about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/remote_interaction_controller.rb12
-rw-r--r--app/controllers/statuses_controller.rb3
2 files changed, 11 insertions, 4 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb
index b1b304055..aa8f73ac8 100644
--- a/app/controllers/remote_interaction_controller.rb
+++ b/app/controllers/remote_interaction_controller.rb
@@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController
       if Favourite.where(account: current_account, status: @status).exists?
         UnfavouriteService.new.call(current_account, @status)
       else
-        FavouriteService.new.call(current_account, @status)
+        FavouriteService.new.call(current_account, @status, skip_authorize: true)
       end
     when 'follow'
       FollowService.new.call(current_account, @status.account)
@@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController
       UnfollowService.new.call(current_account, @status.account)
     end
 
-    redirect_to TagManager.instance.url_for(@status)
+    redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey)
   end
 
   private
@@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController
 
   def set_status
     @status = Status.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     # Reraise in order to get a 404
     raise ActiveRecord::RecordNotFound
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 3a6f68db5..6fd937f8d 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -190,8 +190,9 @@ class StatusesController < ApplicationController
     @status       = @account.statuses.find(params[:id])
     @stream_entry = @status.stream_entry
     @type         = @stream_entry.activity_type.downcase
+    @sharekey     = params[:key]
 
-    if @status.sharekey.present? && params[:key] == @status.sharekey
+    if @status.sharekey.present? && @sharekey == @status.sharekey
       skip_authorization
     else
       authorize @status, :show?
generated by cgit-pink (git 2.37.1) at 2024-07-14 10:32:02 +0000