allow sharekeys to be used with the api status controller

author: multiple creatures <dev@multiple-creature.party> 2020-01-12 23:44:35 -0600
committer: multiple creatures <dev@multiple-creature.party> 2020-01-12 23:44:35 -0600
commit: 651c569c3fe7bd3ab12578396ec5934285f02188 (patch)
tree: 06d80683a7a8cb4962783c714d02a1f65d1f7233 /app/controllers/api
parent: 6d6f6b3385ef93105d403d3a786c8299c06829f4 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index ca92cf882..c3f2422ce 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -79,7 +79,13 @@ class Api::V1::StatusesController < Api::BaseController
 
   def set_status
     @status = Status.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey.key
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     raise ActiveRecord::RecordNotFound
   end
author	multiple creatures <dev@multiple-creature.party>	2020-01-12 23:44:35 -0600
committer	multiple creatures <dev@multiple-creature.party>	2020-01-12 23:44:35 -0600
commit	651c569c3fe7bd3ab12578396ec5934285f02188 (patch)
tree	06d80683a7a8cb4962783c714d02a1f65d1f7233 /app/controllers/api
parent	6d6f6b3385ef93105d403d3a786c8299c06829f4 (diff)