about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/remote_interaction_controller.rb12
-rw-r--r--app/controllers/statuses_controller.rb3
-rw-r--r--app/services/favourite_service.rb4
-rw-r--r--app/views/stream_entries/_detailed_status.html.haml6
-rw-r--r--app/views/stream_entries/_simple_status.html.haml4
5 files changed, 18 insertions, 11 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb
index b1b304055..aa8f73ac8 100644
--- a/app/controllers/remote_interaction_controller.rb
+++ b/app/controllers/remote_interaction_controller.rb
@@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController
       if Favourite.where(account: current_account, status: @status).exists?
         UnfavouriteService.new.call(current_account, @status)
       else
-        FavouriteService.new.call(current_account, @status)
+        FavouriteService.new.call(current_account, @status, skip_authorize: true)
       end
     when 'follow'
       FollowService.new.call(current_account, @status.account)
@@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController
       UnfollowService.new.call(current_account, @status.account)
     end
 
-    redirect_to TagManager.instance.url_for(@status)
+    redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey)
   end
 
   private
@@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController
 
   def set_status
     @status = Status.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     # Reraise in order to get a 404
     raise ActiveRecord::RecordNotFound
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 3a6f68db5..6fd937f8d 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -190,8 +190,9 @@ class StatusesController < ApplicationController
     @status       = @account.statuses.find(params[:id])
     @stream_entry = @status.stream_entry
     @type         = @stream_entry.activity_type.downcase
+    @sharekey     = params[:key]
 
-    if @status.sharekey.present? && params[:key] == @status.sharekey
+    if @status.sharekey.present? && @sharekey == @status.sharekey
       skip_authorization
     else
       authorize @status, :show?
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index ce13b92ed..cff4c37e0 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -7,8 +7,8 @@ class FavouriteService < BaseService
   # @param [Account] account
   # @param [Status] status
   # @return [Favourite]
-  def call(account, status, skip_notify = false)
-    authorize_with account, status, :favourite?
+  def call(account, status, skip_notify: false, skip_authorize: false)
+    authorize_with account, status, :favourite? unless skip_authorize
 
     favourite = Favourite.find_by(account: account, status: status)
 
diff --git a/app/views/stream_entries/_detailed_status.html.haml b/app/views/stream_entries/_detailed_status.html.haml
index 2cafdf4b4..c94e7b3d6 100644
--- a/app/views/stream_entries/_detailed_status.html.haml
+++ b/app/views/stream_entries/_detailed_status.html.haml
@@ -50,7 +50,7 @@
         = link_to "#{TagManager.instance.url_for(status)}?rekey=0", class: 'detailed-status__link', title: 'Revoke share key', target: stream_link_target, rel: 'noopener' do
           = fa_icon('user-times')
         ·
-    = link_to remote_interaction_path(status, type: :reply), class: 'modal-button detailed-status__link' do
+    = link_to remote_interaction_path(status, key: @sharekey, type: :reply), class: 'modal-button detailed-status__link' do
       - if status.in_reply_to_id.nil?
         = fa_icon('reply')
       - else
@@ -67,13 +67,13 @@
         = fa_icon('lock')
     - elsif user_signed_in? && !@account.user_hides_stats?
       ·
-      = link_to remote_interaction_path(status, type: :reblog), class: "detailed-status__link #{user_signed_in? && @account.statuses.where(reblog: status).exists? ? 'detailed-status__boost-icon' : nil}", title: number_to_human(status.reblogs_count, strip_insignificant_zeros: true) do
+      = link_to remote_interaction_path(status, key: @sharekey, type: :reblog), class: "detailed-status__link #{user_signed_in? && @account.statuses.where(reblog: status).exists? ? 'detailed-status__boost-icon' : nil}", title: number_to_human(status.reblogs_count, strip_insignificant_zeros: true) do
         = fa_icon('repeat')
         = " "
 
     - if user_signed_in? && !@account.user_hides_stats?
       ·
-      = link_to remote_interaction_path(status, type: :favourite), class: "detailed-status__link  #{user_signed_in? && Favourite.where(account: @account, status: status).exists? ? 'detailed-status__star-icon' : nil}", title: number_to_human(status.favourites_count, strip_insignificant_zeros: true) do
+      = link_to remote_interaction_path(status, key: @sharekey, type: :favourite), class: "detailed-status__link  #{user_signed_in? && Favourite.where(account: @account, status: status).exists? ? 'detailed-status__star-icon' : nil}", title: number_to_human(status.favourites_count, strip_insignificant_zeros: true) do
         = fa_icon('star')
         = " "
 
diff --git a/app/views/stream_entries/_simple_status.html.haml b/app/views/stream_entries/_simple_status.html.haml
index b8d1cf69b..c53503a7f 100644
--- a/app/views/stream_entries/_simple_status.html.haml
+++ b/app/views/stream_entries/_simple_status.html.haml
@@ -53,12 +53,12 @@
         - else
           = fa_icon 'reply-all fw'
       .status__action-bar__counter__label= obscured_counter status.replies_count
-    = link_to remote_interaction_path(status, type: :reblog), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do
+    = link_to remote_interaction_path(status, key: @sharekey, type: :reblog), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do
       - if status.public_visibility? || status.unlisted_visibility?
         = fa_icon 'repeat fw'
       - elsif status.private_visibility?
         = fa_icon 'lock fw'
       - else
         = fa_icon 'envelope fw'
-    = link_to remote_interaction_path(status, type: :favourite), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do
+    = link_to remote_interaction_path(status, key: @sharekey, type: :favourite), class: 'status__action-bar-button icon-button', style: 'font-size: 18px; width: 23.1429px; height: 23.1429px; line-height: 23.15px;' do
       = fa_icon 'star fw'