From bd249f0c39d2635e433dcec2a93b13617e321f50 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Wed, 16 Feb 2022 00:58:19 -0700
Subject: [PATCH 1/2] Update CollectionController, fix broken unauthenticated
 access. Fixes #3242

---
 app/Http/Controllers/CollectionController.php | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/CollectionController.php b/app/Http/Controllers/CollectionController.php
index b1d072ff9..057d9fe9c 100644
--- a/app/Http/Controllers/CollectionController.php
+++ b/app/Http/Controllers/CollectionController.php
@@ -17,6 +17,7 @@ use App\Transformer\Api\{
 };
 use League\Fractal\Serializer\ArraySerializer;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
+use App\Services\StatusService;
 
 class CollectionController extends Controller
 {
@@ -166,12 +167,16 @@ class CollectionController extends Controller
         if($collection->visibility !== 'public') {
             abort_if(!Auth::check() || Auth::user()->profile_id != $collection->profile_id, 404);
         }
-        $posts = $collection->posts()->orderBy('order', 'asc')->get();
 
-        $fractal = new Fractal\Manager();
-        $fractal->setSerializer(new ArraySerializer());
-        $resource = new Fractal\Resource\Collection($posts, new StatusTransformer());
-        $res = $fractal->createData($resource)->toArray();
+        $res = CollectionItem::whereCollectionId($id)
+        	->pluck('object_id')
+        	->map(function($id) {
+        		return StatusService::get($id);
+        	})
+        	->filter(function($post) {
+        		return $post && isset($post['account']);
+        	})
+        	->values();
 
         return response()->json($res);
     }
@@ -197,11 +202,12 @@ class CollectionController extends Controller
             ->paginate(9)
             ->map(function($collection) {
                 return [
-                    'id' => $collection->id,
+                    'id' => (string) $collection->id,
                     'title' => $collection->title,
                     'description' => $collection->description,
                     'thumb' => $collection->posts()->first()->thumb(),
                     'url' => $collection->url(),
+                    'post_count' => $collection->posts()->count(),
                     'published_at' => $collection->published_at
                 ];
         });

From 0f6bf484d6e63ed6fe5a241a5713acff7705d34e Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Wed, 16 Feb 2022 00:58:44 -0700
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5bed069eb..0747e1c39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,7 @@
 - Updated ApiV1Controller, improve favourites endpoint. ([151dc17c](https://github.com/pixelfed/pixelfed/commit/151dc17c))
 - Updated StatusController, set missing reblog/share type. ([548a12a4](https://github.com/pixelfed/pixelfed/commit/548a12a4))
 - Updated index view, remove shortcut from favicon meta tag. Fixes #3196. ([6e2cb3cd](https://github.com/pixelfed/pixelfed/commit/6e2cb3cd))
+- Updated CollectionController, fix broken unauthenticated access. Fixes #3242. ([bd249f0c](https://github.com/pixelfed/pixelfed/commit/bd249f0c))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.11.2 (2022-01-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.1...v0.11.2)