Add polls (#10111)

* Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00 · 2019-03-03 22:18:23 +01:00 · 230a012f00
commit 230a012f00
parent 99dc212ae5
47 changed files with 1038 additions and 19 deletions
--- a/app/controllers/api/v1/polls/votes_controller.rb
+++ b/app/controllers/api/v1/polls/votes_controller.rb
@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Api::V1::Polls::VotesController < Api::BaseController
+  include Authorization
+
+  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
+  before_action :require_user!
+  before_action :set_poll
+
+  respond_to :json
+
+  def create
+    VoteService.new.call(current_account, @poll, vote_params[:choices])
+    render json: @poll, serializer: REST::PollSerializer
+  end
+
+  private
+
+  def set_poll
+    @poll = Poll.attached.find(params[:poll_id])
+    authorize @poll.status, :show?
+  rescue Mastodon::NotPermittedError
+    raise ActiveRecord::RecordNotFound
+  end
+
+  def vote_params
+    params.permit(choices: [])
+  end
+end
--- a/app/controllers/api/v1/polls_controller.rb
+++ b/app/controllers/api/v1/polls_controller.rb
@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class Api::V1::PollsController < Api::BaseController
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show
+
+  respond_to :json
+
+  def show
+    @poll = Poll.attached.find(params[:id])
+    ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
+    render json: @poll, serializer: REST::PollSerializer, include_results: true
+  end
+end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -53,6 +53,7 @@ class Api::V1::StatusesController < Api::BaseController
                                         visibility: status_params[:visibility],
                                         scheduled_at: status_params[:scheduled_at],
                                         application: doorkeeper_token.application,
+                                         poll: status_params[:poll],
                                         idempotency: request.headers['Idempotency-Key'])

    render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
@ -73,12 +74,25 @@ class Api::V1::StatusesController < Api::BaseController
    @status = Status.find(params[:id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
-    # Reraise in order to get a 404 instead of a 403 error code
    raise ActiveRecord::RecordNotFound
  end

  def status_params
-    params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, :scheduled_at, media_ids: [])
+    params.permit(
+      :status,
+      :in_reply_to_id,
+      :sensitive,
+      :spoiler_text,
+      :visibility,
+      :scheduled_at,
+      media_ids: [],
+      poll: [
+        :multiple,
+        :hide_totals,
+        :expires_in,
+        options: [],
+      ]
+    )
  end

  def pagination_params(core_params)