UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-22 14:31:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update DirectMessageController, add parental controls support

Browse source
This commit is contained in:
Daniel Supernault 2024-01-11 05:25:23 -07:00
parent fd9b5ad443
commit fe30cd25d1
No known key found for this signature in database
GPG key ID: 23740873EE6F76A1
2 changed files with 867 additions and 837 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/Api/ApiV1Controller.php
View file

@ -2575,7 +2575,11 @@ class ApiV1Controller extends Controller
$limit = $request->input('limit', 20); $limit = $request->input('limit', 20);
$scope = $request->input('scope', 'inbox'); $scope = $request->input('scope', 'inbox');
$pid = $request->user()->profile_id; $user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$pid = $user->profile_id;
if(config('database.default') == 'pgsql') { if(config('database.default') == 'pgsql') {
$dms = DirectMessage::when($scope === 'inbox', function($q, $scope) use($pid) { $dms = DirectMessage::when($scope === 'inbox', function($q, $scope) use($pid) {

32
app/Http/Controllers/DirectMessageController.php
View file

@ -26,6 +26,7 @@ use App\Services\WebfingerService;
use App\Models\Conversation; use App\Models\Conversation;
use App\Jobs\DirectPipeline\DirectDeletePipeline; use App\Jobs\DirectPipeline\DirectDeletePipeline;
use App\Jobs\DirectPipeline\DirectDeliverPipeline; use App\Jobs\DirectPipeline\DirectDeliverPipeline;
use App\Services\UserRoleService;
class DirectMessageController extends Controller class DirectMessageController extends Controller
{ {
@ -41,7 +42,11 @@ class DirectMessageController extends Controller
'page' => 'nullable|integer|min:1|max:99' 'page' => 'nullable|integer|min:1|max:99'
]); ]);
$profile = $request->user()->profile_id; $user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$profile = $user->profile_id;
$action = $request->input('a', 'inbox'); $action = $request->input('a', 'inbox');
$page = $request->input('page'); $page = $request->input('page');
@ -302,7 +307,9 @@ class DirectMessageController extends Controller
'type' => 'required|in:text,emoji' 'type' => 'required|in:text,emoji'
]); ]);
$profile = $request->user()->profile; $user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id')); $recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403); abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -401,7 +408,10 @@ class DirectMessageController extends Controller
$this->validate($request, [ $this->validate($request, [
'pid' => 'required' 'pid' => 'required'
]); ]);
$uid = $request->user()->profile_id; $user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$uid = $user->profile_id;
$pid = $request->input('pid'); $pid = $request->input('pid');
$max_id = $request->input('max_id'); $max_id = $request->input('max_id');
$min_id = $request->input('min_id'); $min_id = $request->input('min_id');
@ -552,6 +562,9 @@ class DirectMessageController extends Controller
public function get(Request $request, $id) public function get(Request $request, $id)
{ {
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id; $pid = $request->user()->profile_id;
$dm = DirectMessage::whereStatusId($id)->firstOrFail(); $dm = DirectMessage::whereStatusId($id)->firstOrFail();
abort_if($pid !== $dm->to_id && $pid !== $dm->from_id, 404); abort_if($pid !== $dm->to_id && $pid !== $dm->from_id, 404);
@ -572,6 +585,7 @@ class DirectMessageController extends Controller
]); ]);
$user = $request->user(); $user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile; $profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id')); $recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403); abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -670,6 +684,11 @@ class DirectMessageController extends Controller
'remote' => 'nullable', 'remote' => 'nullable',
]); ]);
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$q = $request->input('q'); $q = $request->input('q');
$r = $request->input('remote', false); $r = $request->input('remote', false);
@ -728,6 +747,8 @@ class DirectMessageController extends Controller
$pid = $request->input('pid'); $pid = $request->input('pid');
$sid = $request->input('sid'); $sid = $request->input('sid');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$dms = DirectMessage::whereToId($request->user()->profile_id) $dms = DirectMessage::whereToId($request->user()->profile_id)
->whereFromId($pid) ->whereFromId($pid)
@ -749,6 +770,8 @@ class DirectMessageController extends Controller
'id' => 'required' 'id' => 'required'
]); ]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id'); $fid = $request->input('id');
$pid = $request->user()->profile_id; $pid = $request->user()->profile_id;
@ -770,6 +793,9 @@ class DirectMessageController extends Controller
'id' => 'required' 'id' => 'required'
]); ]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id'); $fid = $request->input('id');
$pid = $request->user()->profile_id; $pid = $request->user()->profile_id;