forked from mirror/pixelfed
Update InternalApiController, prevent moderation actions against admin accounts
This commit is contained in:
Daniel Supernault
parent
2923453e13
commit
945a7e49f5
1 changed files with 5 additions and 8 deletions
|
|
@ -17,6 +17,7 @@ use App\{
|
||||||
Profile,
|
Profile,
|
||||||
StatusHashtag,
|
StatusHashtag,
|
||||||
Status,
|
Status,
|
||||||
|
User,
|
||||||
UserFilter,
|
UserFilter,
|
||||||
};
|
};
|
||||||
use Auth,Cache;
|
use Auth,Cache;
|
||||||
|
|
@ -194,9 +195,12 @@ class InternalApiController extends Controller
|
||||||
$item_id = $request->input('item_id');
|
$item_id = $request->input('item_id');
|
||||||
$item_type = $request->input('item_type');
|
$item_type = $request->input('item_type');
|
||||||
|
|
||||||
|
$status = Status::findOrFail($item_id);
|
||||||
|
$author = User::whereProfileId($status->profile_id)->first();
|
||||||
|
abort_if($author && $author->is_admin, 422, 'Cannot moderate administrator accounts');
|
||||||
|
|
||||||
switch($action) {
|
switch($action) {
|
||||||
case 'addcw':
|
case 'addcw':
|
||||||
$status = Status::findOrFail($item_id);
|
|
||||||
$status->is_nsfw = true;
|
$status->is_nsfw = true;
|
||||||
$status->save();
|
$status->save();
|
||||||
ModLogService::boot()
|
ModLogService::boot()
|
||||||
|
|
@ -212,7 +216,6 @@ class InternalApiController extends Controller
|
||||||
->accessLevel('admin')
|
->accessLevel('admin')
|
||||||
->save();
|
->save();
|
||||||
|
|
||||||
|
|
||||||
if($status->uri == null) {
|
if($status->uri == null) {
|
||||||
$media = $status->media;
|
$media = $status->media;
|
||||||
$ai = new AccountInterstitial;
|
$ai = new AccountInterstitial;
|
||||||
|
|
@ -243,7 +246,6 @@ class InternalApiController extends Controller
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'remcw':
|
case 'remcw':
|
||||||
$status = Status::findOrFail($item_id);
|
|
||||||
$status->is_nsfw = false;
|
$status->is_nsfw = false;
|
||||||
$status->save();
|
$status->save();
|
||||||
ModLogService::boot()
|
ModLogService::boot()
|
||||||
|
|
@ -269,7 +271,6 @@ class InternalApiController extends Controller
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'unlist':
|
case 'unlist':
|
||||||
$status = Status::whereScope('public')->findOrFail($item_id);
|
|
||||||
$status->scope = $status->visibility = 'unlisted';
|
$status->scope = $status->visibility = 'unlisted';
|
||||||
$status->save();
|
$status->save();
|
||||||
PublicTimelineService::del($status->id);
|
PublicTimelineService::del($status->id);
|
||||||
|
|
@ -316,7 +317,6 @@ class InternalApiController extends Controller
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'spammer':
|
case 'spammer':
|
||||||
$status = Status::findOrFail($item_id);
|
|
||||||
HandleSpammerPipeline::dispatch($status->profile);
|
HandleSpammerPipeline::dispatch($status->profile);
|
||||||
ModLogService::boot()
|
ModLogService::boot()
|
||||||
->user(Auth::user())
|
->user(Auth::user())
|
||||||
|
|
@ -333,10 +333,7 @@ class InternalApiController extends Controller
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
Cache::forget('_api:statuses:recent_9:' . $status->profile_id);
|
|
||||||
Cache::forget('profile:embed:' . $status->profile_id);
|
|
||||||
StatusService::del($status->id);
|
StatusService::del($status->id);
|
||||||
|
|
||||||
return ['msg' => 200];
|
return ['msg' => 200];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue