mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-05 02:10:13 +00:00
502cf75b16
* Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
50 lines
1.1 KiB
Ruby
50 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Timelines::PublicController < Api::V1::Timelines::BaseController
|
|
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
|
|
|
|
PERMITTED_PARAMS = %i(local remote limit only_media).freeze
|
|
|
|
def show
|
|
cache_if_unauthenticated!
|
|
@statuses = load_statuses
|
|
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
|
|
end
|
|
|
|
private
|
|
|
|
def load_statuses
|
|
preloaded_public_statuses_page
|
|
end
|
|
|
|
def preloaded_public_statuses_page
|
|
preload_collection(public_statuses, Status)
|
|
end
|
|
|
|
def public_statuses
|
|
public_feed.get(
|
|
limit_param(DEFAULT_STATUSES_LIMIT),
|
|
params[:max_id],
|
|
params[:since_id],
|
|
params[:min_id]
|
|
)
|
|
end
|
|
|
|
def public_feed
|
|
PublicFeed.new(
|
|
current_account,
|
|
local: truthy_param?(:local),
|
|
remote: truthy_param?(:remote),
|
|
only_media: truthy_param?(:only_media)
|
|
)
|
|
end
|
|
|
|
def next_path
|
|
api_v1_timelines_public_url next_path_params
|
|
end
|
|
|
|
def prev_path
|
|
api_v1_timelines_public_url prev_path_params
|
|
end
|
|
end
|