|
|
|
@ -56,7 +56,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
|
|
|
|
|
@doc "PUT /api/v1/media/:id"
|
|
|
|
|
def update(%{assigns: %{user: user}, body_params: %{description: description}} = conn, %{id: id}) do
|
|
|
|
|
with %Object{} = object <- Object.get_by_id(id),
|
|
|
|
|
true <- Object.authorize_mutation(object, user),
|
|
|
|
|
:ok <- Object.authorize_access(object, user),
|
|
|
|
|
{:ok, %Object{data: data}} <- Object.update_data(object, %{"name" => description}) do
|
|
|
|
|
attachment_data = Map.put(data, "id", object.id)
|
|
|
|
|
|
|
|
|
@ -66,10 +66,10 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
|
|
|
|
|
|
|
|
|
|
def update(conn, data), do: show(conn, data)
|
|
|
|
|
|
|
|
|
|
# TODO: clarify: is the access to non-owned objects granted intentionally?
|
|
|
|
|
@doc "GET /api/v1/media/:id"
|
|
|
|
|
def show(conn, %{id: id}) do
|
|
|
|
|
with %Object{data: data, id: object_id} <- Object.get_by_id(id) do
|
|
|
|
|
def show(%{assigns: %{user: user}} = conn, %{id: id}) do
|
|
|
|
|
with %Object{data: data, id: object_id} = object <- Object.get_by_id(id),
|
|
|
|
|
:ok <- Object.authorize_access(object, user) do
|
|
|
|
|
attachment_data = Map.put(data, "id", object_id)
|
|
|
|
|
|
|
|
|
|
render(conn, "attachment.json", %{attachment: attachment_data})
|
|
|
|
|