authorize_interactions_controller.rb 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
  1. # frozen_string_literal: true
  2. class AuthorizeInteractionsController < ApplicationController
  3. include Authorization
  4. layout 'modal'
  5. before_action :authenticate_user!
  6. before_action :set_body_classes
  7. before_action :set_resource
  8. def show
  9. if @resource.is_a?(Account)
  10. render :show
  11. elsif @resource.is_a?(Status)
  12. redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}")
  13. else
  14. render :error
  15. end
  16. end
  17. def create
  18. if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource, with_rate_limit: true)
  19. render :success
  20. else
  21. render :error
  22. end
  23. rescue ActiveRecord::RecordNotFound
  24. render :error
  25. end
  26. private
  27. def set_resource
  28. @resource = located_resource
  29. authorize(@resource, :show?) if @resource.is_a?(Status)
  30. rescue Mastodon::NotPermittedError
  31. not_found
  32. end
  33. def located_resource
  34. if uri_param_is_url?
  35. ResolveURLService.new.call(uri_param)
  36. else
  37. account_from_remote_follow
  38. end
  39. end
  40. def account_from_remote_follow
  41. ResolveAccountService.new.call(uri_param)
  42. end
  43. def uri_param_is_url?
  44. parsed_uri.path && %w(http https).include?(parsed_uri.scheme)
  45. end
  46. def parsed_uri
  47. Addressable::URI.parse(uri_param).normalize
  48. end
  49. def uri_param
  50. params[:uri] || params.fetch(:acct, '').gsub(/\Aacct:/, '')
  51. end
  52. def set_body_classes
  53. @body_classes = 'modal-layout'
  54. end
  55. end