mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-09 16:24:51 +00:00
Update DirectMessageController, add parental controls support
This commit is contained in:
parent
fd9b5ad443
commit
fe30cd25d1
2 changed files with 867 additions and 837 deletions
|
@ -2575,7 +2575,11 @@ class ApiV1Controller extends Controller
|
|||
|
||||
$limit = $request->input('limit', 20);
|
||||
$scope = $request->input('scope', 'inbox');
|
||||
$pid = $request->user()->profile_id;
|
||||
$user = $request->user();
|
||||
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
|
||||
return [];
|
||||
}
|
||||
$pid = $user->profile_id;
|
||||
|
||||
if(config('database.default') == 'pgsql') {
|
||||
$dms = DirectMessage::when($scope === 'inbox', function($q, $scope) use($pid) {
|
||||
|
|
|
@ -26,6 +26,7 @@ use App\Services\WebfingerService;
|
|||
use App\Models\Conversation;
|
||||
use App\Jobs\DirectPipeline\DirectDeletePipeline;
|
||||
use App\Jobs\DirectPipeline\DirectDeliverPipeline;
|
||||
use App\Services\UserRoleService;
|
||||
|
||||
class DirectMessageController extends Controller
|
||||
{
|
||||
|
@ -41,7 +42,11 @@ class DirectMessageController extends Controller
|
|||
'page' => 'nullable|integer|min:1|max:99'
|
||||
]);
|
||||
|
||||
$profile = $request->user()->profile_id;
|
||||
$user = $request->user();
|
||||
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
|
||||
return [];
|
||||
}
|
||||
$profile = $user->profile_id;
|
||||
$action = $request->input('a', 'inbox');
|
||||
$page = $request->input('page');
|
||||
|
||||
|
@ -302,7 +307,9 @@ class DirectMessageController extends Controller
|
|||
'type' => 'required|in:text,emoji'
|
||||
]);
|
||||
|
||||
$profile = $request->user()->profile;
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
$profile = $user->profile;
|
||||
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
|
||||
|
||||
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
|
||||
|
@ -401,7 +408,10 @@ class DirectMessageController extends Controller
|
|||
$this->validate($request, [
|
||||
'pid' => 'required'
|
||||
]);
|
||||
$uid = $request->user()->profile_id;
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$uid = $user->profile_id;
|
||||
$pid = $request->input('pid');
|
||||
$max_id = $request->input('max_id');
|
||||
$min_id = $request->input('min_id');
|
||||
|
@ -552,6 +562,9 @@ class DirectMessageController extends Controller
|
|||
|
||||
public function get(Request $request, $id)
|
||||
{
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$pid = $request->user()->profile_id;
|
||||
$dm = DirectMessage::whereStatusId($id)->firstOrFail();
|
||||
abort_if($pid !== $dm->to_id && $pid !== $dm->from_id, 404);
|
||||
|
@ -572,6 +585,7 @@ class DirectMessageController extends Controller
|
|||
]);
|
||||
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
$profile = $user->profile;
|
||||
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
|
||||
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
|
||||
|
@ -670,6 +684,11 @@ class DirectMessageController extends Controller
|
|||
'remote' => 'nullable',
|
||||
]);
|
||||
|
||||
$user = $request->user();
|
||||
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$q = $request->input('q');
|
||||
$r = $request->input('remote', false);
|
||||
|
||||
|
@ -728,6 +747,8 @@ class DirectMessageController extends Controller
|
|||
|
||||
$pid = $request->input('pid');
|
||||
$sid = $request->input('sid');
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$dms = DirectMessage::whereToId($request->user()->profile_id)
|
||||
->whereFromId($pid)
|
||||
|
@ -749,6 +770,8 @@ class DirectMessageController extends Controller
|
|||
'id' => 'required'
|
||||
]);
|
||||
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
$fid = $request->input('id');
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
|
@ -770,6 +793,9 @@ class DirectMessageController extends Controller
|
|||
'id' => 'required'
|
||||
]);
|
||||
|
||||
$user = $request->user();
|
||||
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
|
||||
|
||||
$fid = $request->input('id');
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
|
|
Loading…
Reference in a new issue