Merge commit '2fe1b8d1695d8faa452a69872fde94ccc4611576' into glitch-soc/merge-upstream

Conflicts: - `app/helpers/application_helper.rb`: Not a real conflict, upstream added helpers right next to glitch-soc only helpers. Added upstream's helpers. - `spec/models/status_spec.rb`: Not a real conflict, upstream added specs right next to glitch-soc only specs. Added upstream's tests.
2025-12-14 00:08:46 +00:00 · 2024-05-06 17:53:51 +02:00
parent e9cca1cc09 2fe1b8d169
commit 016d194274
58 changed files with 1577 additions and 374 deletions
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -5,9 +5,11 @@ class Api::V1::StatusesController < Api::BaseController

  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
-  before_action :require_user!, except:  [:show, :context]
-  before_action :set_status, only:       [:show, :context]
-  before_action :set_thread, only:       [:create]
+  before_action :require_user!, except:      [:index, :show, :context]
+  before_action :set_statuses, only:         [:index]
+  before_action :set_status, only:           [:show, :context]
+  before_action :set_thread, only:           [:create]
+  before_action :check_statuses_limit, only: [:index]

  override_rate_limit_headers :create, family: :statuses
  override_rate_limit_headers :update, family: :statuses
@@ -23,6 +25,11 @@ class Api::V1::StatusesController < Api::BaseController
  DESCENDANTS_LIMIT       = 60
  DESCENDANTS_DEPTH_LIMIT = 20

+  def index
+    @statuses = cache_collection(@statuses, Status)
+    render json: @statuses, each_serializer: REST::StatusSerializer
+  end
+
  def show
    cache_if_unauthenticated!
    @status = cache_collection([@status], Status).first
@@ -113,6 +120,10 @@ class Api::V1::StatusesController < Api::BaseController

  private

+  def set_statuses
+    @statuses = Status.permitted_statuses_from_ids(status_ids, current_account)
+  end
+
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
@@ -127,6 +138,18 @@ class Api::V1::StatusesController < Api::BaseController
    render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  end

+  def check_statuses_limit
+    raise(Mastodon::ValidationError) if status_ids.size > DEFAULT_STATUSES_LIMIT
+  end
+
+  def status_ids
+    Array(statuses_params[:ids]).uniq.map(&:to_i)
+  end
+
+  def statuses_params
+    params.permit(ids: [])
+  end
+
  def status_params
    params.permit(
      :status,