accounts_controller.rb 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. # frozen_string_literal: true
  2. class Api::V1::Admin::AccountsController < Api::BaseController
  3. include Authorization
  4. include AccountableConcern
  5. LIMIT = 100
  6. before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
  7. before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
  8. before_action :require_staff!
  9. before_action :set_accounts, only: :index
  10. before_action :set_account, except: :index
  11. before_action :require_local_account!, only: [:enable, :approve, :reject]
  12. after_action :insert_pagination_headers, only: :index
  13. FILTER_PARAMS = %i(
  14. local
  15. remote
  16. by_domain
  17. active
  18. pending
  19. disabled
  20. silenced
  21. suspended
  22. username
  23. display_name
  24. email
  25. ip
  26. staff
  27. ).freeze
  28. PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
  29. def index
  30. authorize :account, :index?
  31. render json: @accounts, each_serializer: REST::Admin::AccountSerializer
  32. end
  33. def show
  34. authorize @account, :show?
  35. render json: @account, serializer: REST::Admin::AccountSerializer
  36. end
  37. def enable
  38. authorize @account.user, :enable?
  39. @account.user.enable!
  40. log_action :enable, @account.user
  41. render json: @account, serializer: REST::Admin::AccountSerializer
  42. end
  43. def approve
  44. authorize @account.user, :approve?
  45. @account.user.approve!
  46. render json: @account, serializer: REST::Admin::AccountSerializer
  47. end
  48. def reject
  49. authorize @account.user, :reject?
  50. SuspendAccountService.new.call(@account, reserve_email: false, reserve_username: false)
  51. render json: @account, serializer: REST::Admin::AccountSerializer
  52. end
  53. def unsilence
  54. authorize @account, :unsilence?
  55. @account.unsilence!
  56. log_action :unsilence, @account
  57. render json: @account, serializer: REST::Admin::AccountSerializer
  58. end
  59. def unsuspend
  60. authorize @account, :unsuspend?
  61. @account.unsuspend!
  62. log_action :unsuspend, @account
  63. render json: @account, serializer: REST::Admin::AccountSerializer
  64. end
  65. private
  66. def set_accounts
  67. @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite]).paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  68. end
  69. def set_account
  70. @account = Account.find(params[:id])
  71. end
  72. def filtered_accounts
  73. AccountFilter.new(filter_params).results
  74. end
  75. def filter_params
  76. params.permit(*FILTER_PARAMS)
  77. end
  78. def insert_pagination_headers
  79. set_pagination_headers(next_path, prev_path)
  80. end
  81. def next_path
  82. api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  83. end
  84. def prev_path
  85. api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
  86. end
  87. def pagination_max_id
  88. @accounts.last.id
  89. end
  90. def pagination_since_id
  91. @accounts.first.id
  92. end
  93. def records_continue?
  94. @accounts.size == limit_param(LIMIT)
  95. end
  96. def pagination_params(core_params)
  97. params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
  98. end
  99. def require_local_account!
  100. forbidden unless @account.local? && @account.user.present?
  101. end
  102. end