about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorDavid Celis <me@davidcel.is>2017-04-09 09:33:40 -0700
committerEugen <eugen@zeonfederated.com>2017-04-09 18:33:40 +0200
commitd4fe6cd2bfee50cfcde5de5c3f58240552e9c71d (patch)
treed4a7cf3666e6310652fac11f3078506b7ab44b54 /app
parentea6c930c04762bef00b42dad16a17b71b8acc93b (diff)
Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
Diffstat (limited to 'app')
-rw-r--r--app/controllers/api/v1/accounts_controller.rb17
1 files changed, 15 insertions, 2 deletions
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 454873116..bb7cda035 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
 class Api::V1::AccountsController < ApiController
-  before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
+  before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute, :update_credentials]
   before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
+  before_action -> { doorkeeper_authorize! :write }, only: [:update_credentials]
   before_action :require_user!, except: [:show, :following, :followers, :statuses]
-  before_action :set_account, except: [:verify_credentials, :suggestions, :search]
+  before_action :set_account, except: [:verify_credentials, :update_credentials, :suggestions, :search]
 
   respond_to :json
 
@@ -15,6 +16,14 @@ class Api::V1::AccountsController < ApiController
     render action: :show
   end
 
+  def update_credentials
+    @account = current_user.account
+
+    @account.update_attributes!(account_params)
+
+    render action: :show
+  end
+
   def following
     results   = Follow.where(account: @account).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
@@ -135,4 +144,8 @@ class Api::V1::AccountsController < ApiController
   def statuses_pagination_params(core_params)
     params.permit(:limit, :only_media, :exclude_replies).merge(core_params)
   end
+
+  def account_params
+    @account_params ||= params.permit(:display_name, :note, :avatar, :header)
+  end
 end