Merge remote-tracking branch 'glitch/main'

author: Starfall <us@starfall.systems> 2022-03-08 17:55:38 -0600
committer: Starfall <us@starfall.systems> 2022-03-08 17:55:38 -0600
commit: 239d67fc2c0ec82617de50a9831bc1a9efc30ecc (patch)
tree: a6806025fe9e094994366434b08093cee5923557 /app/controllers/api/v1/statuses_controller.rb
parent: ad1733ea294c6049336a9aeeb7ff96c8fea22cfa (diff)
parent: 02133866e6915e37431298b396e1aded1e4c44c5 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index eaac8e563..ddd7c33ae 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -94,8 +94,9 @@ class Api::V1::StatusesController < Api::BaseController
   end
 
   def set_thread
-    @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
-  rescue ActiveRecord::RecordNotFound
+    @thread = Status.find(status_params[:in_reply_to_id]) if status_params[:in_reply_to_id].present?
+    authorize(@thread, :show?) if @thread.present?
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
   end
author	Starfall <us@starfall.systems>	2022-03-08 17:55:38 -0600
committer	Starfall <us@starfall.systems>	2022-03-08 17:55:38 -0600
commit	239d67fc2c0ec82617de50a9831bc1a9efc30ecc (patch)
tree	a6806025fe9e094994366434b08093cee5923557 /app/controllers/api/v1/statuses_controller.rb
parent	ad1733ea294c6049336a9aeeb7ff96c8fea22cfa (diff)
parent	02133866e6915e37431298b396e1aded1e4c44c5 (diff)