Merge d51bdd10b3 into a50c8e951f

app/controllers/api/v1/accounts/credentials_controller.rb

@@ -5,6 +5,19 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
   before_action :require_user!
 
+  PERMITTED_PARAMS = [
+    :avatar,
+    :bot,
+    :discoverable,
+    :display_name,
+    :header,
+    :hide_collections,
+    :indexable,
+    :locked,
+    :note,
+    fields_attributes: [:name, :value],
+  ].freeze
+
   def show
     @account = current_account
     render json: @account, serializer: REST::CredentialAccountSerializer
@@ -23,18 +36,9 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   private
 
   def account_params
-    params.permit(
-      :display_name,
-      :note,
-      :avatar,
-      :header,
-      :locked,
-      :bot,
-      :discoverable,
-      :hide_collections,
-      :indexable,
-      fields_attributes: [:name, :value]
-    )
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 
   def user_params

app/controllers/api/v1/admin/account_actions_controller.rb

@@ -3,6 +3,14 @@
 class Api::V1::Admin::AccountActionsController < Api::BaseController
   include Authorization
 
+  PERMITTED_PARAMS = %i(
+    report_id
+    send_email_notification
+    text
+    type
+    warning_preset_id
+  ).freeze
+
   before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
   before_action :set_account
 
@@ -26,12 +34,8 @@ class Api::V1::Admin::AccountActionsController < Api::BaseController
   end
 
   def resource_params
-    params.permit(
-      :type,
-      :report_id,
-      :warning_preset_id,
-      :text,
-      :send_email_notification
-    )
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v1/admin/accounts_controller.rb

@@ -108,7 +108,9 @@ class Api::V1::Admin::AccountsController < Api::BaseController
   end
 
   def filter_params
-    params.permit(*FILTER_PARAMS)
+    params
+      .slice(*FILTER_PARAMS)
+      .permit(*FILTER_PARAMS)
   end
 
   def translated_filter_params

app/controllers/api/v1/admin/domain_blocks_controller.rb

@@ -14,6 +14,15 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
   after_action :verify_authorized
   after_action :insert_pagination_headers, only: :index
 
+  PERMITTED_PARAMS = %i(
+    obfuscate
+    private_comment
+    public_comment
+    reject_media
+    reject_reports
+    severity
+  ).freeze
+
   def index
     authorize :domain_block, :index?
     render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
@@ -67,7 +76,9 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
   end
 
   def domain_block_params
-    params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 
   def next_path

app/controllers/api/v1/admin/ip_blocks_controller.rb

@@ -14,6 +14,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
   after_action :verify_authorized
   after_action :insert_pagination_headers, only: :index
 
+  PERMITTED_PARAMS = %i(
+    comment
+    expires_in
+    ip
+    severity
+  ).freeze
+
   def index
     authorize :ip_block, :index?
     render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
@@ -56,7 +63,9 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:ip, :severity, :comment, :expires_in)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 
   def next_path

app/controllers/api/v1/lists_controller.rb

@@ -11,6 +11,12 @@ class Api::V1::ListsController < Api::BaseController
     render json: { error: e.to_s }, status: 422
   end
 
+  PERMITTED_PARAMS = %i(
+    exclusive
+    replies_policy
+    title
+  ).freeze
+
   def index
     @lists = List.where(account: current_account).all
     render json: @lists, each_serializer: REST::ListSerializer
@@ -42,6 +48,8 @@ class Api::V1::ListsController < Api::BaseController
   end
 
   def list_params
-    params.permit(:title, :replies_policy, :exclusive)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v1/reports_controller.rb

@@ -6,6 +6,17 @@ class Api::V1::ReportsController < Api::BaseController
 
   override_rate_limit_headers :create, family: :reports
 
+  PERMITTED_PARAMS = [
+    :account_id,
+    :category,
+    :comment,
+    :forward,
+    :rule_ids,
+    forward_to_domains: [],
+    rule_ids: [],
+    status_ids: [],
+  ].freeze
+
   def create
     @report = ReportService.new.call(
       current_account,
@@ -23,6 +34,6 @@ class Api::V1::ReportsController < Api::BaseController
   end
 
   def report_params
-    params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
+    params.permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v1/statuses/reblogs_controller.rb

@@ -11,6 +11,10 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
 
   override_rate_limit_headers :create, family: :statuses
 
+  PERMITTED_PARAMS = %i(
+    visibility
+  ).freeze
+
   def create
     with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
       @status = ReblogService.new.call(current_account, @reblog, reblog_params)
@@ -50,6 +54,8 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
   end
 
   def reblog_params
-    params.permit(:visibility)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v2/filters/keywords_controller.rb

@@ -8,6 +8,11 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
   before_action :set_keywords, only: :index
   before_action :set_keyword, only: [:show, :update, :destroy]
 
