Admission-based registrations mode (#10250)

Fix #6856 Fix #6951
2019-03-14 05:28:30 +01:00 · 2019-03-14 05:28:30 +01:00 · 51e154f5e8
commit 51e154f5e8
parent 6e3936aa6f
92 changed files with 282 additions and 249 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -89,8 +89,8 @@ class AccountsController < ApplicationController
    end
  end

-  def set_account
-    @account = Account.find_local!(params[:username])
+  def username_param
+    params[:username]
  end

  def older_url
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -2,9 +2,9 @@

 module Admin
  class AccountsController < BaseController
-    before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize]
+    before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject]
    before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload]
-    before_action :require_local_account!, only: [:enable, :memorialize]
+    before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]

    def index
      authorize :account, :index?
@ -45,6 +45,18 @@ module Admin
      redirect_to admin_account_path(@account.id)
    end

+    def approve
+      authorize @account.user, :approve?
+      @account.user.approve!
+      redirect_to admin_accounts_path(pending: '1')
+    end
+
+    def reject
+      authorize @account.user, :reject?
+      SuspendAccountService.new.call(@account, including_user: true, destroy: true)
+      redirect_to admin_accounts_path(pending: '1')
+    end
+
    def unsilence
      authorize @account, :unsilence?
      @account.unsilence!
@ -114,6 +126,7 @@ module Admin
        :remote,
        :by_domain,
        :active,
+        :pending,
        :silenced,
        :suspended,
        :username,
--- a/app/controllers/admin/dashboard_controller.rb
+++ b/app/controllers/admin/dashboard_controller.rb
@ -10,7 +10,7 @@ module Admin
      @interactions_week     = Redis.current.get("activity:interactions:#{current_week}") || 0
      @relay_enabled         = Relay.enabled.exists?
      @single_user_mode      = Rails.configuration.x.single_user_mode
-      @registrations_enabled = Setting.open_registrations
+      @registrations_enabled = Setting.registrations_mode != 'none'
      @deletions_enabled     = Setting.open_deletion
      @invites_enabled       = Setting.min_invite_role == 'user'
      @search_enabled        = Chewy.enabled?
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@ -10,7 +10,7 @@ module Admin
      site_description
      site_extended_description
      site_terms
-      open_registrations
+      registrations_mode
      closed_registrations_message
      open_deletion
      timeline_preview
@ -30,7 +30,6 @@ module Admin
    ).freeze

    BOOLEAN_SETTINGS = %w(
-      open_registrations
      open_deletion
      timeline_preview
      show_staff_badge
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -73,7 +73,9 @@ class Api::BaseController < ApplicationController
    elsif current_user.disabled?
      render json: { error: 'Your login is currently disabled' }, status: 403
    elsif !current_user.confirmed?
-      render json: { error: 'Email confirmation is not completed' }, status: 403
+      render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
+    elsif !current_user.approved?
+      render json: { error: 'Your login is currently pending approval' }, status: 403
    else
      set_user_activity
    end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -80,6 +80,10 @@ class Api::V1::AccountsController < Api::BaseController
  end

  def check_enabled_registrations
-    forbidden if single_user_mode? || !Setting.open_registrations
+    forbidden if single_user_mode? || !allowed_registrations?
+  end
+
+  def allowed_registrations?
+    Setting.registrations_mode != 'none'
  end
 end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@ -65,7 +65,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  end

  def allowed_registrations?
-    Setting.open_registrations || @invite&.valid_for_use?
+    Setting.registrations_mode != 'none' || @invite&.valid_for_use?
  end

  def invite_code
--- a/app/controllers/concerns/account_controller_concern.rb
+++ b/app/controllers/concerns/account_controller_concern.rb
@ -7,16 +7,18 @@ module AccountControllerConcern

  included do
    layout 'public'
+
    before_action :set_account
+    before_action :check_account_approval
+    before_action :check_account_suspension
    before_action :set_instance_presenter
    before_action :set_link_headers
-    before_action :check_account_suspension
  end

  private

  def set_account
-    @account = Account.find_local!(params[:account_username])
+    @account = Account.find_local!(username_param)
  end

  def set_instance_presenter
@ -33,6 +35,10 @@ module AccountControllerConcern
    )
  end

+  def username_param
+    params[:account_username]
+  end
+
  def webfinger_account_link
    [
      webfinger_account_url,
@ -58,6 +64,10 @@ module AccountControllerConcern
    webfinger_url(resource: @account.to_webfinger_s)
  end

+  def check_account_approval
+    not_found if @account.user_pending?
+  end
+
  def check_account_suspension
    gone if @account.suspended?
  end