From bf6745b9c326e64b819a381a0558cc87c99be4be Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 5 Jun 2020 15:23:27 +0200 Subject: [PATCH] Fix unpermitted operations on custom emojis leading to cryptic errors (#13951) * Display appropriate error when performing unpermitted operation on custom emoji Fixes #13897 * Remove links to custom emoji actions not performable by moderators --- app/controllers/admin/custom_emojis_controller.rb | 2 ++ app/views/admin/custom_emojis/index.html.haml | 10 ++++++---- config/locales/en.yml | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/app/controllers/admin/custom_emojis_controller.rb b/app/controllers/admin/custom_emojis_controller.rb index efa8f29505..71efb543e1 100644 --- a/app/controllers/admin/custom_emojis_controller.rb +++ b/app/controllers/admin/custom_emojis_controller.rb @@ -33,6 +33,8 @@ module Admin @form.save rescue ActionController::ParameterMissing flash[:alert] = I18n.t('admin.accounts.no_account_selected') + rescue Mastodon::NotPermittedError + flash[:alert] = I18n.t('admin.custom_emojis.not_permitted') ensure redirect_to admin_custom_emojis_path(filter_params) end diff --git a/app/views/admin/custom_emojis/index.html.haml b/app/views/admin/custom_emojis/index.html.haml index 69aa5ae413..c96a1ce00a 100644 --- a/app/views/admin/custom_emojis/index.html.haml +++ b/app/views/admin/custom_emojis/index.html.haml @@ -4,8 +4,9 @@ - content_for :header_tags do = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' -- content_for :heading_actions do - = link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button' +- if can?(:create, :custom_emoji) + - content_for :heading_actions do + = link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button' .filters .filter-subset @@ -58,9 +59,10 @@ = f.button safe_join([fa_icon('power-off'), t('admin.custom_emojis.disable')]), name: :disable, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('times'), t('admin.custom_emojis.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } + - if can?(:destroy, :custom_emoji) + = f.button safe_join([fa_icon('times'), t('admin.custom_emojis.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - - unless params[:local] == '1' + - if can?(:copy, :custom_emoji) && params[:local] != '1' = f.button safe_join([fa_icon('copy'), t('admin.custom_emojis.copy')]), name: :copy, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - if params[:local] == '1' diff --git a/config/locales/en.yml b/config/locales/en.yml index be29286f33..20d87057fd 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -309,6 +309,7 @@ en: listed: Listed new: title: Add new custom emoji + not_permitted: You are not permitted to perform this action overwrite: Overwrite shortcode: Shortcode shortcode_hint: At least 2 characters, only alphanumeric characters and underscores