Merge pull request #2070 from pixelfed/staging

Update ApiV1Controller
This commit is contained in:
daniel 2020-02-27 22:14:29 -07:00 committed by GitHub
commit 7297917de8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -749,6 +749,14 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$like = Like::firstOrCreate([ $like = Like::firstOrCreate([
'profile_id' => $user->profile_id, 'profile_id' => $user->profile_id,
'status_id' => $status->id 'status_id' => $status->id
@ -780,6 +788,14 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$like = Like::whereProfileId($user->profile_id) $like = Like::whereProfileId($user->profile_id)
->whereStatusId($status->id) ->whereStatusId($status->id)
->first(); ->first();
@ -1407,7 +1423,18 @@ class ApiV1Controller extends Controller
{ {
abort_if(!$request->user(), 403); abort_if(!$request->user(), 403);
$status = Status::whereVisibility('public')->findOrFail($id); $user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$resource = new Fractal\Resource\Item($status, new StatusTransformer()); $resource = new Fractal\Resource\Item($status, new StatusTransformer());
$res = $this->fractal->createData($resource)->toArray(); $res = $this->fractal->createData($resource)->toArray();
@ -1425,7 +1452,17 @@ class ApiV1Controller extends Controller
{ {
abort_if(!$request->user(), 403); abort_if(!$request->user(), 403);
$status = Status::whereVisibility('public')->findOrFail($id); $user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
// Return empty response since we don't handle threading like this // Return empty response since we don't handle threading like this
$res = [ $res = [
@ -1447,7 +1484,17 @@ class ApiV1Controller extends Controller
{ {
abort_if(!$request->user(), 403); abort_if(!$request->user(), 403);
$status = Status::whereVisibility('public')->findOrFail($id); $user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
// Return empty response since we don't handle support cards // Return empty response since we don't handle support cards
$res = []; $res = [];
@ -1472,7 +1519,17 @@ class ApiV1Controller extends Controller
]); ]);
$limit = $request->input('limit') ?? 40; $limit = $request->input('limit') ?? 40;
$status = Status::whereVisibility('public')->findOrFail($id); $user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$shared = $status->sharedBy()->latest()->simplePaginate($limit); $shared = $status->sharedBy()->latest()->simplePaginate($limit);
$resource = new Fractal\Resource\Collection($shared, new AccountTransformer()); $resource = new Fractal\Resource\Collection($shared, new AccountTransformer());
$res = $this->fractal->createData($resource)->toArray(); $res = $this->fractal->createData($resource)->toArray();
@ -1503,7 +1560,17 @@ class ApiV1Controller extends Controller
]); ]);
$limit = $request->input('limit') ?? 40; $limit = $request->input('limit') ?? 40;
$status = Status::whereVisibility('public')->findOrFail($id); $user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$liked = $status->likedBy()->latest()->simplePaginate($limit); $liked = $status->likedBy()->latest()->simplePaginate($limit);
$resource = new Fractal\Resource\Collection($liked, new AccountTransformer()); $resource = new Fractal\Resource\Collection($liked, new AccountTransformer());
$res = $this->fractal->createData($resource)->toArray(); $res = $this->fractal->createData($resource)->toArray();
@ -1651,6 +1718,14 @@ class ApiV1Controller extends Controller
$user = $request->user(); $user = $request->user();
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
$share = Status::firstOrCreate([ $share = Status::firstOrCreate([
'profile_id' => $user->profile_id, 'profile_id' => $user->profile_id,
'reblog_of_id' => $status->id, 'reblog_of_id' => $status->id,
@ -1682,6 +1757,14 @@ class ApiV1Controller extends Controller
$user = $request->user(); $user = $request->user();
$status = Status::findOrFail($id); $status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
abort_if(!in_array($status->scope, ['public','unlisted']), 403);
}
}
Status::whereProfileId($user->profile_id) Status::whereProfileId($user->profile_id)
->whereReblogOfId($status->id) ->whereReblogOfId($status->id)
->delete(); ->delete();