From 6f9ecd899e9e7cb335940465c23dd53acc37269c Mon Sep 17 00:00:00 2001
From: Rakib Hasan <rmhasan@gmail.com>
Date: Thu, 2 Feb 2017 23:10:17 -0500
Subject: [PATCH] revisted fix for #462 Moved validation to
 services/post_status_service.rb

---
 .../javascripts/components/actions/compose.jsx   |  5 +----
 app/controllers/api/v1/media_controller.rb       |  4 ----
 app/controllers/api/v1/statuses_controller.rb    | 16 ++++++++++------
 app/services/post_status_service.rb              |  8 +++++++-
 4 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/app/assets/javascripts/components/actions/compose.jsx b/app/assets/javascripts/components/actions/compose.jsx
index 84fbc7fc51..03aae885e0 100644
--- a/app/assets/javascripts/components/actions/compose.jsx
+++ b/app/assets/javascripts/components/actions/compose.jsx
@@ -119,10 +119,7 @@ export function uploadCompose(files) {
 
     let data = new FormData();
     data.append('file', files[0]);
-    data.append('media_ids', getState().getIn(
-      ['compose', 'media_attachments']
-    ).map(item => item.get('id')));
-    
+
     api(getState).post('/api/v1/media', data, {
       onUploadProgress: function (e) {
         dispatch(uploadComposeProgress(e.loaded, e.total));
diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index 582d04dafa..f8139ade77 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -11,10 +11,6 @@ class Api::V1::MediaController < ApiController
 
   def create
     @media = MediaAttachment.create!(account: current_user.account, file: params[:file])
-    if @media.video? and params[:media_ids] != "List []"
-      @media.destroy
-      render json: {error: 'Cannot attach a video to a toot that already contains images'}, status: 422
-    end
   rescue Paperclip::Errors::NotIdentifiedByImageMagickError
     render json: { error: 'File type of uploaded media could not be verified' }, status: 422
   rescue Paperclip::Error
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 69cbdce5d6..036383d1eb 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -62,12 +62,16 @@ class Api::V1::StatusesController < ApiController
   end
 
   def create
-    @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
-                                                                                                                                                             sensitive: params[:sensitive],
-                                                                                                                                                             spoiler_text: params[:spoiler_text],
-                                                                                                                                                             visibility: params[:visibility],
-                                                                                                                                                             application: doorkeeper_token.application)
-
+    begin
+      @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
+                                                                                                                                                               sensitive: params[:sensitive],
+                                                                                                                                                               spoiler_text: params[:spoiler_text],
+                                                                                                                                                               visibility: params[:visibility],
+                                                                                                                                                               application: doorkeeper_token.application)
+    rescue Mastodon::NotPermitted => e
+       render json: {error: e.message}, status: 422
+       return
+    end
     render action: :show
   end
 
diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 979941c84c..d701035475 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -35,8 +35,14 @@ class PostStatusService < BaseService
 
   def attach_media(status, media_ids)
     return if media_ids.nil? || !media_ids.is_a?(Enumerable)
-
     media = MediaAttachment.where(status_id: nil).where(id: media_ids.take(4).map(&:to_i))
+    if media.length > 1
+      media.each do |m|
+        if m.video?
+          raise Mastodon::NotPermitted, 'Cannot attach a video to a toot that already contains images'
+        end
+      end
+    end
     media.update(status_id: status.id)
   end