notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/api] Only expose public notes on /api/iceshrimp/v1/user/{id}/notes

Browse source
This commit is contained in:
Laura Hausmann 2024-02-06 02:12:09 +01:00
parent 81c8386eaf
commit 2984abbe2b
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Iceshrimp.Backend/Controllers/UserController.cs
View file

@ -1,6 +1,8 @@
using Iceshrimp.Backend.Controllers.Renderers;
using Iceshrimp.Backend.Controllers.Schemas;
using Iceshrimp.Backend.Core.Database;
using Iceshrimp.Backend.Core.Database.Tables;
using Iceshrimp.Backend.Core.Extensions;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.RateLimiting;
using Microsoft.EntityFrameworkCore;
@ -33,6 +35,7 @@ public class UserController(DatabaseContext db) : Controller {
var notes = db.Notes
.Include(p => p.User)
.Where(p => p.UserId == id)
.HasVisibility(Note.NoteVisibility.Public)
.OrderByDescending(p => p.Id)
.Take(limit)
.ToList();