
||||
|
@ -322,6 +328,7 @@ class ComposeController extends Controller
|
|||
$this->validate($request, [
|
||||
'q' => 'required|string|max:100'
|
||||
]);
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
$pid = $request->user()->profile_id;
|
||||
abort_if(!$pid, 400);
|
||||
$q = e($request->input('q'));
|
||||
|
@ -400,6 +407,8 @@ class ComposeController extends Controller
|
|||
'q' => 'required|string|min:2|max:50'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$q = $request->input('q');
|
||||
|
||||
if(Str::of($q)->startsWith('@')) {
|
||||
|
@ -440,6 +449,8 @@ class ComposeController extends Controller
|
|||
'q' => 'required|string|min:2|max:50'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$q = $request->input('q');
|
||||
|
||||
$results = Hashtag::select('slug')
|
||||
|
@ -478,6 +489,8 @@ class ComposeController extends Controller
|
|||
// 'optimize_media' => 'nullable'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
if(config('costar.enabled') == true) {
|
||||
$blockedKeywords = config('costar.keyword.block');
|
||||
if($blockedKeywords !== null && $request->caption) {
|
||||
|
@ -490,7 +503,7 @@ class ComposeController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
$user = Auth::user();
|
||||
$user = $request->user();
|
||||
$profile = $user->profile;
|
||||
|
||||
$limitKey = 'compose:rate-limit:store:' . $user->id;
|
||||
|
@ -646,6 +659,8 @@ class ComposeController extends Controller
|
|||
'tagged' => 'nullable',
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
if(config('costar.enabled') == true) {
|
||||
$blockedKeywords = config('costar.keyword.block');
|
||||
if($blockedKeywords !== null && $request->caption) {
|
||||
|
@ -658,7 +673,7 @@ class ComposeController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
$user = Auth::user();
|
||||
$user = $request->user();
|
||||
$profile = $user->profile;
|
||||
$visibility = $request->input('visibility');
|
||||
$status = new Status;
|
||||
|
@ -723,6 +738,8 @@ class ComposeController extends Controller
|
|||
'id' => 'required|integer|min:1'
|
||||
]);
|
||||
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$media = Media::whereUserId($request->user()->id)
|
||||
->whereNull('status_id')
|
||||
->findOrFail($request->input('id'));
|
||||
|
@ -755,6 +772,8 @@ class ComposeController extends Controller
|
|||
public function composeSettings(Request $request)
|
||||
{
|
||||
$uid = $request->user()->id;
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$default = [
|
||||
'default_license' => 1,
|
||||
'media_descriptions' => false,
|
||||
|
@ -780,8 +799,9 @@ class ComposeController extends Controller
|
|||
'expiry' => 'required|in:60,360,1440,10080',
|
||||
'pollOptions' => 'required|array|min:1|max:4'
|
||||
]);
|
||||
|
||||
abort(404);
|
||||
abort_if(config('instance.polls.enabled') == false, 404, 'Polls not enabled');
|
||||
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
abort_if(Status::whereType('poll')
|
||||
->whereProfileId($request->user()->profile_id)
|
||||
|
|
Loading…
Reference in a new issue