API: correct like and comment scopes for private posts

2020-01-30 23:42:09 +01:00 · 2020-01-30 23:42:09 +01:00 · 0754c92116
commit 0754c92116
parent fbd0a51829
2 changed files with 3 additions and 3 deletions
--- a/app/controllers/api/v1/comments_controller.rb
+++ b/app/controllers/api/v1/comments_controller.rb
@ -8,7 +8,7 @@ module Api
      end

      before_action only: %i[create destroy] do
-        require_access_token %w[interactions public:modify]
+        require_access_token %w[interactions public:read]
      end

      rescue_from ActiveRecord::RecordNotFound do
--- a/app/controllers/api/v1/likes_controller.rb
+++ b/app/controllers/api/v1/likes_controller.rb
@ -31,7 +31,7 @@ module Api

      def create
        post = post_service.find!(params.require(:post_id))
-        raise ActiveRecord::RecordInvalid unless post.public? || private_modify?
+        raise ActiveRecord::RecordInvalid unless post.public? || private_read?

        like_service.create(params[:post_id])
      rescue ActiveRecord::RecordInvalid => e
@ -46,7 +46,7 @@ module Api

      def destroy
        post = post_service.find!(params.require(:post_id))
-        raise ActiveRecord::RecordInvalid unless post.public? || private_modify?
+        raise ActiveRecord::RecordInvalid unless post.public? || private_read?

        success = like_service.unlike_post(params[:post_id])
        if success