Restricted embedding of relationships where applicable (statuses / notifications...

[akkoma] / lib / pleroma / web / pleroma_api / controllers / pleroma_api_controller.ex
diff --git a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex

index fe1b97a208c9738b81bbc75d7e2c07cf91b5169a..f3ac17a66b8774c408134db7e0bf8f5cf1462493 100644 (file)
--- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
@@ -26,6 +26,12 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
      when action in [:conversation, :conversation_statuses]
    )
  
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read:statuses"], fallback: :proceed_unauthenticated}
+    when action == :emoji_reactions_by
+  )
+
    plug(
      OAuthScopesPlug,
      %{scopes: ["write:statuses"]}
@@ -34,12 +40,14 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
  
    plug(
      OAuthScopesPlug,
-    %{scopes: ["write:conversations"]} when action in [:update_conversation, :read_conversations]
+    %{scopes: ["write:conversations"]}
+    when action in [:update_conversation, :mark_conversations_as_read]
    )
  
-  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :read_notification)
-
-  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
+  )
  
    def emoji_reactions_by(%{assigns: %{user: user}} = conn, %{"id" => activity_id} = params) do
      with %Activity{} = activity <- Activity.get_by_id_with_object(activity_id),
@@ -58,7 +66,13 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
              %{
                name: emoji,
                count: length(users),
-              accounts: AccountView.render("index.json", %{users: users, for: user, as: :user}),
+              accounts:
+                AccountView.render("index.json", %{
+                  users: users,
+                  for: user,
+                  as: :user,
+                  skip_relationships: true
+                }),
                me: !!(user && user.ap_id in user_ap_ids)
              }
            end
@@ -167,7 +181,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
      end
    end
  
-  def read_conversations(%{assigns: %{user: user}} = conn, _params) do
+  def mark_conversations_as_read(%{assigns: %{user: user}} = conn, _params) do
      with {:ok, _, participations} <- Participation.mark_all_as_read(user) do
        conn
        |> add_link_headers(participations)
@@ -176,7 +190,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
      end
    end
  
-  def read_notification(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
+  def mark_notifications_as_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
      with {:ok, notification} <- Notification.read_one(user, notification_id) do
        conn
        |> put_view(NotificationView)
@@ -189,7 +203,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
      end
    end
  
-  def read_notification(%{assigns: %{user: user}} = conn, %{"max_id" => max_id} = params) do
+  def mark_notifications_as_read(%{assigns: %{user: user}} = conn, %{"max_id" => max_id} = params) do
      with notifications <- Notification.set_read_up_to(user, max_id) do
        notifications = Enum.take(notifications, 80)