diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/api_spec/operations/announcement_operation.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex | 12 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 3 |
3 files changed, 7 insertions, 9 deletions
diff --git a/lib/pleroma/web/api_spec/operations/announcement_operation.ex b/lib/pleroma/web/api_spec/operations/announcement_operation.ex index a66073b8b..71be0002a 100644 --- a/lib/pleroma/web/api_spec/operations/announcement_operation.ex +++ b/lib/pleroma/web/api_spec/operations/announcement_operation.ex @@ -18,6 +18,7 @@ defmodule Pleroma.Web.ApiSpec.AnnouncementOperation do tags: ["Announcement"], summary: "Retrieve a list of announcements", operationId: "MastodonAPI.AnnouncementController.index", + security: [%{"oAuth" => []}], responses: %{ 200 => Operation.response("Response", "application/json", list_of_announcements()), 403 => Operation.response("Forbidden", "application/json", ApiError) diff --git a/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex b/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex index e6da7892c..080af96d5 100644 --- a/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/announcement_controller.ex @@ -15,20 +15,18 @@ defmodule Pleroma.Web.MastodonAPI.AnnouncementController do plug(Pleroma.Web.ApiSpec.CastAndValidate) - # MastodonAPI specs do not have oauth requirements for showing - # announcements, but we have "private instance" options. When that - # is set, require read:accounts scope, symmetric to write:accounts - # for `mark_read`. + # Mastodon docs say this only requires a user token, no scopes needed + # As the op `|` requires at least one scope to be present, we use `&` here. plug( OAuthScopesPlug, - %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]} - when action in [:show, :index] + %{scopes: [], op: :&} + when action in [:index] ) # Same as in MastodonAPI specs plug( OAuthScopesPlug, - %{fallback: :proceed_unauthenticated, scopes: ["write:accounts"]} + %{scopes: ["write:accounts"]} when action in [:mark_read] ) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index af56494a2..7bbc20275 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -582,6 +582,7 @@ defmodule Pleroma.Web.Router do get("/timelines/direct", TimelineController, :direct) get("/timelines/list/:list_id", TimelineController, :list) + get("/announcements", AnnouncementController, :index) post("/announcements/:id/dismiss", AnnouncementController, :mark_read) end @@ -627,8 +628,6 @@ defmodule Pleroma.Web.Router do get("/polls/:id", PollController, :show) get("/directory", DirectoryController, :index) - - get("/announcements", AnnouncementController, :index) end scope "/api/v2", Pleroma.Web.MastodonAPI do |