diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 69cbdce5d6f636a3ef9a6cfbc9d8284e63e04242..552f1b1b399628b1527f0e50d65a08563c9f8dc3 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -67,7 +67,6 @@ class Api::V1::StatusesController < ApiController
spoiler_text: params[:spoiler_text],
visibility: params[:visibility],
application: doorkeeper_token.application)
-
render action: :show
end
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 5d2bd9a225e3d9b4acf66e3d105b9b53b94113c5..c2002cb796dc31469267c36e9651c8f54183c93b 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -10,7 +10,7 @@ class ApiController < ApplicationController
before_action :set_rate_limit_headers
- rescue_from ActiveRecord::RecordInvalid do |e|
+ rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
render json: { error: e.to_s }, status: 422
end
@@ -30,7 +30,7 @@ class ApiController < ApplicationController
render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
end
- rescue_from Mastodon::NotPermitted do
+ rescue_from Mastodon::NotPermittedError do
render json: { error: 'This action is not allowed' }, status: 403
end
diff --git a/app/controllers/authorize_follow_controller.rb b/app/controllers/authorize_follow_controller.rb
index e866b55993b998969748659f4d464912904c1429..c98a5f45f5dc62bd4daf7b957a7a6733ba2ebc35 100644
--- a/app/controllers/authorize_follow_controller.rb
+++ b/app/controllers/authorize_follow_controller.rb
@@ -25,7 +25,7 @@ class AuthorizeFollowController < ApplicationController
else
redirect_to web_url("accounts/#{@account.id}")
end
- rescue ActiveRecord::RecordNotFound, Mastodon::NotPermitted
+ rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
render :error
end
diff --git a/app/lib/exceptions.rb b/app/lib/exceptions.rb
index 359228c297b443c74336f22a48dd25e04c145e58..200da9fe16a1feac0449641e9f17c7e5342d4176 100644
--- a/app/lib/exceptions.rb
+++ b/app/lib/exceptions.rb
@@ -2,5 +2,6 @@
module Mastodon
class Error < StandardError; end
- class NotPermitted < Error; end
+ class NotPermittedError < Error; end
+ class ValidationError < Error; end
end
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index 81889830281074fea027742b9377dfc125f099ee..5cc96403cde3e3a7a9c7c65b42801c49e93071bb 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -6,7 +6,7 @@ class FavouriteService < BaseService
# @param [Status] status
# @return [Favourite]
def call(account, status)
- raise Mastodon::NotPermitted unless status.permitted?(account)
+ raise Mastodon::NotPermittedError unless status.permitted?(account)
favourite = Favourite.create!(account: account, status: status)
diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index 915f95b4c4d86b511ce5728c6da06db1064f4c6c..17b3b25423001c4233011ea0c688c11501511103 100644
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -10,7 +10,7 @@ class FollowService < BaseService
target_account = FollowRemoteAccountService.new.call(uri)
raise ActiveRecord::RecordNotFound if target_account.nil? || target_account.id == source_account.id || target_account.suspended?
- raise Mastodon::NotPermitted if target_account.blocking?(source_account) || source_account.blocking?(target_account)
+ raise Mastodon::NotPermittedError if target_account.blocking?(source_account) || source_account.blocking?(target_account)
if target_account.locked?
request_follow(source_account, target_account)
diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 979941c84c02a126a723a568c97402fa2cc5eb2f..b8179f7dccfc9ca63389d001f75a57f836582e0d 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -13,6 +13,7 @@ class PostStatusService < BaseService
# @option [Doorkeeper::Application] :application
# @return [Status]
def call(account, text, in_reply_to = nil, options = {})
+ media = validate_media!(options[:media_ids])
status = account.statuses.create!(text: text,
thread: in_reply_to,
sensitive: options[:sensitive],
@@ -20,7 +21,7 @@ class PostStatusService < BaseService
visibility: options[:visibility],
application: options[:application])
- attach_media(status, options[:media_ids])
+ attach_media(status, media)
process_mentions_service.call(status)
process_hashtags_service.call(status)
@@ -33,10 +34,20 @@ class PostStatusService < BaseService
private
- def attach_media(status, media_ids)
+ def validate_media!(media_ids)
return if media_ids.nil? || !media_ids.is_a?(Enumerable)
+ raise Mastodon::ValidationError, 'Cannot attach more than 4 files' if media_ids.size > 4
+
media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i))
+
+ raise Mastodon::ValidationError, 'Cannot attach a video to a toot that already contains images' if media.size > 1 && media.find(&:video?)
+
+ media
+ end
+
+ def attach_media(status, media)
+ return if media.nil?
media.update(status_id: status.id)
end
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 7a52f041fc5bb793273679811247efc7acf2531c..c14b2925ac509e2478c7ed0e9499b274c12968d0 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -10,7 +10,7 @@ class ReblogService < BaseService
def call(account, reblogged_status)
reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
- raise Mastodon::NotPermitted if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
+ raise Mastodon::NotPermittedError if reblogged_status.private_visibility? || !reblogged_status.permitted?(account)
reblog = account.statuses.create!(reblog: reblogged_status, text: '')