diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index edc5e48fa..2c8ebfbdd 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -3018,8 +3018,15 @@ class ApiV1Controller extends Controller ->orderByDesc('id') ->cursorPaginate($limit); - $bookmarks = $bookmarkQuery->map(function($bookmark) { - return \App\Services\StatusService::getMastodon($bookmark->status_id); + $bookmarks = $bookmarkQuery->map(function($bookmark) use($pid) { + $status = StatusService::getMastodon($bookmark->status_id, false); + + if($status) { + $status['bookmarked'] = true; + $status['favourited'] = LikeService::liked($pid, $status['id']); + $status['reblogged'] = ReblogService::get($pid, $status['id']); + } + return $status; }) ->filter() ->values() @@ -3057,17 +3064,29 @@ class ApiV1Controller extends Controller { abort_if(!$request->user(), 403); - $status = Status::whereNull('uri') - ->whereScope('public') - ->findOrFail($id); + $status = Status::findOrFail($id); + $pid = $request->user()->profile_id; + + abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); + abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); + abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); + + if($status->scope == 'private') { + abort_if( + $pid !== $status->profile_id && !FollowerService::follows($pid, $status->profile_id), + 404, + 'Error: You cannot bookmark private posts from accounts you do not follow.' + ); + } Bookmark::firstOrCreate([ 'status_id' => $status->id, - 'profile_id' => $request->user()->profile_id + 'profile_id' => $pid ]); - BookmarkService::add($request->user()->profile_id, $status->id); - $res = StatusService::getMastodon($status->id); + BookmarkService::add($pid, $status->id); + + $res = StatusService::getMastodon($status->id, false); $res['bookmarked'] = true; return $this->json($res); @@ -3084,19 +3103,22 @@ class ApiV1Controller extends Controller { abort_if(!$request->user(), 403); - $status = Status::whereNull('uri') - ->whereScope('public') - ->findOrFail($id); + $status = Status::findOrFail($id); + $pid = $request->user()->profile_id; + + abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); + abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); + abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); $bookmark = Bookmark::whereStatusId($status->id) - ->whereProfileId($request->user()->profile_id) + ->whereProfileId($pid) ->first(); if($bookmark) { - BookmarkService::del($request->user()->profile_id, $status->id); + BookmarkService::del($pid, $status->id); $bookmark->delete(); } - $res = StatusService::getMastodon($status->id); + $res = StatusService::getMastodon($status->id, false); $res['bookmarked'] = false; return $this->json($res); diff --git a/app/Http/Controllers/BookmarkController.php b/app/Http/Controllers/BookmarkController.php index f5f59457b..a24520d64 100644 --- a/app/Http/Controllers/BookmarkController.php +++ b/app/Http/Controllers/BookmarkController.php @@ -11,47 +11,57 @@ use App\Services\FollowerService; class BookmarkController extends Controller { - public function __construct() - { - $this->middleware('auth'); - } + public function __construct() + { + $this->middleware('auth'); + } - public function store(Request $request) - { - $this->validate($request, [ - 'item' => 'required|integer|min:1', - ]); + public function store(Request $request) + { + $this->validate($request, [ + 'item' => 'required|integer|min:1', + ]); - $profile = Auth::user()->profile; - $status = Status::findOrFail($request->input('item')); + $profile = Auth::user()->profile; + $status = Status::findOrFail($request->input('item')); - abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); + abort_if($status->in_reply_to_id || $status->reblog_of_id, 404); + abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404); + abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404); - if($status->scope == 'private') { - abort_if( - $profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id), - 404, - 'Error: You cannot bookmark private posts from accounts you do not follow.' - ); - } + if($status->scope == 'private') { + if($profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id)) { + if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($profile->id)->first()) { + BookmarkService::del($profile->id, $status->id); + $exists->delete(); - $bookmark = Bookmark::firstOrCreate( - ['status_id' => $status->id], ['profile_id' => $profile->id] - ); + if ($request->ajax()) { + return ['code' => 200, 'msg' => 'Bookmark removed!']; + } else { + return redirect()->back(); + } + } + abort(404, 'Error: You cannot bookmark private posts from accounts you do not follow.'); + } + } - if (!$bookmark->wasRecentlyCreated) { - BookmarkService::del($profile->id, $status->id); - $bookmark->delete(); - } else { - BookmarkService::add($profile->id, $status->id); - } + $bookmark = Bookmark::firstOrCreate( + ['status_id' => $status->id], ['profile_id' => $profile->id] + ); - if ($request->ajax()) { - $response = ['code' => 200, 'msg' => 'Bookmark saved!']; - } else { - $response = redirect()->back(); - } + if (!$bookmark->wasRecentlyCreated) { + BookmarkService::del($profile->id, $status->id); + $bookmark->delete(); + } else { + BookmarkService::add($profile->id, $status->id); + } - return $response; - } + if ($request->ajax()) { + $response = ['code' => 200, 'msg' => 'Bookmark saved!']; + } else { + $response = redirect()->back(); + } + + return $response; + } }