diff options
-rw-r--r-- | app/controllers/remote_interaction_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 3 | ||||
-rw-r--r-- | app/services/favourite_service.rb | 4 | ||||
-rw-r--r-- | app/views/stream_entries/_detailed_status.html.haml | 6 | ||||
-rw-r--r-- | app/views/stream_entries/_simple_status.html.haml | 4 |
5 files changed, 18 insertions, 11 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb index b1b304055..aa8f73ac8 100644 --- a/app/controllers/remote_interaction_controller.rb +++ b/app/controllers/remote_interaction_controller.rb @@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController if Favourite.where(account: current_account, status: @status).exists? UnfavouriteService.new.call(current_account, @status) else - FavouriteService.new.call(current_account, @status) + FavouriteService.new.call(current_account, @status, skip_authorize: true) end when 'follow' FollowService.new.call(current_account, @status.account) @@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController UnfollowService.new.call(current_account, @status.account) end - redirect_to TagManager.instance.url_for(@status) + redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey) end private @@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController def set_status @status = Status.find(params[:id]) - authorize @status, :show? + @sharekey = params[:key] + + if @status.sharekey.present? && @sharekey == @status.sharekey + skip_authorization + else + authorize @status, :show? + end rescue Mastodon::NotPermittedError # Reraise in order to get a 404 raise ActiveRecord::RecordNotFound diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 3a6f68db5..6fd937f8d 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -190,8 +190,9 @@ class StatusesController < ApplicationController @status = @account.statuses.find(params[:id]) @stream_entry = @status.stream_entry @type = @stream_entry.activity_type.downcase + @sharekey = params[:key] - if @status.sharekey.present? && params[:key] == @status.sharekey + if @status.sharekey.present? && @sharekey == @status.sharekey skip_authorization else authorize @status, :show? diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb index ce13b92ed..cff4c37e0 100644 --- a/app/services/favourite_service.rb +++ b/app/services/favourite_service.rb @@ -7,8 +7,8 @@ class FavouriteService < BaseService # @param [Account] account # @param [Status] status # @return [Favourite] - def call(account, status, skip_notify = false) - authorize_with account, status, :favourite? + def call(account, status, skip_notify: false, skip_authorize: false) + authorize_with account, status, :favourite? unless skip_authorize favourite = Favourite.find_by(account: account, status: status) diff --git a/app/views/stream_entries/_detailed_status.html.haml b/app/views/stream_entries/_detailed_status.html.haml index 2cafdf4b4..c94e7b3d6 100644 --- a/app/views/stream_entries/_detailed_status.html.haml +++ b/app/views/stream_entries/_detailed_status.html.haml @@ -50,7 +50,7 @@ = link_to "#{TagManager.instance.url_for(status)}?rekey=0", class: 'detailed-status__link', title: 'Revoke share key', target: stream_link_target, rel: 'noopener' do = fa_icon('user-times') · - = link_to remote_interaction_path(status, type: :reply), class: 'modal-button detailed-status__link' do + = link_to remote_interaction_path(status, key: @sharekey, type: :reply), class: 'modal-button detailed-status__link' do - if status.in_reply_to_id.nil? = fa_icon('reply') - else @@ -67,13 +67,13 @@ = fa_icon('lock') - elsif user_signed_in? && !@account.user_hides_stats? · - = link_to remote_interaction_path(status, type: :reblog), class: "detailed-status__link #{user_signed_in? && @account.statuses.where(reblog: status).exists? ? 'detailed-status__boost-icon' : nil}", title: number_to_human(status.reblogs_count, strip_insignificant_zeros: true) do + = link_to remote_interaction_path(status, key: @sharekey, type: :reblog), class: "detailed-status__link #{user_signed_in? && @account.statuses.where(reblog: status).exists? ? 'detailed-status__boost-icon' : nil}", title: number_to_human(status.reblogs_count, strip_insignificant_zeros: true) do = fa_icon('repeat') = " " - if user_signed_in? && !@account.user_hides_stats? · - = link_to remote_interaction_path(status, type: :favourite), class: "detailed-status__link #{user_signed_in? && Favourite.where(account: @account, status: status).exists? ? 'detailed-status__star-icon' : nil}", title: number_to_human(status.favourites_count, strip_insignificant_zeros: true) do + = link_to remote_interaction_path(status, key: @sharekey, type: :favourite), class: "detailed-status__link #{user_signed_in? && Favourite.where(account: @account, status: status).exists? ? 'detailed-status__star-icon' : nil}", title: number_to_human(status.favourites_count, strip_insignificant_zeros: true) do = fa_icon('star') = " " diff --git a/app/views/stream_entries/_simple_status.html.haml b/app/views/stream_entries/_simple_status.html.haml index b8d1cf69b..c53503a7f 100644 --- a/app/views/stream_entries/_simple_status.html.haml +++ b/app/views/stream_entries/_simple_status.html.haml @@ -53,12 +53,12 @@ - else = fa_icon 'reply-all fw' .status__action-bar__counter__label= obscured_counter status.replies_count - = link_to remote_interaction_path(status, type: :reblog), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do + = link_to remote_interaction_path(status, key: @sharekey, type: :reblog), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do - if status.public_visibility? || status.unlisted_visibility? = fa_icon 'repeat fw' - elsif status.private_visibility? = fa_icon 'lock fw' - else = fa_icon 'envelope fw' - = link_to remote_interaction_path(status, type: :favourite), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do + = link_to remote_interaction_path(status, key: @sharekey, type: :favourite), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do = fa_icon 'star fw' |