about summary refs log tree commit diff
path: root/app/controllers/media_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/media_controller.rb')
-rw-r--r--app/controllers/media_controller.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index 772fc42cb..db8ccd173 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -4,9 +4,9 @@ class MediaController < ApplicationController
   include Authorization
 
   skip_before_action :store_current_location
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional! #, unless: :whitelist_mode?
 
-  before_action :authenticate_user!, if: :whitelist_mode?
+  #before_action :authenticate_user!, if: :whitelist_mode?
   before_action :set_media_attachment
   before_action :verify_permitted_status!
   before_action :check_playable, only: :player
@@ -33,6 +33,7 @@ class MediaController < ApplicationController
 
   def verify_permitted_status!
     authorize @media_attachment.status, :show?
+    authorize @media_attachment.status.reblog, :show? if @media_attachment.status.reblog?
   rescue Mastodon::NotPermittedError
     not_found
   end
generated by cgit-pink (git 2.37.1) at 2024-05-18 18:32:00 +0000