Merge commit '1ee457f2d37c2b77a7fbce246a7c72ac9f9d3056' into glitch-soc/merge-upstream

This commit is contained in:
Claire 2026-03-19 18:14:55 +01:00
commit 291f141a02
15 changed files with 200 additions and 34 deletions

View File

@ -352,7 +352,7 @@ GEM
azure-blob (~> 0.5.2)
hashie (~> 5.0)
jmespath (1.6.2)
json (2.19.1)
json (2.19.2)
json-canonicalization (1.0.0)
json-jwt (1.17.0)
activesupport (>= 4.2)

View File

@ -166,6 +166,38 @@ on('change', '#domain_block_severity', ({ target }) => {
if (target instanceof HTMLSelectElement) onDomainBlockSeverityChange(target);
});
const onChangeInviteUsersPermission = (target: HTMLInputElement) => {
const inviteBypassApprovalCheckbox = document.querySelector<HTMLInputElement>(
'input#user_role_permissions_as_keys_invite_bypass_approval',
);
if (inviteBypassApprovalCheckbox) {
inviteBypassApprovalCheckbox.disabled = !target.checked;
if (target.checked) {
inviteBypassApprovalCheckbox.parentElement?.classList.remove('disabled');
inviteBypassApprovalCheckbox.parentElement?.parentElement?.classList.remove(
'disabled',
);
} else {
inviteBypassApprovalCheckbox.parentElement?.classList.add('disabled');
inviteBypassApprovalCheckbox.parentElement?.parentElement?.classList.add(
'disabled',
);
}
}
};
on(
'change',
'input#user_role_permissions_as_keys_invite_users',
({ target }) => {
if (target instanceof HTMLInputElement) {
onChangeInviteUsersPermission(target);
}
},
);
function onEnableBootstrapTimelineAccountsChange(target: HTMLInputElement) {
const bootstrapTimelineAccountsField =
document.querySelector<HTMLInputElement>(
@ -291,6 +323,13 @@ ready(() => {
);
if (registrationMode) onChangeRegistrationMode(registrationMode);
const inviteUsersPermissionChecbkox =
document.querySelector<HTMLInputElement>(
'input#user_role_permissions_as_keys_invite_users',
);
if (inviteUsersPermissionChecbkox)
onChangeInviteUsersPermission(inviteUsersPermissionChecbkox);
const checkAllElement = document.querySelector<HTMLInputElement>(
'#batch_checkbox_all',
);

View File

@ -158,24 +158,11 @@ class Status extends ImmutablePureComponent {
newRepliesIds: [],
};
UNSAFE_componentWillMount () {
componentDidMount() {
this.props.dispatch(fetchStatus(this.props.params.statusId, { forceFetch: true }));
}
componentDidMount () {
attachFullscreenListener(this.onFullScreenChange);
}
UNSAFE_componentWillReceiveProps (nextProps) {
if (nextProps.params.statusId !== this.props.params.statusId && nextProps.params.statusId) {
this.props.dispatch(fetchStatus(nextProps.params.statusId, { forceFetch: true }));
}
if (nextProps.status && nextProps.status.get('id') !== this.state.loadedStatusId) {
this.setState({ showMedia: defaultMediaVisibility(nextProps.status), loadedStatusId: nextProps.status.get('id') });
}
}
handleToggleMediaVisibility = () => {
this.setState({ showMedia: !this.state.showMedia });
};
@ -493,8 +480,8 @@ class Status extends ImmutablePureComponent {
this.statusNode = c;
};
componentDidUpdate (prevProps) {
const { status, descendantsIds } = this.props;
componentDidUpdate(prevProps) {
const { status, descendantsIds, params } = this.props;
const isSameStatus = status && (prevProps.status?.get('id') === status.get('id'));
@ -506,6 +493,14 @@ class Status extends ImmutablePureComponent {
this.setState({newRepliesIds});
}
}
if (params.statusId && prevProps.params.statusId !== params.statusId) {
this.props.dispatch(fetchStatus(params.statusId, { forceFetch: true }));
}
if (status && status.get('id') !== this.state.loadedStatusId) {
this.setState({ showMedia: defaultMediaVisibility(this.props.status), loadedStatusId: status.get('id') });
}
}
componentWillUnmount () {

View File

@ -506,6 +506,10 @@ code {
margin: 0;
}
}
.checkbox.disabled {
opacity: 0.5;
}
}
label.checkbox {

