diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php index ff48d0149..c1e71b09f 100644 --- a/app/Http/Controllers/PublicApiController.php +++ b/app/Http/Controllers/PublicApiController.php @@ -89,6 +89,26 @@ class PublicApiController extends Controller } } + public function getStatus(Request $request, $id) + { + abort_if(!$request->user(), 403); + $status = StatusService::get($id, false); + abort_if(!$status, 404); + if(in_array($status['visibility'], ['public', 'unlisted'])) { + return $status; + } + $pid = $request->user()->profile_id; + if($status['account']['id'] == $pid) { + return $status; + } + if($status['visibility'] == 'private') { + if(FollowerService::follows($pid, $status['account']['id'])) { + return $status; + } + } + abort(404); + } + public function status(Request $request, $username, int $postid) { $profile = Profile::whereUsername($username)->whereNull('status')->firstOrFail(); diff --git a/routes/web.php b/routes/web.php index c48b2017a..3e91ae99c 100644 --- a/routes/web.php +++ b/routes/web.php @@ -163,6 +163,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact Route::get('accounts/{id}/followers', 'PublicApiController@accountFollowers'); Route::post('accounts/{id}/block', 'Api\ApiV1Controller@accountBlockById'); Route::post('accounts/{id}/unblock', 'Api\ApiV1Controller@accountUnblockById'); + Route::get('statuses/{id}', 'PublicApiController@getStatus'); Route::get('accounts/{id}', 'PublicApiController@account'); Route::post('avatar/update', 'ApiController@avatarUpdate'); Route::get('custom_emojis', 'Api\ApiV1Controller@customEmojis');