projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes...
[akkoma]
/
lib
/
pleroma
/
web
/
mastodon_api
/
controllers
/
list_controller.ex
diff --git
a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
index 2873deda8ddc891fe6be836c5063bb90560480de..bfe856025af0303882afbce96460a84da69fc1d1 100644
(file)
--- a/
lib/pleroma/web/mastodon_api/controllers/list_controller.ex
+++ b/
lib/pleroma/web/mastodon_api/controllers/list_controller.ex
@@
-1,15
+1,26
@@
# Pleroma: A lightweight social networking server
# Pleroma: A lightweight social networking server
-# Copyright © 2017-20
19
Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-20
20
Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.ListController do
use Pleroma.Web, :controller
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.ListController do
use Pleroma.Web, :controller
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
alias Pleroma.Web.MastodonAPI.AccountView
plug(:list_by_id_and_user when action not in [:index, :create])
alias Pleroma.User
alias Pleroma.Web.MastodonAPI.AccountView
plug(:list_by_id_and_user when action not in [:index, :create])
+ @oauth_read_actions [:index, :show, :list_accounts]
+
+ plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action in @oauth_read_actions)
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:lists"]}
+ when action not in @oauth_read_actions
+ )
+
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
# GET /api/v1/lists
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
# GET /api/v1/lists
@@
-49,7
+60,7
@@
defmodule Pleroma.Web.MastodonAPI.ListController do
with {:ok, users} <- Pleroma.List.get_following(list) do
conn
|> put_view(AccountView)
with {:ok, users} <- Pleroma.List.get_following(list) do
conn
|> put_view(AccountView)
- |> render("
accounts
.json", for: user, users: users, as: :user)
+ |> render("
index
.json", for: user, users: users, as: :user)
end
end
end
end