hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

MediaController OAuth scope assignments fix.

Browse source 
Typo fix (`def get_media` instead of `def show`).
This commit is contained in:
Ivan Tashkinov 2020-05-17 08:46:43 +03:00
commit af9dfdce6b
2 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/pleroma/web/mastodon_api/controllers/media_controller.ex
View file

@ -14,7 +14,8 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
plug(Pleroma.Web.ApiSpec.CastAndValidate)
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
plug(OAuthScopesPlug, %{scopes: ["write:media"]})
plug(OAuthScopesPlug, %{scopes: ["read:media"]} when action == :show)
plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action != :show)
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.MediaOperation
@ -65,6 +66,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
def update(conn, data), do: show(conn, data)
# TODO: clarify: is the access to non-owned objects granted intentionally?
@doc "GET /api/v1/media/:id"
def show(conn, %{id: id}) do
with %Object{data: data, id: object_id} <- Object.get_by_id(id) do
@ -74,5 +76,5 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
end
end
def get_media(_conn, _data), do: {:error, :bad_request}
def show(_conn, _data), do: {:error, :bad_request}
end