From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 20 Dec 2018 00:30:43 +0000 (+0100)
Subject: Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=108b2139cd87321f6c0aec63ef93db85ce30bfec;p=mastodon.git

Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)

Fix #7087

The same data is available over the ActivityPub outbox, RSS, and Atom, so
there is little benefit to keeping it limited in this method.
---

diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index b68a8805f..d3f1197f8 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Accounts::StatusesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
   after_action :insert_pagination_headers