aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex')
-rw-r--r--lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex15
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
index d17ccf84d..9d50a7ca9 100644
--- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
@@ -9,11 +9,26 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
alias Pleroma.Conversation.Participation
alias Pleroma.Notification
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.MastodonAPI.ConversationView
alias Pleroma.Web.MastodonAPI.NotificationView
alias Pleroma.Web.MastodonAPI.StatusView
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:statuses"]} when action in [:conversation, :conversation_statuses]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:conversations"]} when action == :update_conversation
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :read_notification)
+
+ plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
def conversation(%{assigns: %{user: user}} = conn, %{"id" => participation_id}) do
with %Participation{} = participation <- Participation.get(participation_id),
true <- user.id == participation.user_id do
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 07:25:43 +0000