mirror of
https://github.com/mastodon/mastodon.git
synced 2024-08-20 21:08:15 -07:00
Compare commits
2 commits
f3436a4d5e
...
10661810e2
Author | SHA1 | Date | |
---|---|---|---|
|
10661810e2 | ||
|
d51bdd10b3 |
11 changed files with 108 additions and 28 deletions
|
@ -5,6 +5,19 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
|
|||
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
||||
before_action :require_user!
|
||||
|
||||
PERMITTED_PARAMS = [
|
||||
:avatar,
|
||||
:bot,
|
||||
:discoverable,
|
||||
:display_name,
|
||||
:header,
|
||||
:hide_collections,
|
||||
:indexable,
|
||||
:locked,
|
||||
:note,
|
||||
fields_attributes: [:name, :value],
|
||||
].freeze
|
||||
|
||||
def show
|
||||
@account = current_account
|
||||
render json: @account, serializer: REST::CredentialAccountSerializer
|
||||
|
@ -23,18 +36,9 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
|
|||
private
|
||||
|
||||
def account_params
|
||||
params.permit(
|
||||
:display_name,
|
||||
:note,
|
||||
:avatar,
|
||||
:header,
|
||||
:locked,
|
||||
:bot,
|
||||
:discoverable,
|
||||
:hide_collections,
|
||||
:indexable,
|
||||
fields_attributes: [:name, :value]
|
||||
)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
|
||||
def user_params
|
||||
|
|
|
@ -3,6 +3,14 @@
|
|||
class Api::V1::Admin::AccountActionsController < Api::BaseController
|
||||
include Authorization
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
report_id
|
||||
send_email_notification
|
||||
text
|
||||
type
|
||||
warning_preset_id
|
||||
).freeze
|
||||
|
||||
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
|
||||
before_action :set_account
|
||||
|
||||
|
@ -26,12 +34,8 @@ class Api::V1::Admin::AccountActionsController < Api::BaseController
|
|||
end
|
||||
|
||||
def resource_params
|
||||
params.permit(
|
||||
:type,
|
||||
:report_id,
|
||||
:warning_preset_id,
|
||||
:text,
|
||||
:send_email_notification
|
||||
)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -108,7 +108,9 @@ class Api::V1::Admin::AccountsController < Api::BaseController
|
|||
end
|
||||
|
||||
def filter_params
|
||||
params.permit(*FILTER_PARAMS)
|
||||
params
|
||||
.slice(*FILTER_PARAMS)
|
||||
.permit(*FILTER_PARAMS)
|
||||
end
|
||||
|
||||
def translated_filter_params
|
||||
|
|
|
@ -14,6 +14,15 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
|||
after_action :verify_authorized
|
||||
after_action :insert_pagination_headers, only: :index
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
obfuscate
|
||||
private_comment
|
||||
public_comment
|
||||
reject_media
|
||||
reject_reports
|
||||
severity
|
||||
).freeze
|
||||
|
||||
def index
|
||||
authorize :domain_block, :index?
|
||||
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
|
||||
|
@ -67,7 +76,9 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
|||
end
|
||||
|
||||
def domain_block_params
|
||||
params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
|
||||
def next_path
|
||||
|
|
|
@ -14,6 +14,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
|
|||
after_action :verify_authorized
|
||||
after_action :insert_pagination_headers, only: :index
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
comment
|
||||
expires_in
|
||||
ip
|
||||
severity
|
||||
).freeze
|
||||
|
||||
def index
|
||||
authorize :ip_block, :index?
|
||||
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
|
||||
|
@ -56,7 +63,9 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
|
|||
end
|
||||
|
||||
def resource_params
|
||||
params.permit(:ip, :severity, :comment, :expires_in)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
|
||||
def next_path
|
||||
|
|
|
@ -11,6 +11,12 @@ class Api::V1::ListsController < Api::BaseController
|
|||
render json: { error: e.to_s }, status: 422
|
||||
end
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
exclusive
|
||||
replies_policy
|
||||
title
|
||||
).freeze
|
||||
|
||||
def index
|
||||
@lists = List.where(account: current_account).all
|
||||
render json: @lists, each_serializer: REST::ListSerializer
|
||||
|
@ -42,6 +48,8 @@ class Api::V1::ListsController < Api::BaseController
|
|||
end
|
||||
|
||||
def list_params
|
||||
params.permit(:title, :replies_policy, :exclusive)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,6 +6,17 @@ class Api::V1::ReportsController < Api::BaseController
|
|||
|
||||
override_rate_limit_headers :create, family: :reports
|
||||
|
||||
PERMITTED_PARAMS = [
|
||||
:account_id,
|
||||
:category,
|
||||
:comment,
|
||||
:forward,
|
||||
:rule_ids,
|
||||
forward_to_domains: [],
|
||||
rule_ids: [],
|
||||
status_ids: [],
|
||||
].freeze
|
||||
|
||||
def create
|
||||
@report = ReportService.new.call(
|
||||
current_account,
|
||||
|
@ -23,6 +34,6 @@ class Api::V1::ReportsController < Api::BaseController
|
|||
end
|
||||
|
||||
def report_params
|
||||
params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
|
||||
params.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,6 +11,10 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
|
|||
|
||||
override_rate_limit_headers :create, family: :statuses
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
visibility
|
||||
).freeze
|
||||
|
||||
def create
|
||||
with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
|
||||
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
|
||||
|
@ -50,6 +54,8 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
|
|||
end
|
||||
|
||||
def reblog_params
|
||||
params.permit(:visibility)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,6 +8,11 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
|
|||
before_action :set_keywords, only: :index
|
||||
before_action :set_keyword, only: [:show, :update, :destroy]
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
keyword
|
||||
whole_word
|
||||
).freeze
|
||||
|
||||
def index
|
||||
render json: @keywords, each_serializer: REST::FilterKeywordSerializer
|
||||
end
|
||||
|
@ -45,6 +50,8 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
|
|||
end
|
||||
|
||||
def resource_params
|
||||
params.permit(:keyword, :whole_word)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,6 +8,10 @@ class Api::V2::Filters::StatusesController < Api::BaseController
|
|||
before_action :set_status_filters, only: :index
|
||||
before_action :set_status_filter, only: [:show, :destroy]
|
||||
|
||||
PERMITTED_PARAMS = %i(
|
||||
status_id
|
||||
).freeze
|
||||
|
||||
def index
|
||||
render json: @status_filters, each_serializer: REST::FilterStatusSerializer
|
||||
end
|
||||
|
@ -39,6 +43,8 @@ class Api::V2::Filters::StatusesController < Api::BaseController
|
|||
end
|
||||
|
||||
def resource_params
|
||||
params.permit(:status_id)
|
||||
params
|
||||
.slice(*PERMITTED_PARAMS)
|
||||
.permit(*PERMITTED_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,6 +5,17 @@ class Api::V2::SearchController < Api::BaseController
|
|||
|
||||
RESULTS_LIMIT = 20
|
||||
|
||||
SEARCH_PARAMS = %i(
|
||||
account_id
|
||||
following
|
||||
max_id
|
||||
min_id
|
||||
offset
|
||||
q
|
||||
resolve
|
||||
type
|
||||
).freeze
|
||||
|
||||
before_action -> { authorize_if_got_token! :read, :'read:search' }
|
||||
before_action :validate_search_params!
|
||||
|
||||
|
@ -63,6 +74,7 @@ class Api::V2::SearchController < Api::BaseController
|
|||
end
|
||||
|
||||
def search_params
|
||||
params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
|
||||
params
|
||||
.permit(*SEARCH_PARAMS)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue