Merge remote-tracking branch 'upstream/pull/5452'

2025-02-15 11:15:25 +00:00 · 2025-02-15 11:15:25 +00:00 · 5ca24de0d0
commit 5ca24de0d0
parent 12920987f5 f6572e3712
10 changed files with 135 additions and 23 deletions
--- a/app/controllers/api/user_blocks/active_lists_controller.rb
+++ b/app/controllers/api/user_blocks/active_lists_controller.rb
@ -0,0 +1,16 @@
+module Api
+  module UserBlocks
+    class ActiveListsController < ApiController
+      before_action -> { authorize(:skip_blocks => true) }
+
+      authorize_resource :class => :active_user_blocks_list
+
+      before_action :set_request_formats
+
+      def show
+        @user_blocks = current_user.blocks.active.order(:id => :desc)
+        @skip_reason = true
+      end
+    end
+  end
+end
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -49,9 +49,9 @@ class ApiController < ApplicationController
    end
  end

-  def authorize(errormessage: "Couldn't authenticate you", skip_terms: false)
+  def authorize(errormessage: "Couldn't authenticate you", skip_blocks: false, skip_terms: false)
    # make the current_user object from any auth sources we have
-    setup_user_auth(:skip_terms => skip_terms)
+    setup_user_auth(:skip_blocks => skip_blocks, :skip_terms => skip_terms)

    # handle authenticate pass/fail
    unless current_user
@ -97,7 +97,7 @@ class ApiController < ApplicationController
  # sets up the current_user for use by other methods. this is mostly called
  # from the authorize method, but can be called elsewhere if authorisation
  # is optional.
-  def setup_user_auth(skip_terms: false)
+  def setup_user_auth(skip_blocks: false, skip_terms: false)
    logger.info " setup_user_auth"
    # try and setup using OAuth
    self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible?
@ -105,13 +105,15 @@ class ApiController < ApplicationController
    # have we identified the user?
    if current_user
      # check if the user has been banned
-      user_block = current_user.blocks.active.take
-      unless user_block.nil?
-        set_locale
-        if user_block.zero_hour?
-          report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
-        else
-          report_error t("application.setup_user_auth.blocked"), :forbidden
+      unless skip_blocks
+        user_block = current_user.blocks.active.take
+        unless user_block.nil?
+          set_locale
+          if user_block.zero_hour?
+            report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
+          else
+            report_error t("application.setup_user_auth.blocked"), :forbidden
+          end
        end
      end