mastodon/app/controllers/api/v1/statuses/reblogs_controller.rb

# frozen_string_literal: true

class Api::V1::Statuses::ReblogsController < Api::BaseController
  include Authorization

  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
  before_action :require_user!
  before_action :set_reblog

  override_rate_limit_headers :create, family: :statuses

  def create
    @status = ReblogService.new.call(current_account, @reblog, reblog_params)

    render json: @status, serializer: REST::StatusSerializer
  end

  def destroy
    @status = current_account.statuses.find_by(reblog_of_id: @reblog.id)

    if @status
      authorize @status, :unreblog?
      @status.discard
      RemovalWorker.perform_async(@status.id)
    end

    render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })
  end

  private

  def set_reblog
    @reblog = Status.find(params[:status_id])
    authorize @reblog, :show?
  rescue Mastodon::NotPermittedError
    not_found
  end

  def reblog_params
    params.permit(:visibility)
  end
end
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`# frozen_string_literal: true`

			`class Api::V1::Statuses::ReblogsController < Api::BaseController`
			`include Authorization`

Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 16:31:35 +00:00			`before_action -> { doorkeeper_authorize! :write, :'write:statuses' }`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`before_action :require_user!`
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`before_action :set_reblog`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00
Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00			`override_rate_limit_headers :create, family: :statuses`

Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`def create`
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`@status = ReblogService.new.call(current_account, @reblog, reblog_params)`
Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 2017-07-07 02:02:06 +00:00			`render json: @status, serializer: REST::StatusSerializer`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`end`

			`def destroy`
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`@status = current_account.statuses.find_by(reblog_of_id: @reblog.id)`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`if @status`
			`authorize @status, :unreblog?`
			`@status.discard`
			`RemovalWorker.perform_async(@status.id)`
			`end`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`end`

			`private`

Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 11:32:54 +00:00			`def set_reblog`
			`@reblog = Status.find(params[:status_id])`
			`authorize @reblog, :show?`
			`rescue Mastodon::NotPermittedError`
			`not_found`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`end`
Add `visibility` param to reblog REST API (#9851) Use async worker for creating reblog notification to improve performance 2019-03-15 03:36:41 +00:00
			`def reblog_params`
			`params.permit(:visibility)`
			`end`
Move create/destroy actions for api/v1/statuses to namespace (#3678) Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods 2017-06-10 07:39:26 +00:00			`end`