about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2020-08-19 19:02:06 +0200
committerStarfall <us@starfall.systems>2020-08-25 13:38:21 -0500
commit38e2803db952b8752ed88538acf02e396fcc3c65 (patch)
treeca2023bd6bc0ebd9eb5c29d24d484d484ba08e3a /app/controllers
parentc2a8ea7a505566efc747f1e29785b9ef4d5f63ab (diff)
Fix not being able to unbookmark toots when blocked by their author (#14604)
* Fix not being able to unbookmark toots when blocked by their author

* Add tests
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api/v1/statuses/bookmarks_controller.rb14
1 files changed, 12 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses/bookmarks_controller.rb b/app/controllers/api/v1/statuses/bookmarks_controller.rb
index 3954af3c9..19963c002 100644
--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@@ -5,7 +5,7 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
 
   before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
   before_action :require_user!
-  before_action :set_status
+  before_action :set_status, only: [:create]
 
   def create
     current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
@@ -13,10 +13,20 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
   end
 
   def destroy
-    bookmark = current_account.bookmarks.find_by(status: @status)
+    bookmark = current_account.bookmarks.find_by(status_id: params[:status_id])
+
+    if bookmark
+      @status = bookmark.status
+    else
+      @status = Status.find(params[:status_id])
+      authorize @status, :show?
+    end
+
     bookmark&.destroy!
 
     render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
+  rescue Mastodon::NotPermittedError
+    not_found
   end
 
   private