about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/statuses_controller.rb8
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 1e7adb7da..f95f1dfe0 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -67,7 +67,13 @@ class StatusesController < ApplicationController
 
   def set_status
     @status = @account.statuses.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey.key
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     raise ActiveRecord::RecordNotFound
   end
generated by cgit-pink (git 2.37.1) at 2024-07-01 13:46:45 +0000