Fix suspended users being able to access APIs that don't require a user (#18524)

2022-05-26 22:04:05 +02:00
parent 96129c2f10
commit 9f81b9f29a
2 changed files with 6 additions and 0 deletions
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@@ -2,6 +2,7 @@

 class ActivityPub::BaseController < Api::BaseController
  skip_before_action :require_authenticated_user!
+  skip_before_action :require_not_suspended!
  skip_around_action :set_locale

  private