From 87f4b4d230454d4baa7116e55d9aee42199eeb9b Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Sat, 20 Apr 2019 01:00:45 -0500 Subject: Implement share keys and related bangtags, add `sharekey`, `network`, and `curated` to the API, remove app info from the UI, and move timestamps to the right. --- app/controllers/statuses_controller.rb | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 28eebda28..299fe0cda 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -12,6 +12,8 @@ class StatusesController < ApplicationController before_action :set_account before_action :set_status + before_action :handle_sharekey_change, only: [:show], if: :user_signed_in? + before_action :handle_webapp_redirect, only: [:show], if: :user_signed_in? before_action :set_instance_presenter before_action :set_link_headers before_action :check_account_suspension @@ -190,12 +192,32 @@ class StatusesController < ApplicationController @stream_entry = @status.stream_entry @type = @stream_entry.activity_type.downcase - authorize @status, :show? + if @status.sharekey.present? && params[:key] == @status.sharekey + skip_authorization + else + authorize @status, :show? + end rescue Mastodon::NotPermittedError # Reraise in order to get a 404 raise ActiveRecord::RecordNotFound end + def handle_sharekey_change + raise Mastodon::NotPermittedError unless current_account.id == @status.account_id + case params[:rekey] + when '1' + @status.sharekey = SecureRandom.urlsafe_base64(32) + @status.save + when '0' + @status.sharekey = nil + @status.save + end + end + + def handle_webapp_redirect + redirect_to "/web/statuses/#{@status.id}" if params[:toweb] == '1' + end + def set_instance_presenter @instance_presenter = InstancePresenter.new end -- cgit