Expose history and source apis to anon users

2022-06-11 10:35:36 -04:00 · 2022-06-11 10:35:36 -04:00 · edbe714435
parent 670cbc368a
commit edbe714435
3 changed files with 10 additions and 8 deletions
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -194,8 +194,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
  end

  @doc "GET /api/v1/statuses/:id/history"
-  def show_history(%{assigns: %{user: user}} = conn, %{id: id} = params) do
-    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
+  def show_history(%{assigns: assigns} = conn, %{id: id} = params) do
+    with user = assigns[:user],
+         %Activity{} = activity <- Activity.get_by_id_with_object(id),
         true <- Visibility.visible_for_user?(activity, user) do
      try_render(conn, "history.json",
        activity: activity,
@ -209,8 +210,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
  end

  @doc "GET /api/v1/statuses/:id/source"
-  def show_source(%{assigns: %{user: user}} = conn, %{id: id} = _params) do
-    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
+  def show_source(%{assigns: assigns} = conn, %{id: id} = _params) do
+    with user = assigns[:user],
+         %Activity{} = activity <- Activity.get_by_id_with_object(id),
         true <- Visibility.visible_for_user?(activity, user) do
      try_render(conn, "source.json",
        activity: activity,
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -537,8 +537,6 @@ defmodule Pleroma.Web.Router do
    get("/bookmarks", StatusController, :bookmarks)

    post("/statuses", StatusController, :create)
-    get("/statuses/:id/history", StatusController, :show_history)
-    get("/statuses/:id/source", StatusController, :show_source)
    put("/statuses/:id", StatusController, :update)
    delete("/statuses/:id", StatusController, :delete)
    post("/statuses/:id/reblog", StatusController, :reblog)
@ -604,6 +602,8 @@ defmodule Pleroma.Web.Router do
    get("/statuses/:id/context", StatusController, :context)
    get("/statuses/:id/favourited_by", StatusController, :favourited_by)
    get("/statuses/:id/reblogged_by", StatusController, :reblogged_by)
+    get("/statuses/:id/history", StatusController, :show_history)
+    get("/statuses/:id/source", StatusController, :show_source)

    get("/custom_emojis", CustomEmojiController, :index)

--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@ -2045,7 +2045,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do

  describe "get status history" do
    setup do
-      oauth_access(["read:statuses"])
+      %{conn: build_conn()}
    end

    test "unedited post", %{conn: conn} do
@ -2091,7 +2091,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do

  describe "get status source" do
    setup do
-      oauth_access(["read:statuses"])
+      %{conn: build_conn()}
    end

    test "it returns the source", %{conn: conn} do