Updated groups to be public

• Updated: - groups to be public - routes for /group and /groups/id to be public - GroupTimeline to ignore relationships for loading - Group fetching to be a where with is_archived: false - GroupControllers to have if current_user, else • Added: - Meta and og information for view - Group fetch - public route api for featured groups, group timelines • Removed: - Doorkeeper for read:groups
2020-07-21 23:05:54 -05:00
parent 49c6e323fa
commit 3b0ec6a270
9 changed files with 69 additions and 20 deletions
--- a/app/controllers/api/v1/groups/relationships_controller.rb
+++ b/app/controllers/api/v1/groups/relationships_controller.rb
@@ -7,7 +7,7 @@ class Api::V1::Groups::RelationshipsController < Api::BaseController
  respond_to :json

  def index
-    groups = Group.where(id: group_ids).select('id')
+    groups = Group.where(id: group_ids, is_archived: false).select('id')
    # .where doesn't guarantee that our results are in the same order
    # we requested them, so return the "right" order to the requestor.
    @groups = groups.index_by(&:id).values_at(*group_ids).compact
--- a/app/controllers/api/v1/groups_controller.rb
+++ b/app/controllers/api/v1/groups_controller.rb
@@ -3,10 +3,10 @@
 class Api::V1::GroupsController < Api::BaseController
  include Authorization

-  before_action -> { doorkeeper_authorize! :read, :'read:groups' }, only: [:index, :show]
+  # before_action -> { doorkeeper_authorize! :read, :'read:groups' }, only: [:index, :show]
  before_action -> { doorkeeper_authorize! :write, :'write:groups' }, except: [:index, :show]

-  before_action :require_user!
+  before_action :require_user!, except: [:index, :show]
  before_action :set_group, except: [:index, :create]

  def index
@@ -14,10 +14,19 @@ class Api::V1::GroupsController < Api::BaseController
      when 'featured'
        @groups = Group.where(is_featured: true, is_archived: false).limit(100).all
      when 'new'
+        if !current_user
+          render json: { error: 'This method requires an authenticated user' }, status: 422
+        end
        @groups = Group.where(is_archived: false).limit(24).order('created_at DESC').all
      when 'member'
+        if !current_user
+          render json: { error: 'This method requires an authenticated user' }, status: 422
+        end
        @groups = Group.joins(:group_accounts).where(is_archived: false, group_accounts: { account: current_account }).order('group_accounts.id DESC').all
      when 'admin'
+        if !current_user
+          render json: { error: 'This method requires an authenticated user' }, status: 422
+        end
        @groups = Group.joins(:group_accounts).where(is_archived: false, group_accounts: { account: current_account, role: :admin }).all
    end

@@ -75,7 +84,7 @@ class Api::V1::GroupsController < Api::BaseController
  private

  def set_group
-    @group = Group.find(params[:id])
+    @group = Group.where(id: params[:id], is_archived: false).first
  end

  def group_params
--- a/app/controllers/api/v1/timelines/group_controller.rb
+++ b/app/controllers/api/v1/timelines/group_controller.rb
@@ -1,23 +1,25 @@
 # frozen_string_literal: true

 class Api::V1::Timelines::GroupController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:groups' }
-  before_action :require_user!
  before_action :set_group
  before_action :set_statuses

  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }

  def show
-    render json: @statuses,
-           each_serializer: REST::StatusSerializer,
-           relationships: StatusRelationshipsPresenter.new(@statuses, current_user.account_id)
+    if current_user
+      render json: @statuses,
+            each_serializer: REST::StatusSerializer,
+            relationships: StatusRelationshipsPresenter.new(@statuses, current_user.account_id)
+    else
+      render json: @statuses, each_serializer: REST::StatusSerializer
+    end
  end

  private

  def set_group
-    @group = Group.find(params[:id])
+    @group = Group.where(id: params[:id], is_archived: false).first
  end

  def set_statuses
@@ -29,10 +31,18 @@ class Api::V1::Timelines::GroupController < Api::BaseController
  end

  def group_statuses
-    statuses = group_timeline_statuses.without_replies.paginate_by_id(
-      limit_param(DEFAULT_STATUSES_LIMIT),
-      params_slice(:max_id, :since_id, :min_id)
-    ).reject { |status| FeedManager.instance.filter?(:home, status, current_account.id) }
+    statuses = nil
+    if current_account
+      statuses = group_timeline_statuses.without_replies.paginate_by_id(
+        limit_param(DEFAULT_STATUSES_LIMIT),
+        params_slice(:max_id, :since_id, :min_id)
+      ).reject { |status| FeedManager.instance.filter?(:home, status, current_account.id) }
+    else
+      statuses = group_timeline_statuses.without_replies.paginate_by_id(
+        limit_param(DEFAULT_STATUSES_LIMIT),
+        params_slice(:max_id, :since_id, :min_id)
+      )
+    end

    if truthy_param?(:only_media)
      # `SELECT DISTINCT id, updated_at` is too slow, so pluck ids at first, and then select id, updated_at with ids.