Change /api/v1/timelines/public to require auth when public preview is off (#11802)

author ThibG <thib@sitedethib.com>

Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
author ThibG <thib@sitedethib.com>
Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb

index aabe24324312421b5f9c0765b3a7c037907ab9df..ccc10f966ca64789600fa8397108568a6860d39e 100644 (file)
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@@ -1,6 +1,7 @@
  # frozen_string_literal: true
  
  class Api::V1::Timelines::PublicController < Api::BaseController
+  before_action :require_user!, only: [:show], if: :require_auth?
    after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  
    respond_to :json
@@ -12,6 +13,10 @@ class Api::V1::Timelines::PublicController < Api::BaseController
  
    private
  
+  def require_auth?
+    !Setting.timeline_preview
+  end
+
    def load_statuses
      cached_public_statuses
    end
author	ThibG <thib@sitedethib.com>
	Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Fri, 13 Sep 2019 14:03:46 +0000 (16:03 +0200)