[#2409] Made `GET /api/v1/accounts/:id/favourites` auth-optional, adjusted tests.
This commit is contained in:
parent
00e62161f6
commit
b4139cc547
|
@ -357,7 +357,7 @@ def context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|||
end
|
||||
|
||||
@doc "GET /api/v1/favourites"
|
||||
def favourites(%{assigns: %{user: user}} = conn, params) do
|
||||
def favourites(%{assigns: %{user: %User{} = user}} = conn, params) do
|
||||
activities =
|
||||
ActivityPub.fetch_favourites(
|
||||
user,
|
||||
|
|
|
@ -39,7 +39,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
|
|||
]
|
||||
)
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
|
||||
)
|
||||
|
||||
plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
|
||||
|
||||
|
|
|
@ -312,10 +312,14 @@ defmodule Pleroma.Web.Router do
|
|||
post("/scrobble", ScrobbleController, :new_scrobble)
|
||||
end
|
||||
|
||||
scope [] do
|
||||
pipe_through(:api)
|
||||
get("/accounts/:id/favourites", AccountController, :favourites)
|
||||
end
|
||||
|
||||
scope [] do
|
||||
pipe_through(:authenticated_api)
|
||||
|
||||
get("/accounts/:id/favourites", AccountController, :favourites)
|
||||
post("/accounts/:id/subscribe", AccountController, :subscribe)
|
||||
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
|
||||
end
|
||||
|
@ -404,6 +408,7 @@ defmodule Pleroma.Web.Router do
|
|||
put("/scheduled_statuses/:id", ScheduledActivityController, :update)
|
||||
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
|
||||
|
||||
# Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
|
||||
get("/favourites", StatusController, :favourites)
|
||||
get("/bookmarks", StatusController, :bookmarks)
|
||||
|
||||
|
|
|
@ -151,15 +151,18 @@ test "returns list of statuses favorited by specified user", %{
|
|||
assert like["id"] == activity.id
|
||||
end
|
||||
|
||||
test "does not return favorites for specified user_id when user is not logged in", %{
|
||||
test "returns favorites for specified user_id when requester is not logged in", %{
|
||||
user: user
|
||||
} do
|
||||
activity = insert(:note_activity)
|
||||
CommonAPI.favorite(user, activity.id)
|
||||
|
||||
build_conn()
|
||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||
|> json_response(403)
|
||||
response =
|
||||
build_conn()
|
||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||
|> json_response(200)
|
||||
|
||||
assert length(response) == 1
|
||||
end
|
||||
|
||||
test "returns favorited DM only when user is logged in and he is one of recipients", %{
|
||||
|
@ -185,9 +188,12 @@ test "returns favorited DM only when user is logged in and he is one of recipien
|
|||
assert length(response) == 1
|
||||
end
|
||||
|
||||
build_conn()
|
||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||
|> json_response(403)
|
||||
response =
|
||||
build_conn()
|
||||
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|
||||
|> json_response(200)
|
||||
|
||||
assert length(response) == 0
|
||||
end
|
||||
|
||||
test "does not return others' favorited DM when user is not one of recipients", %{
|
||||
|
|
Loading…
Reference in New Issue