X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fpleroma_api%2Fcontrollers%2Fmascot_controller.ex;h=d9c1c863622e80b41e764e81e6e53807b0dc9a0a;hb=9cf4c4fa73e68f03791c5cc70505b710be39b677;hp=7f6a76c0e24b56906f30eec440e5256af7db02a7;hpb=a0f101ee806af06bcd4271cd8d57d11ff85ea11a;p=akkoma

diff --git a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
index 7f6a76c0e..d9c1c8636 100644
--- a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
@@ -1,13 +1,19 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.PleromaAPI.MascotController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
 
+  plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action == :show)
+  plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action != :show)
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   @doc "GET /api/v1/pleroma/mascot"
   def show(%{assigns: %{user: user}} = conn, _params) do
     json(conn, User.get_mascot(user))
@@ -18,9 +24,7 @@ defmodule Pleroma.Web.PleromaAPI.MascotController do
     with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)),
          # Reject if not an image
          %{type: "image"} = attachment <- render_attachment(object) do
-      # Sure!
-      # Save to the user's info
-      {:ok, _user} = User.update_info(user, &User.Info.mascot_update(&1, attachment))
+      {:ok, _user} = User.mascot_update(user, attachment)
 
       json(conn, attachment)
     else