Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
	app/controllers/application_controller.rb

Changed instance theme selection by instance flavour selection.

app/controllers/admin/settings_controller.rb

@@ -16,6 +16,8 @@ module Admin
       timeline_preview
       show_staff_badge
       bootstrap_timeline_accounts
+      flavour
+      skin
       thumbnail
       hero
       min_invite_role
@@ -23,6 +25,7 @@ module Admin
       peers_api_enabled
       show_known_fediverse_at_about_page
       preview_sensitive_media
+      custom_css
     ).freeze
 
     BOOLEAN_SETTINGS = %w(

app/controllers/admin/suspensions_controller.rb

@@ -14,7 +14,7 @@ module Admin
       @suspension = Form::AdminSuspensionConfirmation.new(suspension_params)
 
       if suspension_params[:acct] == @account.acct
-        resolve_report! if suspension_params[:report_id]
+        resolve_report! if suspension_params[:report_id].present?
         perform_suspend!
         mark_reports_resolved!
         redirect_to admin_accounts_path

app/controllers/api/base_controller.rb

@@ -7,6 +7,8 @@ class Api::BaseController < ApplicationController
   include RateLimitHeaders
 
   skip_before_action :store_current_location
+  skip_before_action :check_user_permissions
+
   protect_from_forgery with: :null_session
 
   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|

app/controllers/application_controller.rb

@@ -25,7 +25,7 @@ class ApplicationController < ActionController::Base
   rescue_from Mastodon::NotPermittedError, with: :forbidden
 
   before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
-  before_action :check_suspension, if: :user_signed_in?
+  before_action :check_user_permissions, if: :user_signed_in?
 
   def raise_not_found
     raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
@@ -49,8 +49,8 @@ class ApplicationController < ActionController::Base
     forbidden unless current_user&.staff?
   end
 
-  def check_suspension
-    forbidden if current_user.account.suspended?
+  def check_user_permissions
+    forbidden if current_user.disabled? || current_user.account.suspended?
   end
 
   def after_sign_out_path_for(_resource_or_scope)
@@ -165,12 +165,12 @@ class ApplicationController < ActionController::Base
   end
 
   def current_flavour
-    return Setting.default_settings['flavour'] unless Themes.instance.flavours.include? current_user&.setting_flavour
+    return Setting.flavour unless Themes.instance.flavours.include? current_user&.setting_flavour
     current_user.setting_flavour
   end
 
   def current_skin
-    return 'default' unless Themes.instance.skins_for(current_flavour).include? current_user&.setting_skin
+    return Setting.skin unless Themes.instance.skins_for(current_flavour).include? current_user&.setting_skin
     current_user.setting_skin
   end
 

app/controllers/auth/sessions_controller.rb

@@ -6,7 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
   layout 'auth'
 
   skip_before_action :require_no_authentication, only: [:create]
-  skip_before_action :check_suspension, only: [:destroy]
+  skip_before_action :check_user_permissions, only: [:destroy]
   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
   prepend_before_action :set_pack
   before_action :set_instance_presenter, only: [:new]

app/controllers/custom_css_controller.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class CustomCssController < ApplicationController
+  before_action :set_cache_headers
+
+  def show
+    skip_session!
+    render plain: Setting.custom_css || '', content_type: 'text/css'
+  end
+end