From e354750808792fa258eec6f799f8e2ba3ea45d73 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 9 Feb 2024 20:41:12 -0700 Subject: [PATCH] Fix api endpoints --- .../Controllers/Api/BaseApiController.php | 21 +++++++------------ .../Api/V1/DomainBlockController.php | 9 +++----- .../Controllers/Api/V1/TagsController.php | 12 ++++------- 3 files changed, 14 insertions(+), 28 deletions(-) diff --git a/app/Http/Controllers/Api/BaseApiController.php b/app/Http/Controllers/Api/BaseApiController.php index 72e7f1574..7ac73b4d0 100644 --- a/app/Http/Controllers/Api/BaseApiController.php +++ b/app/Http/Controllers/Api/BaseApiController.php @@ -56,8 +56,7 @@ class BaseApiController extends Controller public function notifications(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $pid = $request->user()->profile_id; $limit = $request->input('limit', 20); @@ -99,8 +98,7 @@ class BaseApiController extends Controller public function avatarUpdate(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('write'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'upload' => 'required|mimetypes:image/jpeg,image/jpg,image/png|max:'.config('pixelfed.max_avatar_size'), @@ -137,8 +135,7 @@ class BaseApiController extends Controller public function verifyCredentials(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $user = $request->user(); if ($user->status != null) { @@ -151,8 +148,7 @@ class BaseApiController extends Controller public function accountLikes(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'page' => 'sometimes|int|min:1|max:20', @@ -180,8 +176,7 @@ class BaseApiController extends Controller public function archive(Request $request, $id) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('write'), 403); + abort_if(!$request->user(), 403); $status = Status::whereNull('in_reply_to_id') ->whereNull('reblog_of_id') @@ -209,8 +204,7 @@ class BaseApiController extends Controller public function unarchive(Request $request, $id) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('write'), 403); + abort_if(!$request->user(), 403); $status = Status::whereNull('in_reply_to_id') ->whereNull('reblog_of_id') @@ -237,8 +231,7 @@ class BaseApiController extends Controller public function archivedPosts(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $statuses = Status::whereProfileId($request->user()->profile_id) ->whereScope('archived') diff --git a/app/Http/Controllers/Api/V1/DomainBlockController.php b/app/Http/Controllers/Api/V1/DomainBlockController.php index 3a4a4c793..5a2698361 100644 --- a/app/Http/Controllers/Api/V1/DomainBlockController.php +++ b/app/Http/Controllers/Api/V1/DomainBlockController.php @@ -23,8 +23,7 @@ class DomainBlockController extends Controller public function index(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'limit' => 'sometimes|integer|min:1|max:200' @@ -54,8 +53,7 @@ class DomainBlockController extends Controller public function store(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('write'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'domain' => 'required|active_url|min:1|max:120' @@ -102,8 +100,7 @@ class DomainBlockController extends Controller public function delete(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('write'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'domain' => 'required|min:1|max:120' diff --git a/app/Http/Controllers/Api/V1/TagsController.php b/app/Http/Controllers/Api/V1/TagsController.php index 5226b67ed..2f7acf4a0 100644 --- a/app/Http/Controllers/Api/V1/TagsController.php +++ b/app/Http/Controllers/Api/V1/TagsController.php @@ -47,8 +47,7 @@ class TagsController extends Controller */ public function followHashtag(Request $request, $id) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('follow'), 403); + abort_if(!$request->user(), 403); $pid = $request->user()->profile_id; $account = AccountService::get($pid); @@ -90,8 +89,7 @@ class TagsController extends Controller */ public function unfollowHashtag(Request $request, $id) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('follow'), 403); + abort_if(!$request->user(), 403); $pid = $request->user()->profile_id; $account = AccountService::get($pid); @@ -136,8 +134,7 @@ class TagsController extends Controller */ public function getHashtag(Request $request, $id) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $pid = $request->user()->profile_id; $account = AccountService::get($pid); @@ -177,8 +174,7 @@ class TagsController extends Controller */ public function getFollowedTags(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $account = AccountService::get($request->user()->profile_id);