1
0

authorize_interactions_controller.rb 1.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. # frozen_string_literal: true
  2. class AuthorizeInteractionsController < ApplicationController
  3. include Authorization
  4. before_action :authenticate_user!
  5. before_action :set_resource
  6. def show
  7. if @resource.is_a?(Account)
  8. redirect_to web_url("@#{@resource.pretty_acct}")
  9. elsif @resource.is_a?(Status)
  10. redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}")
  11. else
  12. not_found
  13. end
  14. end
  15. private
  16. def set_resource
  17. @resource = located_resource
  18. authorize(@resource, :show?) if @resource.is_a?(Status)
  19. rescue Mastodon::NotPermittedError
  20. not_found
  21. end
  22. def located_resource
  23. if uri_param_is_url?
  24. ResolveURLService.new.call(uri_param)
  25. else
  26. account_from_remote_follow
  27. end
  28. end
  29. def account_from_remote_follow
  30. ResolveAccountService.new.call(uri_param)
  31. end
  32. def uri_param_is_url?
  33. parsed_uri.path && %w(http https).include?(parsed_uri.scheme)
  34. end
  35. def parsed_uri
  36. Addressable::URI.parse(uri_param).normalize
  37. end
  38. def uri_param
  39. params[:uri] || params.fetch(:acct, '').delete_prefix('acct:')
  40. end
  41. end