6 年之前 · fb40a55c7c
--- a/app/Http/Controllers/PublicApiController.php
+++ b/app/Http/Controllers/PublicApiController.php
@@ -395,8 +395,12 @@ class PublicApiController extends Controller
 
															     public function accountFollowers(Request $request, $id)
														
 
															     {
														
 
															-        $profile = Profile::findOrFail($id);
														
 
															-        $followers = $profile->followers;
														
 
															+        abort_unless(Auth::check(), 403);
														
 
															+        $profile = Profile::with('user')->whereNull('status')->whereNull('domain')->findOrFail($id);
														
 
															+        if($profile->is_private || !$profile->user->settings->show_profile_followers) {
														
 
															+            return [];
														
 
															+        }
														
 
															+        $followers = $profile->followers()->orderByDesc('followers.created_at')->paginate(10);
														
 
															         $resource = new Fractal\Resource\Collection($followers, new AccountTransformer());
														
 
															         $res = $this->fractal->createData($resource)->toArray();
														
@@ -405,8 +409,12 @@ class PublicApiController extends Controller
 
															     public function accountFollowing(Request $request, $id)
														
 
															     {
														
 
															-        $profile = Profile::findOrFail($id);
														
 
															-        $following = $profile->following;
														
 
															+        abort_unless(Auth::check(), 403);
														
 
															+        $profile = Profile::with('user')->whereNull('status')->whereNull('domain')->findOrFail($id);
														
 
															+        if($profile->is_private || !$profile->user->settings->show_profile_following) {
														
 
															+            return [];
														
 
															+        }
														
 
															+        $following = $profile->following()->orderByDesc('followers.created_at')->paginate(10);
														
 
															         $resource = new Fractal\Resource\Collection($following, new AccountTransformer());
														
 
															         $res = $this->fractal->createData($resource)->toArray();
														
@@ -468,4 +476,5 @@ class PublicApiController extends Controller
 
															         return response()->json($res);
														
 
															     }
														
 
															+
														
 
															 }
														
--- a/routes/web.php
+++ b/routes/web.php
@@ -70,6 +70,8 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
 
															             Route::get('accounts/verify_credentials', 'ApiController@verifyCredentials');
														
 
															             Route::get('accounts/relationships', 'PublicApiController@relationships');
														
 
															             Route::get('accounts/{id}/statuses', 'PublicApiController@accountStatuses');
														
 
															+            Route::get('accounts/{id}/following', 'PublicApiController@accountFollowing');
														
 
															+            Route::get('accounts/{id}/followers', 'PublicApiController@accountFollowers');
														
 
															             Route::get('accounts/{id}', 'PublicApiController@account');
														
 
															             Route::post('avatar/update', 'ApiController@avatarUpdate');
														
 
															             Route::get('likes', 'ApiController@hydrateLikes');