]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8389b49)
Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)
authorEugen Rochko <eugen@zeonfederated.com>
Thu, 20 Dec 2018 00:30:43 +0000 (01:30 +0100)
committerGitHub <noreply@github.com>
Thu, 20 Dec 2018 00:30:43 +0000 (01:30 +0100)
Fix #7087

The same data is available over the ActivityPub outbox, RSS, and Atom, so
there is little benefit to keeping it limited in this method.

app/controllers/api/v1/accounts/statuses_controller.rb patch | blob | history

diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index b68a8805fa17baa6d1f7040b435dbd8e81d297af..d3f1197f835539a46b0e477224223f280f802152 100644 (file)
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Accounts::StatusesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
   after_action :insert_pagination_headers
 
source code fur Kibicat Mastodon