Allow mods to disable login, improve message when login disabled (#8329)
* Allow moderators to disable/enable login * Instead of rejecting login, show forbidden error when login disabled Avoid confusion because when login is rejected, the message is that the account is not activated, which is wrong. * Fix testspull/671/head^2
parent
9d58daac6c
commit
2f34b747b3
|
@ -7,6 +7,8 @@ class Api::BaseController < ApplicationController
|
||||||
include RateLimitHeaders
|
include RateLimitHeaders
|
||||||
|
|
||||||
skip_before_action :store_current_location
|
skip_before_action :store_current_location
|
||||||
|
skip_before_action :check_user_permissions
|
||||||
|
|
||||||
protect_from_forgery with: :null_session
|
protect_from_forgery with: :null_session
|
||||||
|
|
||||||
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
|
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
|
||||||
|
|
|
@ -24,7 +24,7 @@ class ApplicationController < ActionController::Base
|
||||||
rescue_from Mastodon::NotPermittedError, with: :forbidden
|
rescue_from Mastodon::NotPermittedError, with: :forbidden
|
||||||
|
|
||||||
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
|
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
|
||||||
before_action :check_suspension, if: :user_signed_in?
|
before_action :check_user_permissions, if: :user_signed_in?
|
||||||
|
|
||||||
def raise_not_found
|
def raise_not_found
|
||||||
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
|
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
|
||||||
|
@ -48,8 +48,8 @@ class ApplicationController < ActionController::Base
|
||||||
forbidden unless current_user&.staff?
|
forbidden unless current_user&.staff?
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_suspension
|
def check_user_permissions
|
||||||
forbidden if current_user.account.suspended?
|
forbidden if current_user.disabled? || current_user.account.suspended?
|
||||||
end
|
end
|
||||||
|
|
||||||
def after_sign_out_path_for(_resource_or_scope)
|
def after_sign_out_path_for(_resource_or_scope)
|
||||||
|
|
|
@ -6,7 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
layout 'auth'
|
layout 'auth'
|
||||||
|
|
||||||
skip_before_action :require_no_authentication, only: [:create]
|
skip_before_action :require_no_authentication, only: [:create]
|
||||||
skip_before_action :check_suspension, only: [:destroy]
|
skip_before_action :check_user_permissions, only: [:destroy]
|
||||||
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
||||||
before_action :set_instance_presenter, only: [:new]
|
before_action :set_instance_presenter, only: [:new]
|
||||||
before_action :set_body_classes
|
before_action :set_body_classes
|
||||||
|
|
|
@ -216,10 +216,6 @@ class User < ApplicationRecord
|
||||||
save!
|
save!
|
||||||
end
|
end
|
||||||
|
|
||||||
def active_for_authentication?
|
|
||||||
super && !disabled?
|
|
||||||
end
|
|
||||||
|
|
||||||
def setting_default_privacy
|
def setting_default_privacy
|
||||||
settings.default_privacy || (account.locked? ? 'private' : 'public')
|
settings.default_privacy || (account.locked? ? 'private' : 'public')
|
||||||
end
|
end
|
||||||
|
|
|
@ -18,11 +18,11 @@ class UserPolicy < ApplicationPolicy
|
||||||
end
|
end
|
||||||
|
|
||||||
def enable?
|
def enable?
|
||||||
admin?
|
staff?
|
||||||
end
|
end
|
||||||
|
|
||||||
def disable?
|
def disable?
|
||||||
admin? && !record.admin?
|
staff? && !record.admin?
|
||||||
end
|
end
|
||||||
|
|
||||||
def promote?
|
def promote?
|
||||||
|
|
|
@ -512,7 +512,7 @@ RSpec.describe User, type: :model do
|
||||||
context 'when user is confirmed' do
|
context 'when user is confirmed' do
|
||||||
let(:confirmed_at) { Time.zone.now }
|
let(:confirmed_at) { Time.zone.now }
|
||||||
|
|
||||||
it { is_expected.to be false }
|
it { is_expected.to be true }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when user is not confirmed' do
|
context 'when user is not confirmed' do
|
||||||
|
|
Loading…
Reference in New Issue