0e3717eb2d
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
17 lines
402 B
Ruby
17 lines
402 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Admin::Trends::LinksController < Api::BaseController
|
|
before_action -> { authorize_if_got_token! :'admin:read' }
|
|
before_action :require_staff!
|
|
before_action :set_links
|
|
|
|
def index
|
|
render json: @links, each_serializer: REST::Trends::LinkSerializer
|
|
end
|
|
|
|
private
|
|
|
|
def set_links
|
|
@links = Trends.links.query.limit(limit_param(10))
|
|
end
|
|
end
|