diff options
author | multiple creatures <dev@multiple-creature.party> | 2019-10-27 12:17:50 -0500 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2019-10-27 12:17:50 -0500 |
commit | 58c707c474b4ebe6653ebe38aade9cbebe777926 (patch) | |
tree | 43e4376e5103d98011193137201d8047966c9b81 /app/controllers/api/v1/accounts/relationships_controller.rb | |
parent | 87e48598f2fd3e9cca05fa5e1a73dc084ee3f5b6 (diff) |
make data miners' lives harder by also requiring authentication on account api endpoints
Diffstat (limited to 'app/controllers/api/v1/accounts/relationships_controller.rb')
-rw-r--r-- | app/controllers/api/v1/accounts/relationships_controller.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index ab8a0461f..e8e777ae8 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -7,10 +7,14 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController respond_to :json def index - accounts = Account.where(id: account_ids).select('id') - # .where doesn't guarantee that our results are in the same order - # we requested them, so return the "right" order to the requestor. - @accounts = accounts.index_by(&:id).values_at(*account_ids).compact + if user_signed_in? + accounts = Account.where(id: account_ids).select('id') + # .where doesn't guarantee that our results are in the same order + # we requested them, so return the "right" order to the requestor. + @accounts = accounts.index_by(&:id).values_at(*account_ids).compact + else + @accounts = Account.none + end render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships end |