diff options
author | Jonne Haß <me@jhass.eu> | 2020-01-31 01:42:09 +0300 |
---|---|---|
committer | Jonne Haß <me@jhass.eu> | 2020-02-02 20:23:34 +0300 |
commit | 0754c92116cfcfcaeb2f149c235a6cbd26a108c7 (patch) | |
tree | c363e25e7db1c7c1841bb5a486b104ef2ce90126 /app/controllers | |
parent | fbd0a518291b72e5d7864d8c4c667de5333189ab (diff) |
API: correct like and comment scopes for private posts
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api/v1/comments_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/v1/likes_controller.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/api/v1/comments_controller.rb b/app/controllers/api/v1/comments_controller.rb index 7e500b664..52ddf88f5 100644 --- a/app/controllers/api/v1/comments_controller.rb +++ b/app/controllers/api/v1/comments_controller.rb @@ -8,7 +8,7 @@ module Api end before_action only: %i[create destroy] do - require_access_token %w[interactions public:modify] + require_access_token %w[interactions public:read] end rescue_from ActiveRecord::RecordNotFound do diff --git a/app/controllers/api/v1/likes_controller.rb b/app/controllers/api/v1/likes_controller.rb index 30ee81149..d2d052f7f 100644 --- a/app/controllers/api/v1/likes_controller.rb +++ b/app/controllers/api/v1/likes_controller.rb @@ -31,7 +31,7 @@ module Api def create post = post_service.find!(params.require(:post_id)) - raise ActiveRecord::RecordInvalid unless post.public? || private_modify? + raise ActiveRecord::RecordInvalid unless post.public? || private_read? like_service.create(params[:post_id]) rescue ActiveRecord::RecordInvalid => e @@ -46,7 +46,7 @@ module Api def destroy post = post_service.find!(params.require(:post_id)) - raise ActiveRecord::RecordInvalid unless post.public? || private_modify? + raise ActiveRecord::RecordInvalid unless post.public? || private_read? success = like_service.unlike_post(params[:post_id]) if success |