View File

@ -22,7 +22,7 @@ class Invite < ApplicationRecord
COMMENT_SIZE_LIMIT = 420
ELIGIBLE_CODE_CHARACTERS = [*('a'..'z'), *('A'..'Z'), *('0'..'9')].freeze
HOMOGLYPHS = %w(0 1 I l O).freeze
VALID_CODE_CHARACTERS = ELIGIBLE_CODE_CHARACTERS - HOMOGLYPHS
VALID_CODE_CHARACTERS = (ELIGIBLE_CODE_CHARACTERS - HOMOGLYPHS).freeze
belongs_to :user, inverse_of: :invites
has_many :users, inverse_of: :invite, dependent: nil
@ -37,6 +37,10 @@ class Invite < ApplicationRecord
(max_uses.nil? || uses < max_uses) && !expired? && user&.functional?
end
def bypass_approval?
user&.role&.can?(:invite_bypass_approval)
end
private
def set_code

View File

@ -168,6 +168,10 @@ class User < ApplicationRecord
invite_id.present? && invite.valid_for_use?
end
def valid_bypassing_invitation?
valid_invitation? && invite.bypass_approval?
end
def disable!
update!(disabled: true)
@ -420,7 +424,7 @@ class User < ApplicationRecord
if requires_approval?
false
else
open_registrations? || valid_invitation? || external?
open_registrations? || valid_bypassing_invitation? || external?
end
end
end

View File

@ -38,6 +38,7 @@ class UserRole < ApplicationRecord
manage_user_access: (1 << 18),
delete_user_data: (1 << 19),
view_feeds: (1 << 20),
invite_bypass_approval: (1 << 21),
}.freeze
EVERYONE_ROLE_ID = -99
@ -51,10 +52,12 @@ class UserRole < ApplicationRecord
ALL = FLAGS.values.reduce(&:|)
DEFAULT = FLAGS[:invite_users]
SAFE = FLAGS[:invite_users] | FLAGS[:invite_bypass_approval]
CATEGORIES = {
invites: %i(
invite_users
invite_bypass_approval
).freeze,
moderation: %i(
@ -206,6 +209,6 @@ class UserRole < ApplicationRecord
end
def validate_dangerous_permissions
errors.add(:permissions_as_keys, :dangerous) if everyone? && Flags::DEFAULT & permissions != permissions
errors.add(:permissions_as_keys, :dangerous) if everyone? && Flags::SAFE & permissions != permissions
end
end

View File

@ -0,0 +1,22 @@
# frozen_string_literal: true
class ActivityPub::FetchRemoteFeaturedCollectionService < BaseService
include JsonLdHelper
def call(uri, on_behalf_of = nil)
json = fetch_resource(uri, true, on_behalf_of)
return unless supported_context?(json)
return unless json['type'] == 'FeaturedCollection'
# Fetching an unknown account should eventually also fetch its
# collections, so it should be OK to only handle known accounts here
account = Account.find_by(uri: json['attributedTo'])
return unless account
existing_collection = account.collections.find_by(uri:)
return existing_collection if existing_collection.present?
ActivityPub::ProcessFeaturedCollectionService.new.call(account, json)
end
end

View File

@ -27,7 +27,7 @@ class ActivityPub::ProcessFeaturedCollectionService
tag_name: @json.dig('topic', 'name')
)
process_items!
process_items! if @json['totalItems'].positive?
@collection
end

View File

@ -29,7 +29,7 @@ class BackupService < BaseService
skeleton = serialize(collection_presenter(STREAM_OUTBOX, size: account.statuses.count), ActivityPub::CollectionSerializer)
skeleton[:@context] = full_context
skeleton[:orderedItems] = [PLACEHOLDER]
skeleton = JSON.generate(skeleton)
skeleton = skeleton.to_json
prepend, append = skeleton.split(PLACEHOLDER.to_json)
file.write(prepend)
@ -48,7 +48,7 @@ class BackupService < BaseService
end
end
JSON.generate(item)
item.to_json
end.join(','))
GC.start
@ -121,10 +121,8 @@ class BackupService < BaseService
download_to_zip(zipfile, account.avatar, "avatar#{File.extname(account.avatar.path)}") if account.avatar.exists?
download_to_zip(zipfile, account.header, "header#{File.extname(account.header.path)}") if account.header.exists?
json = JSON.generate(actor)
zipfile.get_output_stream(STREAM_ACTOR) do |io|
io.write(json)
io.write(actor.to_json)
end
end
@ -133,7 +131,7 @@ class BackupService < BaseService
skeleton.delete(:totalItems)
skeleton[:orderedItems] = [PLACEHOLDER]
skeleton = JSON.generate(skeleton)
skeleton = skeleton.to_json
prepend, append = skeleton.split(PLACEHOLDER.to_json)
zipfile.get_output_stream(STREAM_LIKES) do |io|
@ -143,7 +141,7 @@ class BackupService < BaseService
io.write(',') unless batch.zero?
io.write(statuses.map do |status|
JSON.generate(ActivityPub::TagManager.instance.uri_for(status))
ActivityPub::TagManager.instance.uri_for(status).to_json
end.join(','))
GC.start
@ -161,7 +159,7 @@ class BackupService < BaseService
skeleton = serialize(collection_presenter(STREAM_BOOKMARKS), ActivityPub::CollectionSerializer)
skeleton.delete(:totalItems)
skeleton[:orderedItems] = [PLACEHOLDER]
skeleton = JSON.generate(skeleton)
skeleton = skeleton.to_json
prepend, append = skeleton.split(PLACEHOLDER.to_json)
zipfile.get_output_stream(STREAM_BOOKMARKS) do |io|
@ -171,7 +169,7 @@ class BackupService < BaseService
io.write(',') unless batch.zero?
io.write(statuses.map do |status|
JSON.generate(ActivityPub::TagManager.instance.uri_for(status))
ActivityPub::TagManager.instance.uri_for(status).to_json
end.join(','))
GC.start

