plug(Pleroma.Web.ApiSpec.CastAndValidate)
- plug(:skip_auth when action in [:create, :lookup])
+ plug(:skip_auth when action in [:create])
plug(:skip_public_check when action in [:show, :statuses])
plug(
OAuthScopesPlug,
%{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
- when action in [:show, :followers, :following]
+ when action in [:show, :followers, :following, :lookup]
)
plug(
end
@doc "GET /api/v1/accounts/lookup"
- def lookup(conn, %{acct: nickname} = _params) do
- with %User{} = user <- User.get_by_nickname(nickname) do
+ def lookup(%{assigns: %{user: for_user}} = conn, %{acct: nickname} = _params) do
+ with %User{} = user <- User.get_by_nickname(nickname),
+ :visible <- User.visible_for(user, for_user) do
render(conn, "show.json",
user: user,
skip_visibility_check: true