Update api controllers, add parental control support

app/Http/Controllers/Api/ApiV1Controller.php

@@ -758,6 +758,8 @@ class ApiV1Controller extends Controller
         abort_if(!$request->user(), 403);
 
         $user = $request->user();
+        abort_if($user->has_roles && !UserRoleService::can('can-follow', $user->id), 403, 'Invalid permissions for this action');
+
         AccountService::setLastActive($user->id);
 
         $target = Profile::where('id', '!=', $user->profile_id)
@@ -843,6 +845,7 @@ class ApiV1Controller extends Controller
         abort_if(!$request->user(), 403);
 
         $user = $request->user();
+
         AccountService::setLastActive($user->id);
 
         $target = Profile::where('id', '!=', $user->profile_id)
@@ -947,6 +950,8 @@ class ApiV1Controller extends Controller
         ]);
 
         $user = $request->user();
+        abort_if($user->has_roles && !UserRoleService::can('can-view-discover', $user->id), 403, 'Invalid permissions for this action');
+
         AccountService::setLastActive($user->id);
         $query = $request->input('q');
         $limit = $request->input('limit') ?? 20;

app/Http/Controllers/Api/ApiV2Controller.php

@@ -35,6 +35,7 @@ use App\Transformer\Api\{
     RelationshipTransformer,
 };
 use App\Util\Site\Nodeinfo;
+use App\Services\UserRoleService;
 
 class ApiV2Controller extends Controller
 {
@@ -159,6 +160,14 @@ class ApiV2Controller extends Controller
             'following' => 'nullable'
         ]);
 
+        if($request->user()->has_roles && !UserRoleService::can('can-view-discover', $request->user()->id)) {
+            return [
+                'accounts' => [],
+                'hashtags' => [],
+                'statuses' => []
+            ];
+        }
+
         $mastodonMode = !$request->has('_pe');
         return $this->json(SearchApiV2Service::query($request, $mastodonMode));
     }