diff options
| author | lain <lain@soykaf.club> | 2020-04-29 13:19:04 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-29 13:19:04 +0200 |
| commit | 0c491b904d126725866087ad9a51fb6346e2a358 (patch) | |
| tree | 652f0d122a25f28681ed28445b5087fb56681067 /lib/pleroma/web/pleroma_api/controllers/account_controller.ex | |
| parent | 30ea6bb1674482ef6ddbfd8744f9bd878eae91e9 (diff) | |
| parent | 58fded9858edbeb318dc011cb313e82a86fbafcb (diff) | |
| download | pleroma-0c491b904d126725866087ad9a51fb6346e2a358.tar.gz | |
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
Diffstat (limited to 'lib/pleroma/web/pleroma_api/controllers/account_controller.ex')
| -rw-r--r-- | lib/pleroma/web/pleroma_api/controllers/account_controller.ex | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex index 60405fbff..be7477867 100644 --- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do only: [json_response: 3, add_link_headers: 2, assign_account_by_id: 2, skip_relationships?: 1] alias Ecto.Changeset + alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Plugs.RateLimiter alias Pleroma.User @@ -18,6 +19,11 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do require Pleroma.Constants plug( + :skip_plug, + [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirmation_resend + ) + + plug( OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action in [:subscribe, :unsubscribe] ) @@ -33,15 +39,13 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do ] ) - plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites) - - # An extra safety measure for possible actions not guarded by OAuth permissions specification plug( - Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug - when action != :confirmation_resend + OAuthScopesPlug, + %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites ) plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend) + plug(:assign_account_by_id when action in [:favourites, :subscribe, :unsubscribe]) plug(:put_view, Pleroma.Web.MastodonAPI.AccountView) |