[#2409] Made `GET /api/v1/accounts/:id/favourites` auth-optional, adjusted tests.
This commit is contained in:
parent
00e62161f6
commit
b4139cc547
|
@ -357,7 +357,7 @@ def context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||||
end
|
end
|
||||||
|
|
||||||
@doc "GET /api/v1/favourites"
|
@doc "GET /api/v1/favourites"
|
||||||
def favourites(%{assigns: %{user: user}} = conn, params) do
|
def favourites(%{assigns: %{user: %User{} = user}} = conn, params) do
|
||||||
activities =
|
activities =
|
||||||
ActivityPub.fetch_favourites(
|
ActivityPub.fetch_favourites(
|
||||||
user,
|
user,
|
||||||
|
|
|
@ -39,7 +39,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
|
plug(
|
||||||
|
OAuthScopesPlug,
|
||||||
|
%{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
|
||||||
|
)
|
||||||
|
|
||||||
plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
|
plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
|
||||||
|
|
||||||
|
|
|
@ -312,10 +312,14 @@ defmodule Pleroma.Web.Router do
|
||||||
post("/scrobble", ScrobbleController, :new_scrobble)
|
post("/scrobble", ScrobbleController, :new_scrobble)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
scope [] do
|
||||||
|
pipe_through(:api)
|
||||||
|
get("/accounts/:id/favourites", AccountController, :favourites)
|
||||||
|
end
|
||||||
|
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
|
|
||||||
get("/accounts/:id/favourites", AccountController, :favourites)
|
|
||||||
post("/accounts/:id/subscribe", AccountController, :subscribe)
|
post("/accounts/:id/subscribe", AccountController, :subscribe)
|
||||||
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
|
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
|
||||||
end
|
end
|
||||||
|
@ -404,6 +408,7 @@ defmodule Pleroma.Web.Router do
|
||||||
put("/scheduled_statuses/:id", ScheduledActivityController, :update)
|
put("/scheduled_statuses/:id", ScheduledActivityController, :update)
|
||||||
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
|
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
|
||||||
|
|
||||||
|
# Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
|
||||||
get("/favourites", StatusController, :favourites)
|
get("/favourites", StatusController, :favourites)
|
||||||
get("/bookmarks", StatusController, :bookmarks)
|
get("/bookmarks", StatusController, :bookmarks)
|
||||||
|
|
||||||
|
|
|
@ -151,15 +151,18 @@ test "returns list of statuses favorited by specified user", %{
|
||||||
assert like["id"] == activity.id
|
assert like["id"] == activity.id
|
||||||
end
|
end
|
||||||
|
|
||||||
test "does not return favorites for specified user_id when user is not logged in", %{
|
test "returns favorites for specified user_id when requester is not logged in", %{
|
||||||
user: user
|
user: user
|
||||||
} do
|
} do
|
||||||
activity = insert(:note_activity)
|
activity = insert(:note_activity)
|
||||||
CommonAPI.favorite(user, activity.id)
|
CommonAPI.favorite(user, activity.id)
|
||||||
|
|
||||||
|
response =
|
||||||
build_conn()
|
build_conn()
|
||||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||||
|> json_response(403)
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert length(response) == 1
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns favorited DM only when user is logged in and he is one of recipients", %{
|
test "returns favorited DM only when user is logged in and he is one of recipients", %{
|
||||||
|
@ -185,9 +188,12 @@ test "returns favorited DM only when user is logged in and he is one of recipien
|
||||||
assert length(response) == 1
|
assert length(response) == 1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
response =
|
||||||
build_conn()
|
build_conn()
|
||||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||||
|> json_response(403)
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert length(response) == 0
|
||||||
end
|
end
|
||||||
|
|
||||||
test "does not return others' favorited DM when user is not one of recipients", %{
|
test "does not return others' favorited DM when user is not one of recipients", %{
|
||||||
|
|
Loading…
Reference in New Issue