diff options
| author | multiple creatures <dev@multiple-creature.party> | 2019-08-14 19:25:01 -0500 |
|---|---|---|
| committer | multiple creatures <dev@multiple-creature.party> | 2019-08-15 09:27:43 -0500 |
| commit | a06f8140d9e1485126eafe2f1e561e067bd8a038 (patch) | |
| tree | 3ed44eaacd2849e42794d1da0445c0f8265fdfc6 /app/controllers | |
| parent | 6d026c5007113f14e70b9cec2933eff52d072312 (diff) | |
handle interactions on sharekeyed posts when both participants are local; allow faving sharekeyed posts
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/remote_interaction_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/statuses_controller.rb | 3 |
2 files changed, 11 insertions, 4 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb index b1b304055..aa8f73ac8 100644 --- a/app/controllers/remote_interaction_controller.rb +++ b/app/controllers/remote_interaction_controller.rb @@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController if Favourite.where(account: current_account, status: @status).exists? UnfavouriteService.new.call(current_account, @status) else - FavouriteService.new.call(current_account, @status) + FavouriteService.new.call(current_account, @status, skip_authorize: true) end when 'follow' FollowService.new.call(current_account, @status.account) @@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController UnfollowService.new.call(current_account, @status.account) end - redirect_to TagManager.instance.url_for(@status) + redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey) end private @@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController def set_status @status = Status.find(params[:id]) - authorize @status, :show? + @sharekey = params[:key] + + if @status.sharekey.present? && @sharekey == @status.sharekey + skip_authorization + else + authorize @status, :show? + end rescue Mastodon::NotPermittedError # Reraise in order to get a 404 raise ActiveRecord::RecordNotFound diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 3a6f68db5..6fd937f8d 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -190,8 +190,9 @@ class StatusesController < ApplicationController @status = @account.statuses.find(params[:id]) @stream_entry = @status.stream_entry @type = @stream_entry.activity_type.downcase + @sharekey = params[:key] - if @status.sharekey.present? && params[:key] == @status.sharekey + if @status.sharekey.present? && @sharekey == @status.sharekey skip_authorization else authorize @status, :show? |