mirror of
https://github.com/mastodon/mastodon.git
synced 2024-08-20 21:08:15 -07:00
Compare commits
2 commits
f3436a4d5e
...
10661810e2
Author | SHA1 | Date | |
---|---|---|---|
|
10661810e2 | ||
|
d51bdd10b3 |
11 changed files with 108 additions and 28 deletions
|
@ -5,6 +5,19 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
|
||||||
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = [
|
||||||
|
:avatar,
|
||||||
|
:bot,
|
||||||
|
:discoverable,
|
||||||
|
:display_name,
|
||||||
|
:header,
|
||||||
|
:hide_collections,
|
||||||
|
:indexable,
|
||||||
|
:locked,
|
||||||
|
:note,
|
||||||
|
fields_attributes: [:name, :value],
|
||||||
|
].freeze
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@account = current_account
|
@account = current_account
|
||||||
render json: @account, serializer: REST::CredentialAccountSerializer
|
render json: @account, serializer: REST::CredentialAccountSerializer
|
||||||
|
@ -23,18 +36,9 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
|
||||||
private
|
private
|
||||||
|
|
||||||
def account_params
|
def account_params
|
||||||
params.permit(
|
params
|
||||||
:display_name,
|
.slice(*PERMITTED_PARAMS)
|
||||||
:note,
|
.permit(*PERMITTED_PARAMS)
|
||||||
:avatar,
|
|
||||||
:header,
|
|
||||||
:locked,
|
|
||||||
:bot,
|
|
||||||
:discoverable,
|
|
||||||
:hide_collections,
|
|
||||||
:indexable,
|
|
||||||
fields_attributes: [:name, :value]
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def user_params
|
def user_params
|
||||||
|
|
|
@ -3,6 +3,14 @@
|
||||||
class Api::V1::Admin::AccountActionsController < Api::BaseController
|
class Api::V1::Admin::AccountActionsController < Api::BaseController
|
||||||
include Authorization
|
include Authorization
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
report_id
|
||||||
|
send_email_notification
|
||||||
|
text
|
||||||
|
type
|
||||||
|
warning_preset_id
|
||||||
|
).freeze
|
||||||
|
|
||||||
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
|
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
|
|
||||||
|
@ -26,12 +34,8 @@ class Api::V1::Admin::AccountActionsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_params
|
def resource_params
|
||||||
params.permit(
|
params
|
||||||
:type,
|
.slice(*PERMITTED_PARAMS)
|
||||||
:report_id,
|
.permit(*PERMITTED_PARAMS)
|
||||||
:warning_preset_id,
|
|
||||||
:text,
|
|
||||||
:send_email_notification
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -108,7 +108,9 @@ class Api::V1::Admin::AccountsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def filter_params
|
def filter_params
|
||||||
params.permit(*FILTER_PARAMS)
|
params
|
||||||
|
.slice(*FILTER_PARAMS)
|
||||||
|
.permit(*FILTER_PARAMS)
|
||||||
end
|
end
|
||||||
|
|
||||||
def translated_filter_params
|
def translated_filter_params
|
||||||
|
|
|
@ -14,6 +14,15 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
||||||
after_action :verify_authorized
|
after_action :verify_authorized
|
||||||
after_action :insert_pagination_headers, only: :index
|
after_action :insert_pagination_headers, only: :index
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
obfuscate
|
||||||
|
private_comment
|
||||||
|
public_comment
|
||||||
|
reject_media
|
||||||
|
reject_reports
|
||||||
|
severity
|
||||||
|
).freeze
|
||||||
|
|
||||||
def index
|
def index
|
||||||
authorize :domain_block, :index?
|
authorize :domain_block, :index?
|
||||||
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
|
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
|
||||||
|
@ -67,7 +76,9 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def domain_block_params
|
def domain_block_params
|
||||||
params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
|
|
||||||
def next_path
|
def next_path
|
||||||
|
|
|
@ -14,6 +14,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
|
||||||
after_action :verify_authorized
|
after_action :verify_authorized
|
||||||
after_action :insert_pagination_headers, only: :index
|
after_action :insert_pagination_headers, only: :index
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
comment
|
||||||
|
expires_in
|
||||||
|
ip
|
||||||
|
severity
|
||||||
|
).freeze
|
||||||
|
|
||||||
def index
|
def index
|
||||||
authorize :ip_block, :index?
|
authorize :ip_block, :index?
