From 3a2003ba863252f305fb32098bcd3f095b10e2ff Mon Sep 17 00:00:00 2001
From: Jack Jennings <jack@standard-library.com>
Date: Mon, 29 May 2017 09:22:22 -0700
Subject: Extract authorization policy for viewing statuses (#3150)

---
 app/controllers/api/activitypub/activities_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers/api/activitypub/activities_controller.rb')

diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb
index ba03738fc..025ab960e 100644
--- a/app/controllers/api/activitypub/activities_controller.rb
+++ b/app/controllers/api/activitypub/activities_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Api::Activitypub::ActivitiesController < ApiController
+  include Authorization
+
   # before_action :set_follow, only: [:show_follow]
   before_action :set_status, only: [:show_status]
 
@@ -8,7 +10,7 @@ class Api::Activitypub::ActivitiesController < ApiController
 
   # Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity.
   def show_status
-    return forbidden unless @status.permitted?
+    authorize @status, :show?
 
     if @status.reblog?
       render :show_status_announce
-- 
cgit