diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 69cbdce5d..552f1b1b3 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -67,7 +67,6 @@ class Api::V1::StatusesController < ApiController spoiler_text: params[:spoiler_text], visibility: params[:visibility], application: doorkeeper_token.application) - render action: :show end diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 5d2bd9a22..c2002cb79 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -10,7 +10,7 @@ class ApiController < ApplicationController before_action :set_rate_limit_headers - rescue_from ActiveRecord::RecordInvalid do |e| + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end @@ -30,7 +30,7 @@ class ApiController < ApplicationController render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 end - rescue_from Mastodon::NotPermitted do + rescue_from Mastodon::NotPermittedError do render json: { error: 'This action is not allowed' }, status: 403 end diff --git a/app/controllers/authorize_follow_controller.rb b/app/controllers/authorize_follow_controller.rb index e866b5599..c98a5f45f 100644 --- a/app/controllers/authorize_follow_controller.rb +++ b/app/controllers/authorize_follow_controller.rb @@ -25,7 +25,7 @@ class AuthorizeFollowController < ApplicationController else redirect_to web_url("accounts/#{@account.id}") end - rescue ActiveRecord::RecordNotFound, Mastodon::NotPermitted + rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError render :error end diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb index 359228c29..200da9fe1 100644 --- a/app/lib/exceptions.rb +++ b/app/lib/exceptions.rb @@ -2,5 +2,6 @@ module Mastodon class Error < StandardError; end - class NotPermitted < Error; end + class NotPermittedError < Error; end + class ValidationError < Error; end end diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb index 818898302..5cc96403c 100644 --- a/app/services/favourite_service.rb +++ b/app/services/favourite_service.rb @@ -6,7 +6,7 @@ class FavouriteService < BaseService # @param [Status] status # @return [Favourite] def call(account, status) - raise Mastodon::NotPermitted unless status.permitted?(account) + raise Mastodon::NotPermittedError unless status.permitted?(account) favourite = Favourite.create!(account: account, status: status) diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index 915f95b4c..17b3b2542 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -10,7 +10,7 @@ class FollowService < BaseService target_account = FollowRemoteAccountService.new.call(uri) raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended? - raise Mastodon::NotPermitted if target_account.blocking?(source_account) || source_account.blocking?(target_account) + raise Mastodon::NotPermittedError if target_account.blocking?(source_account) || source_account.blocking?(target_account) if target_account.locked? request_follow(source_account, target_account) diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb index 979941c84..b8179f7dc 100644 --- a/app/services/post_status_service.rb +++ b/app/services/post_status_service.rb @@ -13,6 +13,7 @@ class PostStatusService < BaseService # @option [Doorkeeper::Application] :application # @return [Status] def call(account, text, in_reply_to = nil, options = {}) + media = validate_media!(options[:media_ids]) status = account.statuses.create!(text: text, thread: in_reply_to, sensitive: options[:sensitive], @@ -20,7 +21,7 @@ class PostStatusService < BaseService visibility: options[:visibility], application: options[:application]) - attach_media(status, options[:media_ids]) + attach_media(status, media) process_mentions_service.call(status) process_hashtags_service.call(status) @@ -33,10 +34,20 @@ class PostStatusService < BaseService private - def attach_media(status, media_ids) + def validate_media!(media_ids) return if media_ids.nil? || !media_ids.is_a?(Enumerable) + raise Mastodon::ValidationError, 'Cannot attach more than 4 files' if media_ids.size > 4 + media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i)) + + raise Mastodon::ValidationError, 'Cannot attach a video to a toot that already contains images' if media.size > 1 && media.find(&:video?) + + media + end + + def attach_media(status, media) + return if media.nil? media.update(status_id: status.id) end diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb index 7a52f041f..c14b2925a 100644 --- a/app/services/reblog_service.rb +++ b/app/services/reblog_service.rb @@ -10,7 +10,7 @@ class ReblogService < BaseService def call(account, reblogged_status) reblogged_status = reblogged_status.reblog if reblogged_status.reblog? - raise Mastodon::NotPermitted if reblogged_status.private_visibility? || !reblogged_status.permitted?(account) + raise Mastodon::NotPermittedError if reblogged_status.private_visibility? || !reblogged_status.permitted?(account) reblog = account.statuses.create!(reblog: reblogged_status, text: '')