From a06f8140d9e1485126eafe2f1e561e067bd8a038 Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Wed, 14 Aug 2019 19:25:01 -0500
Subject: handle interactions on sharekeyed posts when both participants are
 local; allow faving sharekeyed posts

---
 app/controllers/remote_interaction_controller.rb | 12 +++++++++---
 app/controllers/statuses_controller.rb           |  3 ++-
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb
index b1b304055..aa8f73ac8 100644
--- a/app/controllers/remote_interaction_controller.rb
+++ b/app/controllers/remote_interaction_controller.rb
@@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController
       if Favourite.where(account: current_account, status: @status).exists?
         UnfavouriteService.new.call(current_account, @status)
       else
-        FavouriteService.new.call(current_account, @status)
+        FavouriteService.new.call(current_account, @status, skip_authorize: true)
       end
     when 'follow'
       FollowService.new.call(current_account, @status.account)
@@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController
       UnfollowService.new.call(current_account, @status.account)
     end
 
-    redirect_to TagManager.instance.url_for(@status)
+    redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey)
   end
 
   private
@@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController
 
   def set_status
     @status = Status.find(params[:id])
-    authorize @status, :show?
+    @sharekey = params[:key]
+
+    if @status.sharekey.present? && @sharekey == @status.sharekey
+      skip_authorization
+    else
+      authorize @status, :show?
+    end
   rescue Mastodon::NotPermittedError
     # Reraise in order to get a 404
     raise ActiveRecord::RecordNotFound
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 3a6f68db5..6fd937f8d 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -190,8 +190,9 @@ class StatusesController < ApplicationController
     @status       = @account.statuses.find(params[:id])
     @stream_entry = @status.stream_entry
     @type         = @stream_entry.activity_type.downcase
+    @sharekey     = params[:key]
 
-    if @status.sharekey.present? && params[:key] == @status.sharekey
+    if @status.sharekey.present? && @sharekey == @status.sharekey
       skip_authorization
     else
       authorize @status, :show?
-- 
cgit