mirror of
https://github.com/mastodon/mastodon
synced 2024-12-21 10:08:13 +09:00
502cf75b16
* Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
32 lines
642 B
Ruby
32 lines
642 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Timelines::BaseController < Api::BaseController
|
|
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
|
|
|
|
before_action :require_user!, if: :require_auth?
|
|
|
|
private
|
|
|
|
def require_auth?
|
|
!Setting.timeline_preview
|
|
end
|
|
|
|
def pagination_collection
|
|
@statuses
|
|
end
|
|
|
|
def next_path_params
|
|
permitted_params.merge(max_id: pagination_max_id)
|
|
end
|
|
|
|
def prev_path_params
|
|
permitted_params.merge(min_id: pagination_since_id)
|
|
end
|
|
|
|
def permitted_params
|
|
params
|
|
.slice(*self.class::PERMITTED_PARAMS)
|
|
.permit(*self.class::PERMITTED_PARAMS)
|
|
end
|
|
end
|