0e3717eb2d
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
17 lines
460 B
Ruby
17 lines
460 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Admin::Trends::StatusesController < Api::BaseController
|
|
before_action -> { authorize_if_got_token! :'admin:read' }
|
|
before_action :require_staff!
|
|
before_action :set_statuses
|
|
|
|
def index
|
|
render json: @statuses, each_serializer: REST::StatusSerializer
|
|
end
|
|
|
|
private
|
|
|
|
def set_statuses
|
|
@statuses = cache_collection(Trends.statuses.query.limit(limit_param(DEFAULT_STATUSES_LIMIT)), Status)
|
|
end
|
|
end
|