1
0
mirror of https://github.com/funamitech/mastodon synced 2024-11-30 15:58:28 +09:00

Add error message when user tries to follow their own account (#31910)

This commit is contained in:
Leni Kadali 2024-10-07 15:05:46 +03:00 committed by GitHub
parent bfabd6a2b8
commit 4238da6ee3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 26 additions and 0 deletions

View File

@ -16,6 +16,7 @@ class Api::V1::AccountsController < Api::BaseController
before_action :check_account_confirmation, except: [:index, :create] before_action :check_account_confirmation, except: [:index, :create]
before_action :check_enabled_registrations, only: [:create] before_action :check_enabled_registrations, only: [:create]
before_action :check_accounts_limit, only: [:index] before_action :check_accounts_limit, only: [:index]
before_action :check_following_self, only: [:follow]
skip_before_action :require_authenticated_user!, only: :create skip_before_action :require_authenticated_user!, only: :create
@ -101,6 +102,10 @@ class Api::V1::AccountsController < Api::BaseController
raise(Mastodon::ValidationError) if account_ids.size > DEFAULT_ACCOUNTS_LIMIT raise(Mastodon::ValidationError) if account_ids.size > DEFAULT_ACCOUNTS_LIMIT
end end
def check_following_self
render json: { error: I18n.t('accounts.self_follow_error') }, status: 403 if current_user.account.id == @account.id
end
def relationships(**options) def relationships(**options)
AccountRelationshipsPresenter.new([@account], current_user.account_id, **options) AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
end end

View File

@ -21,6 +21,7 @@ en:
one: Post one: Post
other: Posts other: Posts
posts_tab_heading: Posts posts_tab_heading: Posts
self_follow_error: Following your own account is not allowed
admin: admin:
account_actions: account_actions:
action: Perform action action: Perform action

View File

@ -163,6 +163,26 @@ RSpec.describe '/api/v1/accounts' do
end end
end end
context 'when user tries to follow their own account' do
subject do
post "/api/v1/accounts/#{other_account.id}/follow", headers: headers
end
let(:locked) { false }
let(:other_account) { user.account }
it 'returns http forbidden and error message' do
subject
error_msg = I18n.t('accounts.self_follow_error')
expect(response).to have_http_status(403)
expect(response.parsed_body[:error]).to eq(error_msg)
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
context 'when modifying follow options' do context 'when modifying follow options' do
let(:locked) { false } let(:locked) { false }