]> cat aescling's git repositories - mastodon.git/commitdiff
Change /api/v1/timelines/public to require auth when public preview is off (#11802)
authorThibG <thib@sitedethib.com>
Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
committerEugen Rochko <eugen@zeonfederated.com>
Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
Fixes #11289

app/controllers/api/v1/timelines/public_controller.rb

index aabe24324312421b5f9c0765b3a7c037907ab9df..ccc10f966ca64789600fa8397108568a6860d39e 100644 (file)
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Timelines::PublicController < Api::BaseController
+  before_action :require_user!, only: [:show], if: :require_auth?
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
   respond_to :json
@@ -12,6 +13,10 @@ class Api::V1::Timelines::PublicController < Api::BaseController
 
   private
 
+  def require_auth?
+    !Setting.timeline_preview
+  end
+
   def load_statuses
     cached_public_statuses
   end