diff options
| -rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index ca92cf882..c3f2422ce 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -79,7 +79,13 @@ class Api::V1::StatusesController < Api::BaseController def set_status @status = Status.find(params[:id]) - authorize @status, :show? + @sharekey = params[:key] + + if @status.sharekey.present? && @sharekey == @status.sharekey.key + skip_authorization + else + authorize @status, :show? + end rescue Mastodon::NotPermittedError raise ActiveRecord::RecordNotFound end |