X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fpleroma_api%2Fcontrollers%2Fmascot_controller.ex;h=8cf552b7e230d77816235588d4ea1d6f35844bd8;hb=cedee2793d96b0384a3041ea0a6cd1f2b1c3dd1e;hp=7f6a76c0e24b56906f30eec440e5256af7db02a7;hpb=6ffa2b5f661c2db424334c6fb5de6f4d1bfeb745;p=akkoma

diff --git a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
index 7f6a76c0e..8cf552b7e 100644
--- a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
@@ -5,9 +5,15 @@
 defmodule Pleroma.Web.PleromaAPI.MascotController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
 
+  plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action == :show)
+  plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action != :show)
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   @doc "GET /api/v1/pleroma/mascot"
   def show(%{assigns: %{user: user}} = conn, _params) do
     json(conn, User.get_mascot(user))
@@ -18,9 +24,7 @@ defmodule Pleroma.Web.PleromaAPI.MascotController do
     with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)),
          # Reject if not an image
          %{type: "image"} = attachment <- render_attachment(object) do
-      # Sure!
-      # Save to the user's info
-      {:ok, _user} = User.update_info(user, &User.Info.mascot_update(&1, attachment))
+      {:ok, _user} = User.mascot_update(user, attachment)
 
       json(conn, attachment)
     else