[backend] Require admin scope for AP get endpoint

This commit addresses disclosed primitive 18
This commit is contained in:
Laura Hausmann 2024-10-28 14:34:17 +01:00
parent 7542310e3e
commit aa73a8905d
No known key found for this signature in database
GPG Key ID: D044E84C5BE01605
2 changed files with 10 additions and 7 deletions

View File

@ -6,6 +6,7 @@ export const meta = {
tags: ["federation"],
requireCredential: true,
requireAdmin: true,
limit: {
duration: HOUR,

View File

@ -169,7 +169,7 @@
{{ i18n.ts.updateRemoteUser }}</FormButton
>
<FormFolder class="_formBlock">
<FormFolder class="_formBlock" v-if="iAmAdmin">
<template #label>Raw</template>
<MkObjectView v-if="ap" tall :value="ap">
@ -577,13 +577,15 @@ watch(
},
);
watch($$(user), () => {
os.api("ap/get", {
uri: user.uri ?? `${url}/users/${user.id}`,
}).then((res) => {
ap = res;
if (iAmAdmin) {
watch($$(user), () => {
os.api("ap/get", {
uri: user.uri ?? `${url}/users/${user.id}`,
}).then((res) => {
ap = res;
});
});
});
}
const headerActions = $computed(() => []);