about summary refs log tree commit diff
path: root/app/controllers/remote_interaction_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/remote_interaction_controller.rb')
-rw-r--r--app/controllers/remote_interaction_controller.rb12
1 files changed, 9 insertions, 3 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb
index b1b304055..aa8f73ac8 100644
--- a/app/controllers/remote_interaction_controller.rb
+++ b/app/controllers/remote_interaction_controller.rb
@@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController
       if Favourite.where(account: current_account, status: @status).exists?
         UnfavouriteService.new.call(current_account, @status)
       else
-        FavouriteService.new.call(current_account, @status)
+        FavouriteService.new.call(current_account, @status, skip_authorize: true)
       end
     when 'follow'
       FollowService.new.call(current_account, @status.account)
@@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController
       UnfollowService.new.call(current_account, @status.account)
     end
 
-    redirect_to TagManager.instance.url_for(@status)
+    redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey)
   end
 
   private
@@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController
 
   def set_status
     @status = Status.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     # Reraise in order to get a 404
     raise ActiveRecord::RecordNotFound
generated by cgit-pink (git 2.37.1) at 2024-07-04 13:31:33 +0000