diff options
author | happycoloredbanana <happycoloredbanana@users.noreply.github.com> | 2017-04-18 22:58:57 +0300 |
---|---|---|
committer | Eugen <eugen@zeonfederated.com> | 2017-04-18 21:58:57 +0200 |
commit | 0a7588282a00513af9631d06eea76878a974c659 (patch) | |
tree | 655178eb8d6ad99bbec71861d7edc37581a095e2 /app/controllers/api | |
parent | 3ed219f90791442d0e71d740f5b3950f58e493ce (diff) |
Remove API authentication for public statuses (after review) (#1919)
Diffstat (limited to 'app/controllers/api')
-rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index b0e26918e..e88f9cc41 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::StatusesController < ApiController - before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] + before_action :authorize_if_got_token, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] before_action -> { doorkeeper_authorize! :write }, only: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] before_action :require_user!, except: [:show, :context, :card, :reblogged_by, :favourited_by] before_action :set_status, only: [:show, :context, :card, :reblogged_by, :favourited_by] @@ -114,4 +114,9 @@ class Api::V1::StatusesController < ApiController def pagination_params(core_params) params.permit(:limit).merge(core_params) end + + def authorize_if_got_token + request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods) + doorkeeper_authorize! :read if request_token + end end |