diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2016-12-21 20:00:18 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2016-12-21 20:04:13 +0100 |
commit | 80e02b90e4210b0f4982be6a8e817900143374a5 (patch) | |
tree | 6014b3fe6fa965f6bd2d3f531c5cb97cc6a492bc /app/controllers/api | |
parent | 6d71044c854c453f499f97af420fe0ed762238d3 (diff) |
Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed Blocks now generate hidden stream entries, can be used to federate blocks Private statuses cannot be reblogged (generates generic 422 error for now) POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean Statuses JSON now contains visibility=(public|unlisted|private) field
Diffstat (limited to 'app/controllers/api')
-rw-r--r-- | app/controllers/api/v1/accounts_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 3 |
2 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 0abdfd9fa..de53a9602 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -8,8 +8,7 @@ class Api::V1::AccountsController < ApiController respond_to :json - def show - end + def show; end def verify_credentials @account = current_user.account @@ -47,7 +46,7 @@ class Api::V1::AccountsController < ApiController end def statuses - @statuses = @account.statuses.paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id]) + @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id]) @statuses = cache_collection(@statuses, Status) set_maps(@statuses) diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 453d003da..f7b4ed610 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -52,7 +52,7 @@ class Api::V1::StatusesController < ApiController end def create - @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids], sensitive: params[:sensitive], unlisted: params[:unlisted]) + @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids], sensitive: params[:sensitive], visibility: params[:visibility]) render action: :show end @@ -95,5 +95,6 @@ class Api::V1::StatusesController < ApiController def set_status @status = Status.find(params[:id]) + raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account) end end |