Issue 14368: Fix access to the global timeline

pull/14379/head
Michael 2024-08-19 20:01:31 +00:00
parent 10eadd5cf5
commit 03543f1362
1 changed files with 22 additions and 15 deletions

View File

@ -58,12 +58,6 @@ class PublicTimeline extends BaseApi
*/ */
protected function rawContent(array $request = []) protected function rawContent(array $request = [])
{ {
if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
$this->checkAllowedScope(BaseApi::SCOPE_READ);
}
$uid = self::getCurrentUserID();
$request = $this->getRequest([ $request = $this->getRequest([
'max_id' => null, // Return results older than id 'max_id' => null, // Return results older than id
'since_id' => null, // Return results newer than id 'since_id' => null, // Return results newer than id
@ -77,10 +71,16 @@ class PublicTimeline extends BaseApi
'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID) 'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID)
], $request); ], $request);
if (!$this->localAllowed() && !$this->globalAllowed()) { if ($this->config->get('system', 'community_page_style') == Community::DISABLED) {
$this->jsonExit([]); $this->jsonExit([]);
} }
if ($this->authRequired($request)) {
$this->checkAllowedScope(BaseApi::SCOPE_READ);
}
$uid = self::getCurrentUserID();
$condition = [ $condition = [
'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC, 'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC,
'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false 'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false
@ -89,13 +89,13 @@ class PublicTimeline extends BaseApi
$condition = $this->addPagingConditions($request, $condition); $condition = $this->addPagingConditions($request, $condition);
$params = $this->buildOrderAndLimitParams($request); $params = $this->buildOrderAndLimitParams($request);
if ($request['local'] && $this->localAllowed()) { if ($request['local']) {
$condition = DBA::mergeConditions($condition, ['origin' => true]); $condition = DBA::mergeConditions($condition, ['origin' => true]);
} else { } else {
$condition = DBA::mergeConditions($condition, ['uid' => 0]); $condition = DBA::mergeConditions($condition, ['uid' => 0]);
} }
if ($request['remote'] && $this->globalAllowed()) { if ($request['remote']) {
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]); $condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]);
} }
@ -139,13 +139,20 @@ class PublicTimeline extends BaseApi
$this->jsonExit($statuses); $this->jsonExit($statuses);
} }
private function localAllowed(): bool private function authRequired(array $request): bool
{ {
return in_array($this->config->get('system', 'community_page_style'), [Community::LOCAL, Community::LOCAL_AND_GLOBAL, Community::DISABLED_VISITOR]); if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
} return true;
}
private function globalAllowed(): bool if ($request['local'] && $this->config->get('system', 'community_page_style') == Community::GLOBAL) {
{ return true;
return in_array($this->config->get('system', 'community_page_style'), [Community::GLOBAL, Community::LOCAL_AND_GLOBAL, Community::DISABLED_VISITOR]); }
if ($request['remote'] && $this->config->get('system', 'community_page_style') == Community::LOCAL) {
return true;
}
return false;
} }
} }