This commit is contained in:
Emelia Smith 2024-08-17 18:48:01 +02:00
parent 17ea727950
commit 0c7116d267
No known key found for this signature in database
4 changed files with 23 additions and 6 deletions

View File

@ -8,7 +8,7 @@ class Api::V1::Timelines::BaseController < Api::BaseController
private private
def require_auth? def require_auth?
!Setting.timeline_preview !(Setting.timeline_preview_local && Setting.timeline_preview_remote)
end end
def pagination_collection def pagination_collection

View File

@ -2,6 +2,7 @@
class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController
before_action -> { authorize_if_got_token! :read, :'read:statuses' } before_action -> { authorize_if_got_token! :read, :'read:statuses' }
before_action :require_user!, if: :require_auth?
before_action :set_preview_card before_action :set_preview_card
before_action :set_statuses before_action :set_statuses
@ -17,6 +18,12 @@ class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController
private private
# A viewer can only see the link timeline if both timeline_preview_local and
# timeline_preview_remote are true, since it includes remote content
def require_auth?
!(Setting.timeline_preview_local && Setting.timeline_preview_remote)
end
def set_preview_card def set_preview_card
@preview_card = PreviewCard.joins(:trend).merge(PreviewCardTrend.allowed).find_by!(url: params[:url]) @preview_card = PreviewCard.joins(:trend).merge(PreviewCardTrend.allowed).find_by!(url: params[:url])
end end

View File

@ -14,10 +14,6 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController
private private
def require_auth?
!Setting.timeline_preview
end
def load_tag def load_tag
@tag = Tag.find_normalized(params[:id]) @tag = Tag.find_normalized(params[:id])
end end

View File

@ -17,6 +17,14 @@ describe 'Link' do
end end
end end
# The default settings are that timeline_preview_local is true but
# timeline_preview_remote is false, which caused this spec to fail because it
# assumes the default visibility is true.
before do
Form::AdminSettings.new(timeline_preview_local: true).save
Form::AdminSettings.new(timeline_preview_remote: true).save
end
describe 'GET /api/v1/timelines/link' do describe 'GET /api/v1/timelines/link' do
subject do subject do
get '/api/v1/timelines/link', headers: headers, params: params get '/api/v1/timelines/link', headers: headers, params: params
@ -79,7 +87,8 @@ describe 'Link' do
context 'when the instance does not allow public preview' do context 'when the instance does not allow public preview' do
before do before do
Form::AdminSettings.new(timeline_preview: false).save Form::AdminSettings.new(timeline_preview_local: false).save
Form::AdminSettings.new(timeline_preview_remote: false).save
end end
it_behaves_like 'forbidden for wrong scope', 'profile' it_behaves_like 'forbidden for wrong scope', 'profile'
@ -110,6 +119,11 @@ describe 'Link' do
end end
context 'when the instance allows public preview' do context 'when the instance allows public preview' do
before do
Form::AdminSettings.new(timeline_preview_local: true).save
Form::AdminSettings.new(timeline_preview_remote: true).save
end
context 'with an authorized user' do context 'with an authorized user' do
it_behaves_like 'a successful request to the link timeline' it_behaves_like 'a successful request to the link timeline'
end end