From 108b2139cd87321f6c0aec63ef93db85ce30bfec Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 20 Dec 2018 01:30:43 +0100
Subject: [PATCH] Allow unauthenticated REST API access to GET
 /api/v1/accounts/:id/statuses (#9573)

Fix #7087

The same data is available over the ActivityPub outbox, RSS, and Atom, so
there is little benefit to keeping it limited in this method.
---
 app/controllers/api/v1/accounts/statuses_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index b68a8805fa..d3f1197f83 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Accounts::StatusesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
   after_action :insert_pagination_headers
 
-- 
GitLab