Commit Graph

42 Commits (9c39fb52f300c447dce5f279e448edeb0291d002)

Author SHA1 Message Date
Claire 502cf75b16
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
7 months ago
Matt Jankowski 85d9053b36
Move `pagination_params` into `API::BaseController` (#28845) 8 months ago
Matt Jankowski caad1e2628
Add scope `Status.distributable_visibility` (#29950) 9 months ago
Matt Jankowski b5115850bb
Move repeated `insert_pagination_headers` method to api base class (#29606) 10 months ago
Matt Jankowski c0e8e457ab
Eager loading fixes for `api/` controllers (#28848) 1 year ago
Matt Jankowski 7ecf7f5403
Move controller->request specs for api/v1/statuses/* (#28818) 1 year ago
Matt Jankowski 4be12791e6
Remove `default_scope` from `StatusEdit` class (#28042) 1 year ago
Matt Jankowski 0945e25b8f
Add `Api::V1::Statuses::BaseController` base controller class (#27794) 1 year ago
Lukas Martini a7d96e6aff
Improve error messages when DeepL quota is exceeded (#26704) 1 year ago
Christian Schmidt 4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2 years ago
Claire 45ba9ada34
Fix race condition when reblogging a status (#25016) 2 years ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2 years ago
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2 years ago
Eugen Rochko 0d6b878808
Add user content translations with configurable backends (#19218) 2 years ago
Eugen Rochko fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
3 years ago
Eugen Rochko 1060666c58
Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
3 years ago
ThibG c43f4cd3bb
Fix not being able to unfavorite toots one has lost access to (#15192)
Fixes #15191
4 years ago
Eugen Rochko e6b272e5c9
Change REST API to return empty data for suspended accounts (#14765) 4 years ago
ThibG f6a82cb2cd
Fix not being able to unbookmark toots when blocked by their author (#14604)
* Fix not being able to unbookmark toots when blocked by their author

* Add tests
4 years ago
ThibG 0a8a3fe595
Fix being unable to unboost when blocked by their author (#14308)
Fixes #14307
5 years ago
Eugen Rochko 988b0493fe
Add more tests for ActivityPub controllers (#13585) 5 years ago
Eugen Rochko 339ce1c4e9
Add specific rate limits for posting and following (#13172) 5 years ago
Eugen Rochko 0ae5c6312f
Remove useless `respond_to` calls (#13208) 5 years ago
Eugen Rochko 0c28a505dd
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 5 years ago
ThibG 3b3bdc7293 Hide blocked users from more places (#12733)
* Hide blocked, muted, and blocked-by users from toot favourite lists

* Hide blocked, muted, and blocked-by users from toot reblog lists

* Hide blocked, muted, and blocked-by users from followers/following (API)

* Fix tests

* Hide blocked, muted, and blocked-by users from followers/following on public pages
5 years ago
ThibG dfea7368c9 Add bookmarks (#7107)
* Add backend support for bookmarks

Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.

* Add spec for bookmark endpoints

* Add front-end support for bookmarks

* Introduce OAuth scopes for bookmarks

* Add bookmarks to archive takeout

* Fix migration

* Coding style fixes

* Fix rebase issue

* Update bookmarked_statuses to latest UI changes

* Update bookmark actions to properly reflect status changes in state

* Add bookmarks item to single-column layout

* Make active bookmarks red
5 years ago
Eugen Rochko 282ea17078
Add soft delete for statuses for instant deletes through API (#11623)
* Add soft delete for statuses to allow them to appear instant

* Allow reporting soft-deleted statuses and show them in the admin UI

* Change index for getting an account's statuses
5 years ago
Eugen Rochko 67b3b62b98
Improve blocked view of profiles (#10491)
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)"

This reverts commit 120544067f.

* Revert "Hide blocking accounts from blocked users (#10442)"

This reverts commit 62bafa20a1.

* Improve blocked view of profiles

- Change "You are blocked" to "Profile unavailable"
- Hide following/followers in API when blocked
- Disable follow button and show "Profile unavailable" on public profile as well
6 years ago
ThibG 62bafa20a1 Hide blocking accounts from blocked users (#10442)
* Revert "Add indication that you have been blocked in web UI (#10420)"

This reverts commit bd02ec6daa.

* Revert "Add `blocked_by` relationship to the REST API (#10373)"

This reverts commit 9745de883b.

* Hide blocking accounts from search results

* Filter blocking accouts from account followers

* Filter blocking accouts from account's following accounts

* Filter blocking accounts from “reblogged by” and “favourited by” lists

* Remove blocking account from URL search

* Return 410 on trying to fetch user data from a user who blocked us

* Return 410 in /api/v1/account/statuses for suspended or blocking accounts

* Fix status filtering when performing URL search

* Restore some React improvements

Restore some cleanup from bd02ec6daa

* Refactor by adding `without_blocking` scope
6 years ago
Eugen Rochko ba84b6d4d7
Add `visibility` param to reblog REST API (#9851)
Use async worker for creating reblog notification to improve performance
6 years ago
Eugen Rochko 32daecffef
Fix REST API showing non-public reblogs for a given status (#9850) 6 years ago
Eugen Rochko d6b9a62e0a
Extract counters from accounts table to account_stats table (#9295) 6 years ago
Eugen Rochko 1f6ed4f86a
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
7 years ago
abcang db012b57c2 Fix distribute_add_activity and distribute_remove_activity (#7393) 7 years ago
Eugen Rochko 33513753b9
Fix unpermitted parameters warning when generating pagination URLs (#6995) 7 years ago
Eugen Rochko 9110db41c5
Federate pinned statuses over ActivityPub (#6610)
* Federate pinned statuses over ActivityPub

* Display pinned toots in web UI

Fix #6117

* Fix migration

* Fix tests

* Update outbox_serializer.rb

* Update remove_serializer.rb

* Update add_serializer.rb

* Update fetch_featured_collection_service.rb
7 years ago
Eugen Rochko 9caa90025f Pinned statuses (#4675)
* Pinned statuses

* yarn manage:translations
8 years ago
unarist 1896a154f5 Fix response of unreblog/unfavourite APIs (#4204)
Both APIs process asynchronously, so reblogged/favourited fields in the response should be set to `false` manually.
8 years ago
Eugen Rochko 8b2cad5637 Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 8 years ago
Matt Jankowski 2925372ff4 Move create/destroy actions for api/v1/statuses to namespace (#3678)
Each of mute, favourite, reblog has been updated to:

- Have a separate controller with just a create and destroy action
- Preserve historical route names to not break the API
- Mild refactoring to break up long methods
8 years ago
Matt Jankowski 5282ba862a Move reblogged_by and favourited_by actions out of api/v1/statuses and into unique controllers (#3646)
* Add specs for api statuses routes

* Update favourited_by and reblogged_by api routes

* Move methods into new controllers

* Use load_accounts methods to simplify index actions

* Clean up load_accounts methods

* Clean up link header generation

* Check for link headers in specs

* Remove unused actions from api/v1/statuses controller

* Remove specs for moved actions
8 years ago