From 33f3818d660c67194f94c7ff2bb180f4865e6748 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 1 May 2022 00:56:34 +0200
Subject: [PATCH] Fix double render error when authorizing interaction (#18203)
---
app/controllers/authorize_interactions_controller.rb | 8 +++++---
app/controllers/following_accounts_controller.rb | 5 ++++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb
index 29c0288d09..02a6b6d06b 100644
--- a/app/controllers/authorize_interactions_controller.rb
+++ b/app/controllers/authorize_interactions_controller.rb
@@ -13,7 +13,7 @@ class AuthorizeInteractionsController < ApplicationController
if @resource.is_a?(Account)
render :show
elsif @resource.is_a?(Status)
- redirect_to web_url("statuses/#{@resource.id}")
+ redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}")
else
render :error
end
@@ -25,15 +25,17 @@ class AuthorizeInteractionsController < ApplicationController
else
render :error
end
- rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
+ rescue ActiveRecord::RecordNotFound
render :error
end
private
def set_resource
- @resource = located_resource || render(:error)
+ @resource = located_resource
authorize(@resource, :show?) if @resource.is_a?(Status)
+ rescue Mastodon::NotPermittedError
+ not_found
end
def located_resource
diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb
index 9d7f4c9bf3..69f0321f83 100644
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@@ -21,7 +21,10 @@ class FollowingAccountsController < ApplicationController
end
format.json do
- raise Mastodon::NotPermittedError if page_requested? && @account.hide_collections?
+ if page_requested? && @account.hide_collections?
+ forbidden
+ next
+ end
expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)