Merge branch 'exclude-reblogs-from-admin-api-by-default' into 'develop'

[akkoma] / lib / pleroma / web / mastodon_api / controllers / list_controller.ex

diff --git a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
index 2873deda8ddc891fe6be836c5063bb90560480de..dac4daa7bc0dd0a3b67d9f224bf43434a850578e 100644 (file)
--- a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
@@ -1,15 +1,26 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ListController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.MastodonAPI.AccountView
 
   plug(:list_by_id_and_user when action not in [:index, :create])
 
+  plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action in [:index, :show, :list_accounts])
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:lists"]}
+    when action in [:create, :update, :delete, :add_to_list, :remove_from_list]
+  )
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
   # GET /api/v1/lists
@@ -49,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.ListController do
     with {:ok, users} <- Pleroma.List.get_following(list) do
       conn
       |> put_view(AccountView)
-      |> render("accounts.json", for: user, users: users, as: :user)
+      |> render("index.json", for: user, users: users, as: :user)
     end
   end