From 8e4cf6282b8a3bcb100506b27ecaed3e88832681 Mon Sep 17 00:00:00 2001
From: puckipedia <puck@puckipedia.com>
Date: Fri, 2 Feb 2018 10:19:59 +0100
Subject: Allow retrieval of private statuses (single or in outbox) using HTTP
 signatures (#6225)

---
 app/controllers/activitypub/outboxes_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers/activitypub/outboxes_controller.rb')

diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 9f97ff622..a431e3557 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
 class ActivityPub::OutboxesController < Api::BaseController
+  include SignatureVerification
+
   before_action :set_account
 
   def show
-    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses, Status)
 
     render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
-- 
cgit