about summary refs log tree commit diff
path: root/app/controllers/api/v1/accounts
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-12-20 01:30:43 +0100
committerGitHub <noreply@github.com>2018-12-20 01:30:43 +0100
commit108b2139cd87321f6c0aec63ef93db85ce30bfec (patch)
tree00d52fc87ce207f7797b052ac4b555f5a27555c1 /app/controllers/api/v1/accounts
parent8389b496ba9f8b5fa04a34ccc14c8e4195e03ea3 (diff)
Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)
Fix #7087

The same data is available over the ActivityPub outbox, RSS, and Atom, so
there is little benefit to keeping it limited in this method.
Diffstat (limited to 'app/controllers/api/v1/accounts')
-rw-r--r--app/controllers/api/v1/accounts/statuses_controller.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index b68a8805f..d3f1197f8 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Accounts::StatusesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
   after_action :insert_pagination_headers