Update DirectMessageController, add parental controls support

This commit is contained in:
Daniel Supernault 2024-01-11 05:25:23 -07:00
parent fd9b5ad443
commit fe30cd25d1
No known key found for this signature in database
GPG key ID: 23740873EE6F76A1
2 changed files with 867 additions and 837 deletions

View file

@ -2575,7 +2575,11 @@ class ApiV1Controller extends Controller
$limit = $request->input('limit', 20);
$scope = $request->input('scope', 'inbox');
$pid = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$pid = $user->profile_id;
if(config('database.default') == 'pgsql') {
$dms = DirectMessage::when($scope === 'inbox', function($q, $scope) use($pid) {

View file

@ -26,6 +26,7 @@ use App\Services\WebfingerService;
use App\Models\Conversation;
use App\Jobs\DirectPipeline\DirectDeletePipeline;
use App\Jobs\DirectPipeline\DirectDeliverPipeline;
use App\Services\UserRoleService;
class DirectMessageController extends Controller
{
@ -41,7 +42,11 @@ class DirectMessageController extends Controller
'page' => 'nullable|integer|min:1|max:99'
]);
$profile = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$profile = $user->profile_id;
$action = $request->input('a', 'inbox');
$page = $request->input('page');
@ -302,7 +307,9 @@ class DirectMessageController extends Controller
'type' => 'required|in:text,emoji'
]);
$profile = $request->user()->profile;
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -401,7 +408,10 @@ class DirectMessageController extends Controller
$this->validate($request, [
'pid' => 'required'
]);
$uid = $request->user()->profile_id;
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$uid = $user->profile_id;
$pid = $request->input('pid');
$max_id = $request->input('max_id');
$min_id = $request->input('min_id');
@ -552,6 +562,9 @@ class DirectMessageController extends Controller
public function get(Request $request, $id)
{
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
$dm = DirectMessage::whereStatusId($id)->firstOrFail();
abort_if($pid !== $dm->to_id && $pid !== $dm->from_id, 404);
@ -572,6 +585,7 @@ class DirectMessageController extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -670,6 +684,11 @@ class DirectMessageController extends Controller
'remote' => 'nullable',
]);
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$q = $request->input('q');
$r = $request->input('remote', false);
@ -728,6 +747,8 @@ class DirectMessageController extends Controller
$pid = $request->input('pid');
$sid = $request->input('sid');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$dms = DirectMessage::whereToId($request->user()->profile_id)
->whereFromId($pid)
@ -749,6 +770,8 @@ class DirectMessageController extends Controller
'id' => 'required'
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id');
$pid = $request->user()->profile_id;
@ -770,6 +793,9 @@ class DirectMessageController extends Controller
'id' => 'required'
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id');
$pid = $request->user()->profile_id;