v2 Suggestions: don't skip visibility check

[akkoma] / lib / pleroma / web / mastodon_api / controllers / suggestion_controller.ex

diff --git a/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex b/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex
index 01e122dd9020dfbbae6ed9d3ec05cadd1237bc83..4f92c1f46e610c7fbed0201f85a9071380a009f3 100644 (file)
--- a/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex
@@ -4,11 +4,12 @@
 
 defmodule Pleroma.Web.MastodonAPI.SuggestionController do
   use Pleroma.Web, :controller
+  alias Pleroma.User
 
   require Logger
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action in [:index, :index2])
 
   def open_api_operation(action) do
     operation = String.to_existing_atom("#{action}_operation")
@@ -26,7 +27,30 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionController do
     }
   end
 
+  def index2_operation do
+    %OpenApiSpex.Operation{
+      tags: ["Suggestions"],
+      summary: "Follow suggestions",
+      operationId: "SuggestionController.index2",
+      responses: %{
+        200 => Pleroma.Web.ApiSpec.Helpers.empty_array_response()
+      }
+    }
+  end
+
   @doc "GET /api/v1/suggestions"
   def index(conn, params),
     do: Pleroma.Web.MastodonAPI.MastodonAPIController.empty_array(conn, params)
+
+  @doc "GET /api/v2/suggestions"
+  def index2(%{assigns: %{user: user}} = conn, params) do
+    limit = Map.get(params, :limit, 40) |> min(80)
+
+    users =
+      %{is_suggested: true, limit: limit}
+      |> User.Query.build()
+      |> Pleroma.Repo.all()
+
+    render(conn, "index.json", %{users: users, source: :staff, for: user})
+  end
 end