+  PERMITTED_PARAMS = %i(
+    keyword
+    whole_word
+  ).freeze
+
   def index
     render json: @keywords, each_serializer: REST::FilterKeywordSerializer
   end
@@ -45,6 +50,8 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:keyword, :whole_word)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v2/filters/statuses_controller.rb

@@ -8,6 +8,10 @@ class Api::V2::Filters::StatusesController < Api::BaseController
   before_action :set_status_filters, only: :index
   before_action :set_status_filter, only: [:show, :destroy]
 
+  PERMITTED_PARAMS = %i(
+    status_id
+  ).freeze
+
   def index
     render json: @status_filters, each_serializer: REST::FilterStatusSerializer
   end
@@ -39,6 +43,8 @@ class Api::V2::Filters::StatusesController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:status_id)
+    params
+      .slice(*PERMITTED_PARAMS)
+      .permit(*PERMITTED_PARAMS)
   end
 end

app/controllers/api/v2/search_controller.rb

@@ -5,6 +5,17 @@ class Api::V2::SearchController < Api::BaseController
 
   RESULTS_LIMIT = 20
 
+  SEARCH_PARAMS = %i(
+    account_id
+    following
+    max_id
+    min_id
+    offset
+    q
+    resolve
+    type
+  ).freeze
+
   before_action -> { authorize_if_got_token! :read, :'read:search' }
   before_action :validate_search_params!
 
@@ -63,6 +74,7 @@ class Api::V2::SearchController < Api::BaseController
   end
 
   def search_params
-    params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
+    params
+      .permit(*SEARCH_PARAMS)
   end
 end

app/javascript/mastodon/api_types/notifications.ts

@@ -60,7 +60,7 @@ export interface BaseNotificationGroupJSON {
 
 interface NotificationGroupWithStatusJSON extends BaseNotificationGroupJSON {
   type: NotificationWithStatusType;
-  status: ApiStatusJSON;
+  status_id: string;
 }
 
 interface NotificationWithStatusJSON extends BaseNotificationJSON {

app/javascript/mastodon/features/notifications/components/filtered_notifications_banner.tsx

@@ -49,21 +49,14 @@ export const FilteredNotificationsBanner: React.FC = () => {
         <span>
           <FormattedMessage
             id='filtered_notifications_banner.pending_requests'
-            defaultMessage='Notifications from {count, plural, =0 {no one} one {one person} other {# people}} you may know'
+            defaultMessage='From {count, plural, =0 {no one} one {one person} other {# people}} you may know'
             values={{ count: policy.summary.pending_requests_count }}
           />
         </span>
       </div>
 
       <div className='filtered-notifications-banner__badge'>
-        <div className='filtered-notifications-banner__badge__badge'>
-          {toCappedNumber(policy.summary.pending_notifications_count)}
-        </div>
-        <FormattedMessage
-          id='filtered_notifications_banner.mentions'
-          defaultMessage='{count, plural, one {mention} other {mentions}}'
-          values={{ count: policy.summary.pending_notifications_count }}
-        />
+        {toCappedNumber(policy.summary.pending_notifications_count)}
       </div>
     </Link>
   );

app/javascript/mastodon/locales/en.json

@@ -300,8 +300,7 @@
   "filter_modal.select_filter.subtitle": "Use an existing category or create a new one",
   "filter_modal.select_filter.title": "Filter this post",
   "filter_modal.title.status": "Filter a post",
-  "filtered_notifications_banner.mentions": "{count, plural, one {mention} other {mentions}}",
-  "filtered_notifications_banner.pending_requests": "Notifications from {count, plural, =0 {no one} one {one person} other {# people}} you may know",
+  "filtered_notifications_banner.pending_requests": "From {count, plural, =0 {no one} one {one person} other {# people}} you may know",
   "filtered_notifications_banner.title": "Filtered notifications",
   "firehose.all": "All",
   "firehose.local": "This server",

app/javascript/mastodon/models/notification_group.ts

@@ -124,9 +124,9 @@ export function createNotificationGroupFromJSON(
     case 'mention':
     case 'poll':
     case 'update': {
-      const { status, ...groupWithoutStatus } = group;
+      const { status_id: statusId, ...groupWithoutStatus } = group;
       return {
-        statusId: status.id,
+        statusId,
         sampleAccountIds,
         ...groupWithoutStatus,
       };

app/javascript/styles/mastodon/components.scss

@@ -10171,25 +10171,10 @@ noscript {
   }
 
   &__badge {
-    display: flex;
-    align-items: center;
-    border-radius: 999px;
-    background: var(--background-border-color);
-    color: $darker-text-color;
-    padding: 4px;
-    padding-inline-end: 8px;
-    gap: 6px;
-    font-weight: 500;
-    font-size: 11px;
-    line-height: 16px;
-    word-break: keep-all;
-
-    &__badge {
-      background: $ui-button-background-color;
-      color: $white;
-      border-radius: 100px;
-      padding: 2px 8px;
-    }
+    background: $ui-button-background-color;
+    color: $white;
+    border-radius: 100px;
+    padding: 2px 8px;
   }
 }