Allow profile fetching for authenticated users only.
This commit is contained in:
parent
ed1eb5deea
commit
f85566324e
2 changed files with 6 additions and 3 deletions
|
@ -138,7 +138,6 @@ defmodule Pleroma.Web.Router do
|
|||
|
||||
get "/search", TwitterAPI.Controller, :search
|
||||
get "/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline
|
||||
get "/externalprofile/show", TwitterAPI.Controller, :external_profile
|
||||
end
|
||||
|
||||
scope "/api", Pleroma.Web do
|
||||
|
@ -176,6 +175,8 @@ defmodule Pleroma.Web.Router do
|
|||
|
||||
get "/statuses/followers", TwitterAPI.Controller, :followers
|
||||
get "/statuses/friends", TwitterAPI.Controller, :friends
|
||||
|
||||
get "/externalprofile/show", TwitterAPI.Controller, :external_profile
|
||||
end
|
||||
|
||||
pipeline :ostatus do
|
||||
|
|
|
@ -405,11 +405,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
|||
describe "GET /api/externalprofile/show" do
|
||||
test "it returns the user", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
|
||||
conn = conn
|
||||
|> get("/api/externalprofile/show", %{profileurl: user.ap_id})
|
||||
|> assign(:user, user)
|
||||
|> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
|
||||
|
||||
assert json_response(conn, 200) == UserView.render("show.json", %{user: user})
|
||||
assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue