Merge remote-tracking branch 'origin/develop' into global-status-expiration

[akkoma] / lib / pleroma / web / mastodon_api / controllers / follow_request_controller.ex

diff --git a/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex b/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex
index 267014b97fb1f48ac2554edc0ffc937437f4ab57..1ca86f63fb2371aba7d0af409cc48603cae8cf13 100644 (file)
--- a/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex
@@ -1,10 +1,11 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
 
@@ -13,11 +14,20 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
 
   action_fallback(:errors)
 
+  plug(OAuthScopesPlug, %{scopes: ["follow", "read:follows"]} when action == :index)
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["follow", "write:follows"]} when action != :index
+  )
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   @doc "GET /api/v1/follow_requests"
   def index(%{assigns: %{user: followed}} = conn, _params) do
     follow_requests = User.get_follow_requests(followed)
 
-    render(conn, "accounts.json", for: followed, users: follow_requests, as: :user)
+    render(conn, "index.json", for: followed, users: follow_requests, as: :user)
   end
 
   @doc "POST /api/v1/follow_requests/:id/authorize"