1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00
This commit is contained in:
Matt Jankowski 2024-07-31 11:06:49 +00:00 committed by GitHub
commit 10661810e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 108 additions and 28 deletions

View file

@ -5,6 +5,19 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
before_action :require_user!
PERMITTED_PARAMS = [
:avatar,
:bot,
:discoverable,
:display_name,
:header,
:hide_collections,
:indexable,
:locked,
:note,
fields_attributes: [:name, :value],
].freeze
def show
@account = current_account
render json: @account, serializer: REST::CredentialAccountSerializer
@ -23,18 +36,9 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
private
def account_params
params.permit(
:display_name,
:note,
:avatar,
:header,
:locked,
:bot,
:discoverable,
:hide_collections,
:indexable,
fields_attributes: [:name, :value]
)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
def user_params

View file

@ -3,6 +3,14 @@
class Api::V1::Admin::AccountActionsController < Api::BaseController
include Authorization
PERMITTED_PARAMS = %i(
report_id
send_email_notification
text
type
warning_preset_id
).freeze
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
before_action :set_account
@ -26,12 +34,8 @@ class Api::V1::Admin::AccountActionsController < Api::BaseController
end
def resource_params
params.permit(
:type,
:report_id,
:warning_preset_id,
:text,
:send_email_notification
)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
end

View file

@ -108,7 +108,9 @@ class Api::V1::Admin::AccountsController < Api::BaseController
end
def filter_params
params.permit(*FILTER_PARAMS)
params
.slice(*FILTER_PARAMS)
.permit(*FILTER_PARAMS)
end
def translated_filter_params

View file

@ -14,6 +14,15 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
PERMITTED_PARAMS = %i(
obfuscate
private_comment
public_comment
reject_media
reject_reports
severity
).freeze
def index
authorize :domain_block, :index?
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
@ -67,7 +76,9 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
end
def domain_block_params
params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
def next_path

View file

@ -14,6 +14,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
PERMITTED_PARAMS = %i(
comment
expires_in
ip
severity
).freeze
def index
authorize :ip_block, :index?
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
@ -56,7 +63,9 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
end
def resource_params
params.permit(:ip, :severity, :comment, :expires_in)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
def next_path

View file

@ -11,6 +11,12 @@ class Api::V1::ListsController < Api::BaseController
render json: { error: e.to_s }, status: 422
end
PERMITTED_PARAMS = %i(
exclusive
replies_policy
title
).freeze
def index
@lists = List.where(account: current_account).all
render json: @lists, each_serializer: REST::ListSerializer
@ -42,6 +48,8 @@ class Api::V1::ListsController < Api::BaseController
end
def list_params
params.permit(:title, :replies_policy, :exclusive)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
end

View file

@ -6,6 +6,17 @@ class Api::V1::ReportsController < Api::BaseController
override_rate_limit_headers :create, family: :reports
PERMITTED_PARAMS = [
:account_id,
:category,
:comment,
:forward,
:rule_ids,
forward_to_domains: [],
rule_ids: [],
status_ids: [],
].freeze
def create
@report = ReportService.new.call(
current_account,
@ -23,6 +34,6 @@ class Api::V1::ReportsController < Api::BaseController
end
def report_params
params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
params.permit(*PERMITTED_PARAMS)
end
end

View file

@ -11,6 +11,10 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
override_rate_limit_headers :create, family: :statuses
PERMITTED_PARAMS = %i(
visibility
).freeze
def create
with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
@ -50,6 +54,8 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
end
def reblog_params
params.permit(:visibility)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
end

View file

@ -8,6 +8,11 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
before_action :set_keywords, only: :index
before_action :set_keyword, only: [:show, :update, :destroy]
PERMITTED_PARAMS = %i(
keyword
whole_word
).freeze
def index
render json: @keywords, each_serializer: REST::FilterKeywordSerializer
end
@ -45,6 +50,8 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
end
def resource_params
params.permit(:keyword, :whole_word)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
end

View file

@ -8,6 +8,10 @@ class Api::V2::Filters::StatusesController < Api::BaseController
before_action :set_status_filters, only: :index
before_action :set_status_filter, only: [:show, :destroy]
PERMITTED_PARAMS = %i(
status_id
).freeze
def index
render json: @status_filters, each_serializer: REST::FilterStatusSerializer
end
@ -39,6 +43,8 @@ class Api::V2::Filters::StatusesController < Api::BaseController
end
def resource_params
params.permit(:status_id)
params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end
end

View file

@ -5,6 +5,17 @@ class Api::V2::SearchController < Api::BaseController
RESULTS_LIMIT = 20
SEARCH_PARAMS = %i(
account_id
following
max_id
min_id
offset
q
resolve
type
).freeze
before_action -> { authorize_if_got_token! :read, :'read:search' }
before_action :validate_search_params!
@ -63,6 +74,7 @@ class Api::V2::SearchController < Api::BaseController
end
def search_params
params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
params
.permit(*SEARCH_PARAMS)
end
end