From 0a7588282a00513af9631d06eea76878a974c659 Mon Sep 17 00:00:00 2001
From: happycoloredbanana <happycoloredbanana@users.noreply.github.com>
Date: Tue, 18 Apr 2017 22:58:57 +0300
Subject: Remove API authentication for public statuses (after review) (#1919)

---
 app/controllers/api/v1/statuses_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index b0e26918e..e88f9cc41 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::StatusesController < ApiController
-  before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
+  before_action :authorize_if_got_token, except:            [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
   before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
   before_action :require_user!, except: [:show, :context, :card, :reblogged_by, :favourited_by]
   before_action :set_status, only:      [:show, :context, :card, :reblogged_by, :favourited_by]
@@ -114,4 +114,9 @@ class Api::V1::StatusesController < ApiController
   def pagination_params(core_params)
     params.permit(:limit).merge(core_params)
   end
+
+  def authorize_if_got_token
+    request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods)
+    doorkeeper_authorize! :read if request_token
+  end
 end
-- 
cgit