diff options
| author | multiple creatures <dev@multiple-creature.party> | 2020-05-10 03:02:22 -0500 |
|---|---|---|
| committer | Starfall <admin@plural.cafe> | 2020-05-10 03:05:24 -0500 |
| commit | ca3af6c5b00be851e2ced9112429cfc1baa79529 (patch) | |
| tree | 3153cede3485885b5645086b585c27a2a9852dfe /app/controllers/api/v1/accounts/statuses_controller.rb | |
| parent | 77fa1183cc113e3d3d20140e3545443cf6c7f170 (diff) | |
Port monsterfork@58c707c474
make data miners' lives harder by also requiring authentication on account api endpoints
Diffstat (limited to 'app/controllers/api/v1/accounts/statuses_controller.rb')
| -rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 114ee0a82..fe932f93c 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def account_statuses + return Status.none unless user_signed_in? + statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses statuses.merge!(only_media_scope) if truthy_param?(:only_media) |