gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge pull request from GHSA-58x8-3qxw-6hm7

Browse source 
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
This commit is contained in:
Claire 2024-07-04 16:26:49 +02:00 committed by KMY
parent ca1e2e6131
commit 21b716db12
9 changed files with 64 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/api/v1/statuses/translations_controller.rb
View file

@ -2,6 +2,7 @@
class Api::V1::Statuses::TranslationsController < Api::V1::Statuses::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
before_action :require_user!
before_action :set_translation
rescue_from TranslationService::NotConfiguredError, with: :not_found