UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-22 06:21:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4914 from pixelfed/staging

Browse source 
Fix api endpoints
This commit is contained in:
daniel 2024-02-09 20:52:09 -07:00 committed by GitHub
commit 8ab9951909
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Controllers/Api/ApiV1Controller.php
View file

@ -956,8 +956,7 @@ class ApiV1Controller extends Controller
*/ */
public function accountRelationshipsById(Request $request) public function accountRelationshipsById(Request $request)
{ {
abort_if(!$request->user() || !$request->user()->token(), 403); abort_if(!$request->user(), 403);
abort_unless($request->user()->tokenCan('read'), 403);
$this->validate($request, [ $this->validate($request, [
'id' => 'required|array|min:1|max:20', 'id' => 'required|array|min:1|max:20',

2
app/Http/Controllers/ComposeController.php
View file

@ -260,6 +260,8 @@ class ComposeController extends Controller
$q = mb_substr($q, 1); $q = mb_substr($q, 1);
} }
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action'); abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$blocked = UserFilter::whereFilterableType('App\Profile') $blocked = UserFilter::whereFilterableType('App\Profile')