From 65da6fd38a92c0a2cb583a6d661b179f367660cf Mon Sep 17 00:00:00 2001
From: Peter Makholm <peter@makholm.net>
Date: Thu, 14 Mar 2024 15:35:04 +0000
Subject: [PATCH] Allow anonymous access to reading public statuses

---
 api/decorators.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/decorators.py b/api/decorators.py
index 411e314..4073fbd 100644
--- a/api/decorators.py
+++ b/api/decorators.py
@@ -2,7 +2,7 @@ from collections.abc import Callable
 from functools import wraps
 
 from django.http import JsonResponse
-
+from core.models import Config
 
 def identity_required(function):
     """
@@ -35,6 +35,9 @@ def scope_required(scope: str, requires_identity=True):
                     # They're just logged in via cookie - give full access
                     pass
                 else:
+                    if Config.system.public_timeline and scope == "read:statuses":
+                        return function(request, *args, **kwargs)
+
                     return JsonResponse(
                         {"error": "identity_token_required"}, status=401
                     )