From 4fb834f10f697de65b3a62c9cfbb4896c9d22a04 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Sat, 28 Aug 2021 09:42:03 -0700 Subject: [PATCH] Simpler feed verification logic --- bookwyrm/views/feed.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/bookwyrm/views/feed.py b/bookwyrm/views/feed.py index 7a46ca57d..d17de8f96 100644 --- a/bookwyrm/views/feed.py +++ b/bookwyrm/views/feed.py @@ -96,15 +96,11 @@ class Status(View): try: user = get_user_from_username(request.user, username) status = models.Status.objects.select_subclasses().get( - id=status_id, deleted=False + user=user, id=status_id, deleted=False ) except (ValueError, models.Status.DoesNotExist): return HttpResponseNotFound() - # the url should have the poster's username in it - if user != status.user: - return HttpResponseNotFound() - # make sure the user is authorized to see the status if not status.visible_to_user(request.user): return HttpResponseNotFound()