Fix unpermitted operations on custom emojis leading to cryptic errors (#13951)

* Display appropriate error when performing unpermitted operation on custom emoji

Fixes #13897

* Remove links to custom emoji actions not performable by moderators
This commit is contained in:
ThibG 2020-06-05 15:23:27 +02:00 committed by GitHub
parent aed3a436a2
commit bf6745b9c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 4 deletions

View file

@ -33,6 +33,8 @@ module Admin
@form.save @form.save
rescue ActionController::ParameterMissing rescue ActionController::ParameterMissing
flash[:alert] = I18n.t('admin.accounts.no_account_selected') flash[:alert] = I18n.t('admin.accounts.no_account_selected')
rescue Mastodon::NotPermittedError
flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
ensure ensure
redirect_to admin_custom_emojis_path(filter_params) redirect_to admin_custom_emojis_path(filter_params)
end end

View file

@ -4,7 +4,8 @@
- content_for :header_tags do - content_for :header_tags do
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
- content_for :heading_actions do - if can?(:create, :custom_emoji)
- content_for :heading_actions do
= link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button' = link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button'
.filters .filters
@ -58,9 +59,10 @@
= f.button safe_join([fa_icon('power-off'), t('admin.custom_emojis.disable')]), name: :disable, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } = f.button safe_join([fa_icon('power-off'), t('admin.custom_emojis.disable')]), name: :disable, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') }
- if can?(:destroy, :custom_emoji)
= f.button safe_join([fa_icon('times'), t('admin.custom_emojis.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } = f.button safe_join([fa_icon('times'), t('admin.custom_emojis.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') }
- unless params[:local] == '1' - if can?(:copy, :custom_emoji) && params[:local] != '1'
= f.button safe_join([fa_icon('copy'), t('admin.custom_emojis.copy')]), name: :copy, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } = f.button safe_join([fa_icon('copy'), t('admin.custom_emojis.copy')]), name: :copy, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') }
- if params[:local] == '1' - if params[:local] == '1'

View file

@ -309,6 +309,7 @@ en:
listed: Listed listed: Listed
new: new:
title: Add new custom emoji title: Add new custom emoji
not_permitted: You are not permitted to perform this action
overwrite: Overwrite overwrite: Overwrite
shortcode: Shortcode shortcode: Shortcode
shortcode_hint: At least 2 characters, only alphanumeric characters and underscores shortcode_hint: At least 2 characters, only alphanumeric characters and underscores