From 4db8230194258a9a1c3d17d7261608515f3f2067 Mon Sep 17 00:00:00 2001
From: Robert R George <rgeorge@midnightweb.net>
Date: Tue, 18 Apr 2023 02:33:30 -0700
Subject: Add trend management to admin API (#24257)

---
 .../api/v1/admin/trends/statuses_controller.rb     | 31 +++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'app/controllers/api/v1/admin/trends/statuses_controller.rb')

diff --git a/app/controllers/api/v1/admin/trends/statuses_controller.rb b/app/controllers/api/v1/admin/trends/statuses_controller.rb
index c39f77363..34b6580df 100644
--- a/app/controllers/api/v1/admin/trends/statuses_controller.rb
+++ b/app/controllers/api/v1/admin/trends/statuses_controller.rb
@@ -1,7 +1,36 @@
 # frozen_string_literal: true
 
 class Api::V1::Admin::Trends::StatusesController < Api::V1::Trends::StatusesController
-  before_action -> { authorize_if_got_token! :'admin:read' }
+  include Authorization
+
+  before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
+  before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
+
+  after_action :verify_authorized, except: :index
+
+  def index
+    if current_user&.can?(:manage_taxonomies)
+      render json: @statuses, each_serializer: REST::Admin::Trends::StatusSerializer
+    else
+      super
+    end
+  end
+
+  def approve
+    authorize [:admin, :status], :review?
+
+    status = Status.find(params[:id])
+    status.update(trendable: true)
+    render json: status, serializer: REST::Admin::Trends::StatusSerializer
+  end
+
+  def reject
+    authorize [:admin, :status], :review?
+
+    status = Status.find(params[:id])
+    status.update(trendable: false)
+    render json: status, serializer: REST::Admin::Trends::StatusSerializer
+  end
 
   private
 
-- 
cgit