hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ActivityPub Controller: Actually pass for_user to following/followers

Browse source 
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
This commit is contained in:
rinpatch 2019-07-12 20:54:20 +03:00
commit 97b79efbcd
3 changed files with 102 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/pleroma/web/router.ex
View file

@ -623,8 +623,6 @@ defmodule Pleroma.Web.Router do
# XXX: not really ostatus
pipe_through(:ostatus)
get("/users/:nickname/followers", ActivityPubController, :followers)
get("/users/:nickname/following", ActivityPubController, :following)
get("/users/:nickname/outbox", ActivityPubController, :outbox)
get("/objects/:uuid/likes", ActivityPubController, :object_likes)
end
@ -656,6 +654,12 @@ defmodule Pleroma.Web.Router do
pipe_through(:oauth_write)
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
end
scope [] do
pipe_through(:oauth_read_or_public)
get("/users/:nickname/followers", ActivityPubController, :followers)
get("/users/:nickname/following", ActivityPubController, :following)
end
end
scope "/relay", Pleroma.Web.ActivityPub do