Added scope check

2025-05-11 11:44:12 +02:00 · 2021-05-16 07:37:11 +00:00 · 2021-05-16 07:37:11 +00:00 · 49207a8624
commit 49207a8624
parent 33573dda34
53 changed files with 107 additions and 62 deletions
--- a/src/Module/Api/Mastodon/Accounts/Block.php
+++ b/src/Module/Api/Mastodon/Accounts/Block.php
@ -33,7 +33,7 @@ class Block extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Follow.php
+++ b/src/Module/Api/Mastodon/Accounts/Follow.php
@ -33,7 +33,7 @@ class Follow extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
@ -42,6 +42,6 @@ class Follow extends BaseApi

 		$cid = Contact::follow($parameters['id'], self::getCurrentUserID());

-		System::jsonExit(DI::mstdnRelationship()->createFromContactId($cid)->toArray());
+		System::jsonExit(DI::mstdnRelationship()->createFromContactId($cid, $uid)->toArray());
 	}
 }
--- a/src/Module/Api/Mastodon/Accounts/Followers.php
+++ b/src/Module/Api/Mastodon/Accounts/Followers.php
@ -37,7 +37,7 @@ class Followers extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Following.php
+++ b/src/Module/Api/Mastodon/Accounts/Following.php
@ -37,7 +37,7 @@ class Following extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/IdentityProofs.php
+++ b/src/Module/Api/Mastodon/Accounts/IdentityProofs.php
@ -35,7 +35,7 @@ class IdentityProofs extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);

 		System::jsonExit([]);
 	}
--- a/src/Module/Api/Mastodon/Accounts/Lists.php
+++ b/src/Module/Api/Mastodon/Accounts/Lists.php
@ -38,7 +38,7 @@ class Lists extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Mute.php
+++ b/src/Module/Api/Mastodon/Accounts/Mute.php
@ -33,7 +33,7 @@ class Mute extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Note.php
+++ b/src/Module/Api/Mastodon/Accounts/Note.php
@ -34,7 +34,7 @@ class Note extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_WRITE);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Relationships.php
+++ b/src/Module/Api/Mastodon/Accounts/Relationships.php
@ -37,7 +37,7 @@ class Relationships extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		if (empty($_REQUEST['id']) || !is_array($_REQUEST['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Search.php
+++ b/src/Module/Api/Mastodon/Accounts/Search.php
@ -40,7 +40,7 @@ class Search extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		// What to search for
--- a/src/Module/Api/Mastodon/Accounts/Unblock.php
+++ b/src/Module/Api/Mastodon/Accounts/Unblock.php
@ -33,7 +33,7 @@ class Unblock extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Unfollow.php
+++ b/src/Module/Api/Mastodon/Accounts/Unfollow.php
@ -33,7 +33,7 @@ class Unfollow extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/Unmute.php
+++ b/src/Module/Api/Mastodon/Accounts/Unmute.php
@ -33,7 +33,7 @@ class Unmute extends BaseApi
 {
 	public static function post(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_FOLLOW);
 		$uid = self::getCurrentUserID();

 		if (empty($parameters['id'])) {
--- a/src/Module/Api/Mastodon/Accounts/UpdateCredentials.php
+++ b/src/Module/Api/Mastodon/Accounts/UpdateCredentials.php
@ -31,7 +31,7 @@ class UpdateCredentials extends BaseApi
 {
 	public static function patch(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_WRITE);
 		$uid = self::getCurrentUserID();

 		$data = Network::postdata();
--- a/src/Module/Api/Mastodon/Accounts/VerifyCredentials.php
+++ b/src/Module/Api/Mastodon/Accounts/VerifyCredentials.php
@ -38,7 +38,7 @@ class VerifyCredentials extends BaseApi
 	 */
 	public static function rawContent(array $parameters = [])
 	{
-		self::login();
+		self::login(self::SCOPE_READ);
 		$uid = self::getCurrentUserID();

 		$self = User::getOwnerDataById($uid);