|
||||||
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
|
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
|
||||||
|
@ -56,7 +63,9 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_params
|
def resource_params
|
||||||
params.permit(:ip, :severity, :comment, :expires_in)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
|
|
||||||
def next_path
|
def next_path
|
||||||
|
|
|
@ -11,6 +11,12 @@ class Api::V1::ListsController < Api::BaseController
|
||||||
render json: { error: e.to_s }, status: 422
|
render json: { error: e.to_s }, status: 422
|
||||||
end
|
end
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
exclusive
|
||||||
|
replies_policy
|
||||||
|
title
|
||||||
|
).freeze
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@lists = List.where(account: current_account).all
|
@lists = List.where(account: current_account).all
|
||||||
render json: @lists, each_serializer: REST::ListSerializer
|
render json: @lists, each_serializer: REST::ListSerializer
|
||||||
|
@ -42,6 +48,8 @@ class Api::V1::ListsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def list_params
|
def list_params
|
||||||
params.permit(:title, :replies_policy, :exclusive)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,17 @@ class Api::V1::ReportsController < Api::BaseController
|
||||||
|
|
||||||
override_rate_limit_headers :create, family: :reports
|
override_rate_limit_headers :create, family: :reports
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = [
|
||||||
|
:account_id,
|
||||||
|
:category,
|
||||||
|
:comment,
|
||||||
|
:forward,
|
||||||
|
:rule_ids,
|
||||||
|
forward_to_domains: [],
|
||||||
|
rule_ids: [],
|
||||||
|
status_ids: [],
|
||||||
|
].freeze
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@report = ReportService.new.call(
|
@report = ReportService.new.call(
|
||||||
current_account,
|
current_account,
|
||||||
|
@ -23,6 +34,6 @@ class Api::V1::ReportsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_params
|
def report_params
|
||||||
params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
|
params.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,6 +11,10 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
|
||||||
|
|
||||||
override_rate_limit_headers :create, family: :statuses
|
override_rate_limit_headers :create, family: :statuses
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
visibility
|
||||||
|
).freeze
|
||||||
|
|
||||||
def create
|
def create
|
||||||
with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
|
with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
|
||||||
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
|
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
|
||||||
|
@ -50,6 +54,8 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def reblog_params
|
def reblog_params
|
||||||
params.permit(:visibility)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,6 +8,11 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
|
||||||
before_action :set_keywords, only: :index
|
before_action :set_keywords, only: :index
|
||||||
before_action :set_keyword, only: [:show, :update, :destroy]
|
before_action :set_keyword, only: [:show, :update, :destroy]
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
keyword
|
||||||
|
whole_word
|
||||||
|
).freeze
|
||||||
|
|
||||||
def index
|
def index
|
||||||
render json: @keywords, each_serializer: REST::FilterKeywordSerializer
|
render json: @keywords, each_serializer: REST::FilterKeywordSerializer
|
||||||
end
|
end
|
||||||
|
@ -45,6 +50,8 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_params
|
def resource_params
|
||||||
params.permit(:keyword, :whole_word)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,6 +8,10 @@ class Api::V2::Filters::StatusesController < Api::BaseController
|
||||||
before_action :set_status_filters, only: :index
|
before_action :set_status_filters, only: :index
|
||||||
before_action :set_status_filter, only: [:show, :destroy]
|
before_action :set_status_filter, only: [:show, :destroy]
|
||||||
|
|
||||||
|
PERMITTED_PARAMS = %i(
|
||||||
|
status_id
|
||||||
|
).freeze
|
||||||
|
|
||||||
def index
|
def index
|
||||||
render json: @status_filters, each_serializer: REST::FilterStatusSerializer
|
render json: @status_filters, each_serializer: REST::FilterStatusSerializer
|
||||||
end
|
end
|
||||||
|
@ -39,6 +43,8 @@ class Api::V2::Filters::StatusesController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_params
|
def resource_params
|
||||||
params.permit(:status_id)
|
params
|
||||||
|
.slice(*PERMITTED_PARAMS)
|
||||||
|
.permit(*PERMITTED_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,6 +5,17 @@ class Api::V2::SearchController < Api::BaseController
|
||||||
|
|
||||||
RESULTS_LIMIT = 20
|
RESULTS_LIMIT = 20
|
||||||
|
|
||||||
|
SEARCH_PARAMS = %i(
|
||||||
|
account_id
|
||||||
|
following
|
||||||
|
max_id
|
||||||
|
min_id
|
||||||
|
offset
|
||||||
|
q
|
||||||
|
resolve
|
||||||
|
type
|
||||||
|
).freeze
|
||||||
|
|
||||||
before_action -> { authorize_if_got_token! :read, :'read:search' }
|
before_action -> { authorize_if_got_token! :read, :'read:search' }
|
||||||
before_action :validate_search_params!
|
before_action :validate_search_params!
|
||||||
|
|
||||||
|
@ -63,6 +74,7 @@ class Api::V2::SearchController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def search_params
|
def search_params
|
||||||
params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
|
params
|
||||||
|
.permit(*SEARCH_PARAMS)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue