* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
		
			
				
	
	
		
			29 lines
		
	
	
		
			702 B
		
	
	
	
		
			Ruby
		
	
	
	
	
	
			
		
		
	
	
			29 lines
		
	
	
		
			702 B
		
	
	
	
		
			Ruby
		
	
	
	
	
	
| # frozen_string_literal: true
 | |
| 
 | |
| class Api::V1::PollsController < Api::BaseController
 | |
|   include Authorization
 | |
| 
 | |
|   before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show
 | |
|   before_action :set_poll
 | |
|   before_action :refresh_poll
 | |
| 
 | |
|   respond_to :json
 | |
| 
 | |
|   def show
 | |
|     render json: @poll, serializer: REST::PollSerializer, include_results: true
 | |
|   end
 | |
| 
 | |
|   private
 | |
| 
 | |
|   def set_poll
 | |
|     @poll = Poll.attached.find(params[:id])
 | |
|     authorize @poll.status, :show?
 | |
|   rescue Mastodon::NotPermittedError
 | |
|     raise ActiveRecord::RecordNotFound
 | |
|   end
 | |
| 
 | |
|   def refresh_poll
 | |
|     ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
 | |
|   end
 | |
| end
 |