X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fpleroma_api%2Fcontrollers%2Fmascot_controller.ex;h=d9c1c863622e80b41e764e81e6e53807b0dc9a0a;hb=841e4e4d835b8d1cecb33102356ca045571ef1fc;hp=7f6a76c0e24b56906f30eec440e5256af7db02a7;hpb=0c6009dd2e475d3487123390885c46bf3fc5dea8;p=akkoma
diff --git a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
index 7f6a76c0e..d9c1c8636 100644
--- a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
@@ -1,13 +1,19 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.MascotController do
use Pleroma.Web, :controller
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
+ plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action == :show)
+ plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action != :show)
+
+ plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
@doc "GET /api/v1/pleroma/mascot"
def show(%{assigns: %{user: user}} = conn, _params) do
json(conn, User.get_mascot(user))
@@ -18,9 +24,7 @@ defmodule Pleroma.Web.PleromaAPI.MascotController do
with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)),
# Reject if not an image
%{type: "image"} = attachment <- render_attachment(object) do
- # Sure!
- # Save to the user's info
- {:ok, _user} = User.update_info(user, &User.Info.mascot_update(&1, attachment))
+ {:ok, _user} = User.mascot_update(user, attachment)
json(conn, attachment)
else