chris
/
pixelfed
forked from mirror/pixelfed
1
0
Fork 0
Code Pull Requests Activity

Update BookmarkController, add parental control support

This commit is contained in:
Daniel Supernault 2024-01-11 03:22:35 -07:00
parent 42298a2e9c
commit 1a16ec2078
No known key found for this signature in database
GPG Key ID: 23740873EE6F76A1
2 changed files with 43 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Api/ApiV1Controller.php
View File

@ -3438,6 +3438,7 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
$pid = $request->user()->profile_id; $pid = $request->user()->profile_id;
abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
@ -3477,6 +3478,7 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
$pid = $request->user()->profile_id; $pid = $request->user()->profile_id;
abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);

86
app/Http/Controllers/BookmarkController.php
View File

@ -8,60 +8,56 @@ use Auth;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Services\BookmarkService; use App\Services\BookmarkService;
use App\Services\FollowerService; use App\Services\FollowerService;
use App\Services\UserRoleService;
class BookmarkController extends Controller class BookmarkController extends Controller
{ {
public function __construct() public function __construct()
{ {
$this->middleware('auth'); $this->middleware('auth');
} }
public function store(Request $request) public function store(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'item' => 'required|integer|min:1', 'item' => 'required|integer|min:1',
]); ]);
$profile = Auth::user()->profile; $user = $request->user();
$status = Status::findOrFail($request->input('item')); $status = Status::findOrFail($request->input('item'));
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
if($status->scope == 'private') { if($status->scope == 'private') {
if($profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id)) { if($user->profile_id !== $status->profile_id && !FollowerService::follows($user->profile_id, $status->profile_id)) {
if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($profile->id)->first()) { if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($user->profile_id)->first()) {
BookmarkService::del($profile->id, $status->id); BookmarkService::del($user->profile_id, $status->id);
$exists->delete(); $exists->delete();
if ($request->ajax()) { if ($request->ajax()) {
return ['code' => 200, 'msg' => 'Bookmark removed!']; return ['code' => 200, 'msg' => 'Bookmark removed!'];
} else { } else {
return redirect()->back(); return redirect()->back();
} }
} }
abort(404, 'Error: You cannot bookmark private posts from accounts you do not follow.'); abort(404, 'Error: You cannot bookmark private posts from accounts you do not follow.');
} }
} }
$bookmark = Bookmark::firstOrCreate( $bookmark = Bookmark::firstOrCreate(
['status_id' => $status->id], ['profile_id' => $profile->id] ['status_id' => $status->id], ['profile_id' => $user->profile_id]
); );
if (!$bookmark->wasRecentlyCreated) { if (!$bookmark->wasRecentlyCreated) {
BookmarkService::del($profile->id, $status->id); BookmarkService::del($user->profile_id, $status->id);
$bookmark->delete(); $bookmark->delete();
} else { } else {
BookmarkService::add($profile->id, $status->id); BookmarkService::add($user->profile_id, $status->id);
} }
if ($request->ajax()) { return $request->expectsJson() ? ['code' => 200, 'msg' => 'Bookmark saved!'] : redirect()->back();
$response = ['code' => 200, 'msg' => 'Bookmark saved!']; }
} else {
$response = redirect()->back();
}
return $response;
}
} }