Merge remote-tracking branch 'glitch/main'

3 files changed, 12 insertions, 12 deletions

diff --git a/app/controllers/api/v1/emails/confirmations_controller.rb b/app/controllers/api/v1/emails/confirmations_controller.rb
index f1d9954d0..3faaea2fb 100644
--- a/app/controllers/api/v1/emails/confirmations_controller.rb
+++ b/app/controllers/api/v1/emails/confirmations_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Emails::ConfirmationsController < Api::BaseController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
   before_action :require_user_owned_by_application!
   before_action :require_user_not_confirmed!
 
@@ -19,6 +19,6 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
   end
 
   def require_user_not_confirmed!
-    render json: { error: 'This method is only available while the e-mail is awaiting confirmation' }, status: :forbidden if current_user.confirmed? || current_user.unconfirmed_email.blank?
+    render json: { error: 'This method is only available while the e-mail is awaiting confirmation' }, status: :forbidden unless !current_user.confirmed? || current_user.unconfirmed_email.present?
   end
 end
diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb
index eefd28d45..c47d6ccfd 100644
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -44,13 +44,18 @@ class Api::V1::NotificationsController < Api::BaseController
       limit_param(DEFAULT_NOTIFICATIONS_LIMIT),
       params_slice(:max_id, :since_id, :min_id)
     )
+
     Notification.preload_cache_collection_target_statuses(notifications) do |target_statuses|
       cache_collection(target_statuses, Status)
     end
   end
 
   def browserable_account_notifications
-    current_account.notifications.without_suspended.browserable(exclude_types, from_account)
+    current_account.notifications.without_suspended.browserable(
+      types: Array(browserable_params[:types]),
+      exclude_types: Array(browserable_params[:exclude_types]),
+      from_account_id: browserable_params[:account_id]
+    )
   end
 
   def target_statuses_from_notifications
@@ -81,17 +86,11 @@ class Api::V1::NotificationsController < Api::BaseController
     @notifications.first.id
   end
 
-  def exclude_types
-    val = params.permit(exclude_types: [])[:exclude_types] || []
-    val = [val] unless val.is_a?(Enumerable)
-    val
-  end
-
-  def from_account
-    params[:account_id]
+  def browserable_params
+    params.permit(:account_id, types: [], exclude_types: [])
   end
 
   def pagination_params(core_params)
-    params.slice(:limit, :exclude_types).permit(:limit, exclude_types: []).merge(core_params)
+    params.slice(:limit, :account_id, :types, :exclude_types).permit(:limit, :account_id, types: [], exclude_types: []).merge(core_params)
   end
 end
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index ddd7c33ae..7de446ac4 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -10,6 +10,7 @@ class Api::V1::StatusesController < Api::BaseController
   before_action :set_thread, only:       [:create]
 
   override_rate_limit_headers :create, family: :statuses
+  override_rate_limit_headers :update, family: :statuses
 
   # This API was originally unlimited, pagination cannot be introduced without
   # breaking backwards-compatibility. Arbitrarily high number to cover most