mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-09 16:24:51 +00:00
Update ApiV1Controller, normalize profile id comparison
This commit is contained in:
Daniel Supernault
parent
796ad37419
commit
374bfdae15
1 changed files with 37 additions and 23 deletions
|
|
@ -458,7 +458,7 @@ class ApiV1Controller extends Controller
|
|||
abort_if(!$account, 404);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
if($pid != $account['id']) {
|
||||
if(intval($pid) !== intval($account['id'])) {
|
||||
if($account['locked']) {
|
||||
if(!FollowerService::follows($pid, $account['id'])) {
|
||||
return [];
|
||||
|
|
@ -505,7 +505,7 @@ class ApiV1Controller extends Controller
|
|||
abort_if(!$account, 404);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
if($pid != $account['id']) {
|
||||
if(intval($pid) !== intval($account['id'])) {
|
||||
if($account['locked']) {
|
||||
if(!FollowerService::follows($pid, $account['id'])) {
|
||||
return [];
|
||||
|
|
@ -564,7 +564,7 @@ class ApiV1Controller extends Controller
|
|||
$profile = $napi ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
|
||||
|
||||
if(!$profile || !isset($profile['id']) || !$user) {
|
||||
return response('', 404);
|
||||
return $this->json(['error' => 'Account not found'], 404);
|
||||
}
|
||||
|
||||
$limit = $request->limit ?? 20;
|
||||
|
|
@ -587,7 +587,7 @@ class ApiV1Controller extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
if($pid == $profile['id']) {
|
||||
if(intval($pid) === intval($profile['id'])) {
|
||||
$visibility = ['public', 'unlisted', 'private'];
|
||||
} else if($profile['locked']) {
|
||||
$following = FollowerService::follows($pid, $profile['id']);
|
||||
|
|
@ -817,7 +817,7 @@ class ApiV1Controller extends Controller
|
|||
$pid = $request->user()->profile_id ?? $request->user()->profile->id;
|
||||
$res = collect($request->input('id'))
|
||||
->filter(function($id) use($pid) {
|
||||
return $id != $pid;
|
||||
return intval($id) !== intval($pid);
|
||||
})
|
||||
->map(function($id) use($pid) {
|
||||
return RelationshipService::get($pid, $id);
|
||||
|
|
@ -848,15 +848,21 @@ class ApiV1Controller extends Controller
|
|||
$resolve = (bool) $request->input('resolve', false);
|
||||
$q = '%' . $query . '%';
|
||||
|
||||
$profiles = Profile::whereNull('status')
|
||||
->where('username', 'like', $q)
|
||||
->orWhere('name', 'like', $q)
|
||||
->limit($limit)
|
||||
->get();
|
||||
$profiles = Cache::remember('api:v1:accounts:search:' . sha1($query) . ':limit:' . $limit, 86400, function() use($q, $limit) {
|
||||
return Profile::whereNull('status')
|
||||
->where('username', 'like', $q)
|
||||
->orWhere('name', 'like', $q)
|
||||
->limit($limit)
|
||||
->pluck('id')
|
||||
->map(function($id) {
|
||||
return AccountService::getMastodon($id);
|
||||
})
|
||||
->filter(function($account) {
|
||||
return $account && isset($account['id']);
|
||||
});
|
||||
});
|
||||
|
||||
$resource = new Fractal\Resource\Collection($profiles, new AccountTransformer());
|
||||
$res = $this->fractal->createData($resource)->toArray();
|
||||
return $this->json($res);
|
||||
return $this->json($profiles);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -908,7 +914,7 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$pid = $user->profile_id ?? $user->profile->id;
|
||||
|
||||
if($id == $pid) {
|
||||
if(intval($id) === intval($pid)) {
|
||||
abort(400, 'You cannot block yourself');
|
||||
}
|
||||
|
||||
|
|
@ -953,7 +959,7 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$pid = $user->profile_id ?? $user->profile->id;
|
||||
|
||||
if($id == $pid) {
|
||||
if(intval($id) === intval($pid)) {
|
||||
abort(400, 'You cannot unblock yourself');
|
||||
}
|
||||
|
||||
|
|
