WIP

2024-11-09 09:12:19 +00:00 · 2024-08-17 18:48:01 +02:00 · 2024-08-17 18:48:01 +02:00 · 0c7116d267
parent 17ea727950
commit 0c7116d267
4 changed files with 23 additions and 6 deletions
--- a/app/controllers/api/v1/timelines/base_controller.rb
+++ b/app/controllers/api/v1/timelines/base_controller.rb
@ -8,7 +8,7 @@ class Api::V1::Timelines::BaseController < Api::BaseController
  private

  def require_auth?
-    !Setting.timeline_preview
+    !(Setting.timeline_preview_local && Setting.timeline_preview_remote)
  end

  def pagination_collection
--- a/app/controllers/api/v1/timelines/link_controller.rb
+++ b/app/controllers/api/v1/timelines/link_controller.rb
@ -2,6 +2,7 @@

 class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController
  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
+  before_action :require_user!, if: :require_auth?
  before_action :set_preview_card
  before_action :set_statuses

@ -17,6 +18,12 @@ class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController

  private

+  # A viewer can only see the link timeline if both timeline_preview_local and
+  # timeline_preview_remote are true, since it includes remote content
+  def require_auth?
+    !(Setting.timeline_preview_local && Setting.timeline_preview_remote)
+  end
+
  def set_preview_card
    @preview_card = PreviewCard.joins(:trend).merge(PreviewCardTrend.allowed).find_by!(url: params[:url])
  end
--- a/app/controllers/api/v1/timelines/tag_controller.rb
+++ b/app/controllers/api/v1/timelines/tag_controller.rb
@ -14,10 +14,6 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController

  private

-  def require_auth?
-    !Setting.timeline_preview
-  end
-
  def load_tag
    @tag = Tag.find_normalized(params[:id])
  end
--- a/spec/requests/api/v1/timelines/link_spec.rb
+++ b/spec/requests/api/v1/timelines/link_spec.rb
@ -17,6 +17,14 @@ describe 'Link' do
    end
  end

+  # The default settings are that timeline_preview_local is true but
+  # timeline_preview_remote is false, which caused this spec to fail because it
+  # assumes the default visibility is true.
+  before do
+    Form::AdminSettings.new(timeline_preview_local: true).save
+    Form::AdminSettings.new(timeline_preview_remote: true).save
+  end
+
  describe 'GET /api/v1/timelines/link' do
    subject do
      get '/api/v1/timelines/link', headers: headers, params: params
@ -79,7 +87,8 @@ describe 'Link' do

    context 'when the instance does not allow public preview' do
      before do
-        Form::AdminSettings.new(timeline_preview: false).save
+        Form::AdminSettings.new(timeline_preview_local: false).save
+        Form::AdminSettings.new(timeline_preview_remote: false).save
      end

      it_behaves_like 'forbidden for wrong scope', 'profile'
@ -110,6 +119,11 @@ describe 'Link' do
    end

    context 'when the instance allows public preview' do
+      before do
+        Form::AdminSettings.new(timeline_preview_local: true).save
+        Form::AdminSettings.new(timeline_preview_remote: true).save
+      end
+
      context 'with an authorized user' do
        it_behaves_like 'a successful request to the link timeline'
      end