Ensure allowed_filters includes status filter

statamic · May 30, 2024 · 98760c6 · 98760c6
1 parent f019401
commit 98760c6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/Http/Controllers/API/ApiController.php b/src/Http/Controllers/API/ApiController.php
@@ -31,8 +31,7 @@ protected function abortIfUnpublished(Request $request, $item)
             return;
         }
 
-        // todo: we should also be checking that allowed_filters contains 'status'
-        if ($request->boolean('draft')) {
+        if (in_array('status', $this->allowedFilters()) && $request->boolean('draft')) {
             return;
         }
 

diff --git a/src/Http/Controllers/API/CollectionEntriesController.php b/src/Http/Controllers/API/CollectionEntriesController.php
@@ -39,6 +39,7 @@ public function show(Request $request, $collection, $handle)
         $this->abortIfDisabled();
 
         $entry = Entry::find($handle);
+        $this->collectionHandle = $entry?->collectionHandle();
 
         $this->abortIfInvalid($entry, $collection);
         $this->abortIfUnpublished($request, $entry);
-Original file line number
+Diff line change
@@ Expand Up @@
                 return;
             }
-            // todo: we should also be checking that allowed_filters contains 'status'
-            if ($request->boolean('draft')) {
+            if (in_array('status', $this->allowedFilters()) && $request->boolean('draft')) {
                 return;
             }
@@ Expand Down @@