accounts_controller.rb 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. # frozen_string_literal: true
  2. class Api::V1::Admin::AccountsController < Api::BaseController
  3. include Authorization
  4. include AccountableConcern
  5. LIMIT = 100
  6. before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
  7. before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
  8. before_action :set_accounts, only: :index
  9. before_action :set_account, except: :index
  10. before_action :require_local_account!, only: [:enable, :approve, :reject]
  11. after_action :verify_authorized
  12. after_action :insert_pagination_headers, only: :index
  13. FILTER_PARAMS = %i(
  14. local
  15. remote
  16. by_domain
  17. active
  18. pending
  19. disabled
  20. sensitized
  21. silenced
  22. suspended
  23. username
  24. display_name
  25. email
  26. ip
  27. staff
  28. ).freeze
  29. PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
  30. def index
  31. authorize :account, :index?
  32. render json: @accounts, each_serializer: REST::Admin::AccountSerializer
  33. end
  34. def show
  35. authorize @account, :show?
  36. render json: @account, serializer: REST::Admin::AccountSerializer
  37. end
  38. def enable
  39. authorize @account.user, :enable?
  40. @account.user.enable!
  41. log_action :enable, @account.user
  42. render json: @account, serializer: REST::Admin::AccountSerializer
  43. end
  44. def approve
  45. authorize @account.user, :approve?
  46. @account.user.approve!
  47. log_action :approve, @account.user
  48. render json: @account, serializer: REST::Admin::AccountSerializer
  49. end
  50. def reject
  51. authorize @account.user, :reject?
  52. DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
  53. log_action :reject, @account.user
  54. render_empty
  55. end
  56. def destroy
  57. authorize @account, :destroy?
  58. Admin::AccountDeletionWorker.perform_async(@account.id)
  59. render_empty
  60. end
  61. def unsensitive
  62. authorize @account, :unsensitive?
  63. @account.unsensitize!
  64. log_action :unsensitive, @account
  65. render json: @account, serializer: REST::Admin::AccountSerializer
  66. end
  67. def unsilence
  68. authorize @account, :unsilence?
  69. @account.unsilence!
  70. log_action :unsilence, @account
  71. render json: @account, serializer: REST::Admin::AccountSerializer
  72. end
  73. def unsuspend
  74. authorize @account, :unsuspend?
  75. @account.unsuspend!
  76. Admin::UnsuspensionWorker.perform_async(@account.id)
  77. log_action :unsuspend, @account
  78. render json: @account, serializer: REST::Admin::AccountSerializer
  79. end
  80. private
  81. def set_accounts
  82. @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite, :ips]).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  83. end
  84. def set_account
  85. @account = Account.find(params[:id])
  86. end
  87. def filtered_accounts
  88. AccountFilter.new(translated_filter_params).results
  89. end
  90. def filter_params
  91. params.permit(*FILTER_PARAMS)
  92. end
  93. def translated_filter_params
  94. translated_params = { origin: 'local', status: 'active' }.merge(filter_params.slice(*AccountFilter::KEYS))
  95. translated_params[:origin] = 'remote' if params[:remote].present?
  96. %i(active pending disabled silenced suspended).each do |status|
  97. translated_params[:status] = status.to_s if params[status].present?
  98. end
  99. translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id) if params[:staff].present?
  100. translated_params
  101. end
  102. def insert_pagination_headers
  103. set_pagination_headers(next_path, prev_path)
  104. end
  105. def next_path
  106. api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  107. end
  108. def prev_path
  109. api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
  110. end
  111. def pagination_max_id
  112. @accounts.last.id
  113. end
  114. def pagination_since_id
  115. @accounts.first.id
  116. end
  117. def records_continue?
  118. @accounts.size == limit_param(LIMIT)
  119. end
  120. def pagination_params(core_params)
  121. params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
  122. end
  123. def require_local_account!
  124. forbidden unless @account.local? && @account.user.present?
  125. end
  126. end