Issue 14186: Respect public restrictions for ttimeline API endpoint
parent
80bd572393
commit
c5844625b4
|
@ -21,26 +21,47 @@
|
||||||
|
|
||||||
namespace Friendica\Module\Api\Mastodon\Timelines;
|
namespace Friendica\Module\Api\Mastodon\Timelines;
|
||||||
|
|
||||||
|
use Friendica\App;
|
||||||
|
use Friendica\Core\Config\Capability\IManageConfigValues;
|
||||||
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\Logger;
|
use Friendica\Core\Logger;
|
||||||
use Friendica\Core\Protocol;
|
use Friendica\Core\Protocol;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\Item;
|
use Friendica\Model\Item;
|
||||||
use Friendica\Model\Post;
|
use Friendica\Model\Post;
|
||||||
|
use Friendica\Module\Api\ApiResponse;
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
|
use Friendica\Module\Conversation\Community;
|
||||||
use Friendica\Network\HTTPException;
|
use Friendica\Network\HTTPException;
|
||||||
use Friendica\Object\Api\Mastodon\TimelineOrderByTypes;
|
use Friendica\Object\Api\Mastodon\TimelineOrderByTypes;
|
||||||
|
use Friendica\Util\Profiler;
|
||||||
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see https://docs.joinmastodon.org/methods/timelines/
|
* @see https://docs.joinmastodon.org/methods/timelines/
|
||||||
*/
|
*/
|
||||||
class PublicTimeline extends BaseApi
|
class PublicTimeline extends BaseApi
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* @var IManageConfigValues
|
||||||
|
*/
|
||||||
|
private $config;
|
||||||
|
|
||||||
|
public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = [])
|
||||||
|
{
|
||||||
|
parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||||
|
$this->config = $config;
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* @throws HTTPException\InternalServerErrorException
|
* @throws HTTPException\InternalServerErrorException
|
||||||
*/
|
*/
|
||||||
protected function rawContent(array $request = [])
|
protected function rawContent(array $request = [])
|
||||||
{
|
{
|
||||||
|
if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
|
||||||
|
$this->checkAllowedScope(BaseApi::SCOPE_READ);
|
||||||
|
}
|
||||||
|
|
||||||
$uid = self::getCurrentUserID();
|
$uid = self::getCurrentUserID();
|
||||||
|
|
||||||
$request = $this->getRequest([
|
$request = $this->getRequest([
|
||||||
|
@ -56,6 +77,10 @@ class PublicTimeline extends BaseApi
|
||||||
'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID)
|
'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID)
|
||||||
], $request);
|
], $request);
|
||||||
|
|
||||||
|
if (!$this->localAllowed() && !$this->globalAllowed()) {
|
||||||
|
$this->jsonExit([]);
|
||||||
|
}
|
||||||
|
|
||||||
$condition = [
|
$condition = [
|
||||||
'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC,
|
'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC,
|
||||||
'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false
|
'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false
|
||||||
|
@ -64,13 +89,13 @@ class PublicTimeline extends BaseApi
|
||||||
$condition = $this->addPagingConditions($request, $condition);
|
$condition = $this->addPagingConditions($request, $condition);
|
||||||
$params = $this->buildOrderAndLimitParams($request);
|
$params = $this->buildOrderAndLimitParams($request);
|
||||||
|
|
||||||
if ($request['local']) {
|
if ($request['local'] && $this->localAllowed()) {
|
||||||
$condition = DBA::mergeConditions($condition, ['origin' => true]);
|
$condition = DBA::mergeConditions($condition, ['origin' => true]);
|
||||||
} else {
|
} else {
|
||||||
$condition = DBA::mergeConditions($condition, ['uid' => 0]);
|
$condition = DBA::mergeConditions($condition, ['uid' => 0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request['remote']) {
|
if ($request['remote'] && $this->globalAllowed()) {
|
||||||
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]);
|
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,4 +138,14 @@ class PublicTimeline extends BaseApi
|
||||||
self::setLinkHeader($request['friendica_order'] != TimelineOrderByTypes::ID);
|
self::setLinkHeader($request['friendica_order'] != TimelineOrderByTypes::ID);
|
||||||
$this->jsonExit($statuses);
|
$this->jsonExit($statuses);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function localAllowed(): bool
|
||||||
|
{
|
||||||
|
return in_array($this->config->get('system', 'community_page_style'), [Community::LOCAL, Community::LOCAL_AND_GLOBAL]);
|
||||||
|
}
|
||||||
|
|
||||||
|
private function globalAllowed(): bool
|
||||||
|
{
|
||||||
|
return in_array($this->config->get('system', 'community_page_style'), [Community::GLOBAL, Community::LOCAL_AND_GLOBAL]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,25 +21,46 @@
|
||||||
|
|
||||||
namespace Friendica\Module\Api\Mastodon\Trends;
|
namespace Friendica\Module\Api\Mastodon\Trends;
|
||||||
|
|
||||||
|
use Friendica\App;
|
||||||
|
use Friendica\Core\Config\Capability\IManageConfigValues;
|
||||||
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\Logger;
|
use Friendica\Core\Logger;
|
||||||
use Friendica\Core\Protocol;
|
use Friendica\Core\Protocol;
|
||||||
use Friendica\Core\System;
|
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\Post;
|
use Friendica\Model\Post;
|
||||||
|
use Friendica\Module\Api\ApiResponse;
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
|
use Friendica\Module\Conversation\Community;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
|
use Friendica\Util\Profiler;
|
||||||
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see https://docs.joinmastodon.org/methods/trends/#statuses
|
* @see https://docs.joinmastodon.org/methods/trends/#statuses
|
||||||
*/
|
*/
|
||||||
class Statuses extends BaseApi
|
class Statuses extends BaseApi
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* @var IManageConfigValues
|
||||||
|
*/
|
||||||
|
private $config;
|
||||||
|
|
||||||
|
public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = [])
|
||||||
|
{
|
||||||
|
parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||||
|
$this->config = $config;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||||
*/
|
*/
|
||||||
protected function rawContent(array $request = [])
|
protected function rawContent(array $request = [])
|
||||||
{
|
{
|
||||||
|
if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
|
||||||
|
$this->checkAllowedScope(BaseApi::SCOPE_READ);
|
||||||
|
}
|
||||||
|
|
||||||
$uid = self::getCurrentUserID();
|
$uid = self::getCurrentUserID();
|
||||||
|
|
||||||
$request = $this->getRequest([
|
$request = $this->getRequest([
|
||||||
|
|
Loading…
Reference in New Issue