X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fpleroma_api%2Fcontrollers%2Femoji_api_controller.ex;h=03e95e0202fa7454705c24f2a3ec6c4ae7ec91cd;hb=4271cfb81a8983f5ec6a878cab1fb3fbd164245d;hp=cf5a086feece30072b962ab2b1a58ca6e679a060;hpb=ba9d35a9049e0d46900d2dd95afd27c09f327a2c;p=akkoma

diff --git a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
index cf5a086fe..03e95e020 100644
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
@@ -1,8 +1,26 @@
 defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
+
   require Logger
 
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write"], admin: true}
+    when action in [
+           :create,
+           :delete,
+           :download_from,
+           :list_from,
+           :import_from_fs,
+           :update_file,
+           :update_metadata
+         ]
+  )
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   def emoji_dir_path do
     Path.join(
       Pleroma.Config.get!([:instance, :static_dir]),
@@ -34,7 +52,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
   @doc """
   Lists the packs available on the instance as JSON.
 
-  The information is public and does not require authentification. The format is
+  The information is public and does not require authentication. The format is
   a map of "pack directory name" to pack.json contents.
   """
   def list_packs(conn, _params) do
@@ -182,6 +200,7 @@ keeping it in cache for #{div(cache_ms, 1000)}s")
     |> Tesla.get!()
     |> Map.get(:body)
     |> Jason.decode!()
+    |> Map.get("links")
     |> List.last()
     |> Map.get("href")
     # Get the actual nodeinfo address and fetch it
@@ -304,7 +323,7 @@ keeping it in cache for #{div(cache_ms, 1000)}s")
       {:ok, _} ->
         conn |> json("ok")
 
-      {:error, _} ->
+      {:error, _, _} ->
         conn
         |> put_status(:internal_server_error)
         |> json(%{error: "Couldn't delete the pack #{name}"})
@@ -554,11 +573,14 @@ keeping it in cache for #{div(cache_ms, 1000)}s")
   assumed to be emojis and stored in the new `pack.json` file.
   """
   def import_from_fs(conn, _params) do
-    with {:ok, results} <- File.ls(emoji_dir_path()) do
+    emoji_path = emoji_dir_path()
+
+    with {:ok, %{access: :read_write}} <- File.stat(emoji_path),
+         {:ok, results} <- File.ls(emoji_path) do
       imported_pack_names =
         results
         |> Enum.filter(fn file ->
-          dir_path = Path.join(emoji_dir_path(), file)
+          dir_path = Path.join(emoji_path, file)
           # Find the directories that do NOT have pack.json
           File.dir?(dir_path) and not File.exists?(Path.join(dir_path, "pack.json"))
         end)
@@ -566,6 +588,11 @@ keeping it in cache for #{div(cache_ms, 1000)}s")
 
       json(conn, imported_pack_names)
     else
+      {:ok, %{access: _}} ->
+        conn
+        |> put_status(:internal_server_error)
+        |> json(%{error: "Error: emoji pack directory must be writable"})
+
       {:error, _} ->
         conn
         |> put_status(:internal_server_error)