From 9f81b9f29a14093cefcdbf09058ace089cd8e06b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 26 May 2022 22:04:05 +0200
Subject: Fix suspended users being able to access APIs that don't require a
 user (#18524)

---
 app/controllers/activitypub/base_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers/activitypub')

diff --git a/app/controllers/activitypub/base_controller.rb b/app/controllers/activitypub/base_controller.rb
index 196d85a32..b8a7e0ab9 100644
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@@ -2,6 +2,7 @@
 
 class ActivityPub::BaseController < Api::BaseController
   skip_before_action :require_authenticated_user!
+  skip_before_action :require_not_suspended!
   skip_around_action :set_locale
 
   private
-- 
cgit