Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix /api/v1/admin/trends/tags using wrong serializer #18943

Merged
merged 3 commits into from
Jan 18, 2023
Merged

Fix /api/v1/admin/trends/tags using wrong serializer #18943

merged 3 commits into from
Jan 18, 2023

Conversation

ClearlyClaire
Copy link
Contributor

Fix regression from #18641

@ClearlyClaire ClearlyClaire mentioned this pull request Aug 7, 2022
Open
@ClearlyClaire
Copy link
Contributor Author

@Gargron do you mind reviewing this?

Gargron
Gargron reviewed Oct 26, 2022
View reviewed changes
Copy link
Member

@Gargron Gargron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know what I was thinking when designing this controller, but it's using the normal serializer because when the user doesn't have admin scope/permission, it acts like the non-admin controller. Using the admin serializer here would expose extra details to non-admin users.

@ClearlyClaire ClearlyClaire mentioned this pull request Nov 8, 2022
Open
@connorshea connorshea mentioned this pull request Nov 26, 2022
Closed
@ClearlyClaire
Copy link
Contributor Author

This is an ugly workaround, but I changed it so:

  • which serializer is used depends on whether the usage can manage trending tags
  • the javascript component doesn't link to anywhere if the id is not serialized

@trwnh
Copy link
Member

trwnh commented Nov 27, 2022

the javascript component doesn't link to anywhere if the id is not serialized

how does that interact with #21701? if done this way, i feel like you would also need an admin API endpoint to lookup tag id by name... or perhaps checking for one of the other properties?

@ClearlyClaire
Copy link
Contributor Author

the javascript component doesn't link to anywhere if the id is not serialized

how does that interact with #21701? if done this way, i feel like you would also need an admin API endpoint to lookup tag id by name... or perhaps checking for one of the other properties?

I don't think this whole endpoint is very useful when the user doesn't have the permissions to manage hashtags. AFAICT the only reason there's the fallback to begin with is the admin dashboard that is displayed even if one does not have tag management permissions.

@ClearlyClaire ClearlyClaire mentioned this pull request Jan 2, 2023
Closed
@ClearlyClaire ClearlyClaire mentioned this pull request Jan 16, 2023
Merged
15 tasks
@Gargron Gargron merged commit b034dc4 into mastodon:main Jan 18, 2023
btrd pushed a commit to btrd/mastodon that referenced this pull request Feb 22, 2023
@ClearlyClaire
Fix /api/v1/admin/trends/tags using wrong serializer (mastodon#18943)
a621db0 
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from mastodon#18641

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gargron Gargron Gargron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ClearlyClaire @trwnh @Gargron