View File

@ -778,6 +778,8 @@ en:
administrator_description: Users with this permission will bypass every permission
delete_user_data: Delete User Data
delete_user_data_description: Allows users to delete other users' data without delay
invite_bypass_approval: Invite Users without review
invite_bypass_approval_description: Allows people invited to the server by these users to bypass moderation approval
invite_users: Invite Users
invite_users_description: Allows users to invite new people to the server
manage_announcements: Manage Announcements

View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
class AddInviteApprovalBypassPermission < ActiveRecord::Migration[8.1]
class UserRole < ApplicationRecord; end
def up
UserRole.where('permissions & (1 << 16) = 1 << 16').update_all('permissions = permissions | (1 << 21)')
end
def down; end
end

View File

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[8.1].define(version: 2026_03_11_152331) do
ActiveRecord::Schema[8.1].define(version: 2026_03_18_144837) do
# These are extensions that must be enabled in order to support this database
enable_extension "pg_catalog.plpgsql"

View File

@ -298,7 +298,6 @@ RSpec.describe Auth::RegistrationsController do
context 'with Approval-based registrations with valid invite and required invite text' do
subject do
inviter = Fabricate(:user, confirmed_at: 2.days.ago)
Setting.registrations_mode = 'approved'
Setting.require_invite_text = true
request.headers['Accept-Language'] = accept_language
@ -306,7 +305,9 @@ RSpec.describe Auth::RegistrationsController do
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
end
it 'redirects to setup and creates user' do
let!(:inviter) { Fabricate(:user, confirmed_at: 2.days.ago) }
it 'redirects to setup and creates user in a non-approved state' do
subject
expect(response).to redirect_to auth_setup_path
@ -315,9 +316,28 @@ RSpec.describe Auth::RegistrationsController do
.to be_present
.and have_attributes(
locale: eq(accept_language),
approved: be(true)
approved: be(false)
)
end
context 'when the inviting user has the permission to bypass approval' do
before do
inviter.role.update!(permissions: inviter.role.permissions | UserRole::FLAGS[:invite_bypass_approval])
end
it 'redirects to setup and creates user in an approved state' do
subject
expect(response).to redirect_to auth_setup_path
expect(User.find_by(email: 'test@example.com'))
.to be_present
.and have_attributes(
locale: eq(accept_language),
approved: be(true)
)
end
end
end
context 'with an already taken username' do

View File

@ -0,0 +1,64 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe ActivityPub::FetchRemoteFeaturedCollectionService do
subject { described_class.new }
let(:account) { Fabricate(:remote_account) }
let(:uri) { 'https://example.com/featured_collections/1' }
let(:status) { 200 }
let(:response) do
{
'@context' => 'https://www.w3.org/ns/activitystreams',
'id' => uri,
'type' => 'FeaturedCollection',
'name' => 'Incredible people',
'summary' => 'These are really amazing',
'attributedTo' => account.uri,
'sensitive' => false,
'discoverable' => true,
'totalItems' => 0,
}
end
before do
stub_request(:get, uri)
.to_return_json(
status: status,
body: response,
headers: { 'Content-Type' => 'application/activity+json' }
)
end
context 'when collection does not exist' do
it 'creates a new collection' do
collection = nil
expect { collection = subject.call(uri) }.to change(Collection, :count).by(1)
expect(collection.uri).to eq uri
expect(collection.name).to eq 'Incredible people'
end
end
context 'when collection already exists' do
let!(:collection) do
Fabricate(:remote_collection, account:, uri:, name: 'temp')
end
it 'returns the existing collection' do
expect do
expect(subject.call(uri)).to eq collection
end.to_not change(Collection, :count)
end
end
context 'when the URI can not be fetched' do
let(:response) { nil }
let(:status) { 404 }
it 'returns `nil`' do
expect(subject.call(uri)).to be_nil
end
end
end