@ -1088,7 +1094,7 @@ class ApiV1Controller extends Controller
|
|||
|
||||
$spid = $status['account']['id'];
|
||||
|
||||
if($spid !== $user->profile_id) {
|
||||
if(intval($spid) !== intval($user->profile_id)) {
|
||||
if($status['visibility'] == 'private') {
|
||||
abort_if(!FollowerService::follows($user->profile_id, $spid), 403);
|
||||
} else {
|
||||
|
|
@ -1143,7 +1149,7 @@ class ApiV1Controller extends Controller
|
|||
|
||||
$status = Status::findOrFail($id);
|
||||
|
||||
if($status->profile_id !== $user->profile_id) {
|
||||
if(intval($status->profile_id) !== intval($user->profile_id)) {
|
||||
if($status->scope == 'private') {
|
||||
abort_if(!$status->profile->followedBy($user->profile), 403);
|
||||
} else {
|
||||
|
|
@ -1770,6 +1776,10 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
||||
if(intval($pid) === intval($id)) {
|
||||
return $this->json(['error' => 'You cannot mute yourself'], 500);
|
||||
}
|
||||
|
||||
$account = Profile::findOrFail($id);
|
||||
|
||||
$filter = UserFilter::firstOrCreate([
|
||||
|
|
@ -1803,6 +1813,10 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
||||
if(intval($pid) === intval($id)) {
|
||||
return $this->json(['error' => 'You cannot unmute yourself'], 500);
|
||||
}
|
||||
|
||||
$account = Profile::findOrFail($id);
|
||||
|
||||
$filter = UserFilter::whereUserId($pid)
|
||||
|
|
@ -2228,7 +2242,7 @@ class ApiV1Controller extends Controller
|
|||
$scope = $res['visibility'];
|
||||
if(!in_array($scope, ['public', 'unlisted'])) {
|
||||
if($scope === 'private') {
|
||||
if($res['account']['id'] != $user->profile_id) {
|
||||
if(intval($res['account']['id']) !== intval($user->profile_id)) {
|
||||
abort_unless(FollowerService::follows($user->profile_id, $res['account']['id']), 403);
|
||||
}
|
||||
} else {
|
||||
|
|
@ -2261,7 +2275,7 @@ class ApiV1Controller extends Controller
|
|||
return response('', 404);
|
||||
}
|
||||
|
||||
if($status['account']['id'] != $user->profile_id) {
|
||||
if(intval($status['account']['id']) !== intval($user->profile_id)) {
|
||||
if($status['visibility'] == 'private') {
|
||||
if(!FollowerService::follows($user->profile_id, $status['account']['id'])) {
|
||||
return response('', 404);
|
||||
|
|
@ -2341,7 +2355,7 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$status = Status::findOrFail($id);
|
||||
|
||||
if($status->profile_id !== $user->profile_id) {
|
||||
if(intval($status->profile_id) !== intval($user->profile_id)) {
|
||||
if($status->scope == 'private') {
|
||||
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
|
||||
} else {
|
||||
|
|
@ -2407,7 +2421,7 @@ class ApiV1Controller extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
if($status->profile_id !== $user->profile_id) {
|
||||
if(intval($status->profile_id) !== intval($user->profile_id)) {
|
||||
if($status->scope == 'private') {
|
||||
abort_if(!$status->profile->followedBy($user->profile), 403);
|
||||
} else {
|
||||
|
|
@ -2644,7 +2658,7 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$status = Status::whereScope('public')->findOrFail($id);
|
||||
|
||||
if($status->profile_id !== $user->profile_id) {
|
||||
if(intval($status->profile_id) !== intval($user->profile_id)) {
|
||||
if($status->scope == 'private') {
|
||||
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
|
||||
} else {
|
||||
|
|
@ -2692,7 +2706,7 @@ class ApiV1Controller extends Controller
|
|||
$user = $request->user();
|
||||
$status = Status::whereScope('public')->findOrFail($id);
|
||||
|
||||
if($status->profile_id !== $user->profile_id) {
|
||||
if(intval($status->profile_id) !== intval($user->profile_id)) {
|
||||
if($status->scope == 'private') {
|
||||
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in a new issue