62c6e12fa5
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
33 lines
733 B
Ruby
33 lines
733 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Admin::AccountActionsController < Api::BaseController
|
|
before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }
|
|
before_action :require_staff!
|
|
before_action :set_account
|
|
|
|
def create
|
|
account_action = Admin::AccountAction.new(resource_params)
|
|
account_action.target_account = @account
|
|
account_action.current_account = current_account
|
|
account_action.save!
|
|
|
|
render_empty
|
|
end
|
|
|
|
private
|
|
|
|
def set_account
|
|
@account = Account.find(params[:account_id])
|
|
end
|
|
|
|
def resource_params
|
|
params.permit(
|
|
:type,
|
|
:report_id,
|
|
:warning_preset_id,
|
|
:text,
|
|
:send_email_notification
|
|
)
|
|
end
|
|
end
|