authorize_interactions_controller.rb 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. # frozen_string_literal: true
  2. class AuthorizeInteractionsController < ApplicationController
  3. include Authorization
  4. layout 'modal'
  5. before_action :authenticate_user!
  6. before_action :set_body_classes
  7. before_action :set_resource
  8. def show
  9. if @resource.is_a?(Account)
  10. render :show
  11. elsif @resource.is_a?(Status)
  12. redirect_to web_url("statuses/#{@resource.id}")
  13. else
  14. render :error
  15. end
  16. end
  17. def create
  18. if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource, with_rate_limit: true)
  19. render :success
  20. else
  21. render :error
  22. end
  23. rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
  24. render :error
  25. end
  26. private
  27. def set_resource
  28. @resource = located_resource || render(:error)
  29. authorize(@resource, :show?) if @resource.is_a?(Status)
  30. end
  31. def located_resource
  32. if uri_param_is_url?
  33. ResolveURLService.new.call(uri_param)
  34. else
  35. account_from_remote_follow
  36. end
  37. end
  38. def account_from_remote_follow
  39. ResolveAccountService.new.call(uri_param)
  40. end
  41. def uri_param_is_url?
  42. parsed_uri.path && %w(http https).include?(parsed_uri.scheme)
  43. end
  44. def parsed_uri
  45. Addressable::URI.parse(uri_param).normalize
  46. end
  47. def uri_param
  48. params[:uri] || params.fetch(:acct, '').gsub(/\Aacct:/, '')
  49. end
  50. def set_body_classes
  51. @body_classes = 'modal-layout'
  52. end
  53. end