Change silences to always require approval on follow (#11975)

* Change silenced accounts to require approval on follow * Also require approval for follows by people explicitly muted by target accounts * Do not auto-accept silenced or muted accounts when switching from locked to unlocked * Add `follow_requests_count` to verify_credentials * Show “Follow requests” menu item if needed even if account is locked * Add tests * Correctly reflect that follow requests weren't auto-accepted when local account is silenced * Accept follow requests from user-muted accounts to avoid leaking mutes
2019-09-27 21:13:51 +02:00 · 2019-09-27 21:13:51 +02:00 · 18b451c0e6
commit 18b451c0e6
parent 2f90a38f44
9 changed files with 105 additions and 9 deletions
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -33,7 +33,7 @@ class Api::V1::AccountsController < Api::BaseController
  def follow
    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))

-    options = @account.locked? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
+    options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }

    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(options)
  end
--- a/app/javascript/mastodon/features/getting_started/index.js
+++ b/app/javascript/mastodon/features/getting_started/index.js
@ -77,16 +77,14 @@ class GettingStarted extends ImmutablePureComponent {
  };

  componentDidMount () {
-    const { myAccount, fetchFollowRequests, multiColumn } = this.props;
+    const { fetchFollowRequests, multiColumn } = this.props;

    if (!multiColumn && window.innerWidth >= NAVIGATION_PANEL_BREAKPOINT) {
      this.context.router.history.replace('/timelines/home');
      return;
    }

-    if (myAccount.get('locked')) {
-      fetchFollowRequests();
-    }
+    fetchFollowRequests();
  }

  render () {
@ -134,7 +132,7 @@ class GettingStarted extends ImmutablePureComponent {

    height += 48*3;

-    if (myAccount.get('locked')) {
+    if (myAccount.get('locked') || unreadFollowRequests > 0) {
      navItems.push(<ColumnLink key={i++} icon='user-plus' text={intl.formatMessage(messages.follow_requests)} badge={badgeDisplay(unreadFollowRequests, 40)} to='/follow_requests' />);
      height += 48;
    }
--- a/app/lib/activitypub/activity/follow.rb
+++ b/app/lib/activitypub/activity/follow.rb
@ -21,7 +21,7 @@ class ActivityPub::Activity::Follow < ActivityPub::Activity

    follow_request = FollowRequest.create!(account: @account, target_account: target_account, uri: @json['id'])

-    if target_account.locked?
+    if target_account.locked? || @account.silenced?
      NotifyService.new.call(target_account, follow_request)
    else
      AuthorizeFollowService.new.call(@account, target_account)
--- a/app/serializers/rest/credential_account_serializer.rb
+++ b/app/serializers/rest/credential_account_serializer.rb
@ -12,6 +12,7 @@ class REST::CredentialAccountSerializer < REST::AccountSerializer
      language: user.setting_default_language,
      note: object.note,
      fields: object.fields.map(&:to_h),
+      follow_requests_count: FollowRequest.where(target_account: object).limit(40).count,
    }
  end
 end
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@ -30,7 +30,7 @@ class FollowService < BaseService

    ActivityTracker.increment('activity:interactions')

-    if target_account.locked? || target_account.activitypub?
+    if target_account.locked? || source_account.silenced? || target_account.activitypub?
      request_follow(source_account, target_account, reblogs: reblogs)
    elsif target_account.local?
      direct_follow(source_account, target_account, reblogs: reblogs)
--- a/app/services/update_account_service.rb
+++ b/app/services/update_account_service.rb
@ -20,7 +20,9 @@ class UpdateAccountService < BaseService
  private

  def authorize_all_follow_requests(account)
-    AuthorizeFollowWorker.push_bulk(FollowRequest.where(target_account: account).select(:account_id, :target_account_id)) do |req|
+    follow_requests = FollowRequest.where(target_account: account)
+    follow_requests = follow_requests.select { |req| !req.account.silenced? }
+    AuthorizeFollowWorker.push_bulk(follow_requests) do |req|
      [req.account_id, req.target_account_id]
    end
  end