mirror of
https://git.kescher.at/CatCatNya/catstodon.git
synced 2024-11-27 12:41:37 +01:00
48fee1a800
* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
28 lines
702 B
Ruby
28 lines
702 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::PollsController < Api::BaseController
|
|
include Authorization
|
|
|
|
before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show
|
|
before_action :set_poll
|
|
before_action :refresh_poll
|
|
|
|
respond_to :json
|
|
|
|
def show
|
|
render json: @poll, serializer: REST::PollSerializer, include_results: true
|
|
end
|
|
|
|
private
|
|
|
|
def set_poll
|
|
@poll = Poll.attached.find(params[:id])
|
|
authorize @poll.status, :show?
|
|
rescue Mastodon::NotPermittedError
|
|
raise ActiveRecord::RecordNotFound
|
|
end
|
|
|
|
def refresh_poll
|
|
ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
|
|
end
|
|
end
|