X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapistatusesshow.php;h=9dec06c390fdec731cdab432d176dcd32c9dfd61;hb=fe11f9a28c8ef2df46e09c53276f8d2184b03f2e;hp=8f5af1d1f75c89e798d9be1a6cb4a45a33e0bddc;hpb=5e47b1b2a07d8b300c511115ca018ece172a8505;p=quix0rs-gnu-social.git

diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php
index 8f5af1d1f7..9dec06c390 100644
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@@ -34,9 +34,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
-    exit(1);
-}
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
  * Returns the notice specified by id as a Twitter-style status and inline user
@@ -65,7 +63,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * @return boolean success flag
      */
-    function prepare(array $args=array())
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -76,11 +74,20 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
 
         $this->notice_id = (int)$this->trimmed('id');
 
-        if (empty($notice_id)) {
-            $this->notice_id = (int)$this->arg('id');
+        $this->notice = Notice::getKV('id', $this->notice_id);
+        if (!$this->notice instanceof Notice) {
+            $deleted = Deleted_notice::getKV('id', $this->notice_id);
+            if ($deleted instanceof Deleted_notice) {
+                // TRANS: Client error displayed trying to show a deleted notice.
+                $this->clientError(_('Notice deleted.'), 410);
+            }
+            // TRANS: Client error displayed trying to show a non-existing notice.
+            $this->clientError(_('No such notice.'), 404);
+        }
+        if (!$this->notice->inScope($this->scoped)) {
+            // TRANS: Client exception thrown when trying a view a notice the user has no access to.
+            throw new ClientException(_('Access restricted.'), 403);
         }
-
-        $this->notice = Notice::getKV((int)$this->notice_id);
 
         return true;
     }
@@ -90,13 +97,11 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * Check the format and show the notice
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle(array $args=array())
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (!in_array($this->format, array('xml', 'json', 'atom'))) {
             // TRANS: Client error displayed when coming across a non-supported API method.