diff --git a/app/controllers/api/v1/timelines/base_controller.rb b/app/controllers/api/v1/timelines/base_controller.rb index 1dba4a5bb2..3ad9e8f416 100644 --- a/app/controllers/api/v1/timelines/base_controller.rb +++ b/app/controllers/api/v1/timelines/base_controller.rb @@ -8,7 +8,7 @@ class Api::V1::Timelines::BaseController < Api::BaseController private def require_auth? - !Setting.timeline_preview + !(Setting.timeline_preview_local && Setting.timeline_preview_remote) end def pagination_collection diff --git a/app/controllers/api/v1/timelines/link_controller.rb b/app/controllers/api/v1/timelines/link_controller.rb index 37ed084f06..0e8c805a64 100644 --- a/app/controllers/api/v1/timelines/link_controller.rb +++ b/app/controllers/api/v1/timelines/link_controller.rb @@ -2,6 +2,7 @@ class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController before_action -> { authorize_if_got_token! :read, :'read:statuses' } + before_action :require_user!, if: :require_auth? before_action :set_preview_card before_action :set_statuses @@ -17,6 +18,12 @@ class Api::V1::Timelines::LinkController < Api::V1::Timelines::BaseController private + # A viewer can only see the link timeline if both timeline_preview_local and + # timeline_preview_remote are true, since it includes remote content + def require_auth? + !(Setting.timeline_preview_local && Setting.timeline_preview_remote) + end + def set_preview_card @preview_card = PreviewCard.joins(:trend).merge(PreviewCardTrend.allowed).find_by!(url: params[:url]) end diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 2b097aab0f..fd956edc84 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -14,10 +14,6 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController private - def require_auth? - !Setting.timeline_preview - end - def load_tag @tag = Tag.find_normalized(params[:id]) end diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index 086a6d29d4..0275df06fb 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -14,7 +14,8 @@ class Form::AdminSettings site_terms registrations_mode closed_registrations_message - timeline_preview + timeline_preview_local + timeline_preview_remote bootstrap_timeline_accounts theme activity_api_enabled @@ -50,7 +51,8 @@ class Form::AdminSettings ).freeze BOOLEAN_KEYS = %i( - timeline_preview + timeline_preview_local + timeline_preview_remote activity_api_enabled peers_api_enabled preview_sensitive_media diff --git a/config/settings.yml b/config/settings.yml index ba81fcb8c6..ca8f040955 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -12,7 +12,8 @@ defaults: &defaults registrations_mode: 'none' profile_directory: true closed_registrations_message: '' - timeline_preview: true + timeline_preview_local: true + timeline_preview_remote: false show_staff_badge: true preview_sensitive_media: false noindex: false diff --git a/db/migrate/20240817155611_split_public_timelines_setting.rb b/db/migrate/20240817155611_split_public_timelines_setting.rb new file mode 100644 index 0000000000..251fd08d1b --- /dev/null +++ b/db/migrate/20240817155611_split_public_timelines_setting.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +class SplitPublicTimelinesSetting < ActiveRecord::Migration[7.1] + def up + previous_setting = Setting.find_by(var: 'timeline_preview') + + unless previous_setting.nil? + Setting['timeline_preview_local'] = previous_setting.value + Setting['timeline_preview_remote'] = previous_setting.value + previous_setting.delete + end + end + + def down + preview_local = Setting['timeline_preview_local'] + preview_remote = Setting['timeline_preview_remote'] + + unless preview_local.nil? && preview_remote.nil? + preview_timelines = (!preview_local.nil? && preview_local) && (!preview_remote.nil? && preview_remote) + Setting['timeline_preview'] = preview_timelines + end + + Setting.where(var: ['timeline_preview_local', 'timeline_preview_remote']).delete_all + end +end diff --git a/spec/requests/api/v1/timelines/link_spec.rb b/spec/requests/api/v1/timelines/link_spec.rb index 37a3b36872..1f7f6e5b5c 100644 --- a/spec/requests/api/v1/timelines/link_spec.rb +++ b/spec/requests/api/v1/timelines/link_spec.rb @@ -19,6 +19,14 @@ RSpec.describe 'Link' do end end + # The default settings are that timeline_preview_local is true but + # timeline_preview_remote is false, which caused this spec to fail because it + # assumes the default visibility is true. + before do + Form::AdminSettings.new(timeline_preview_local: true).save + Form::AdminSettings.new(timeline_preview_remote: true).save + end + describe 'GET /api/v1/timelines/link' do subject do get '/api/v1/timelines/link', headers: headers, params: params @@ -87,7 +95,8 @@ RSpec.describe 'Link' do context 'when the instance does not allow public preview' do before do - Form::AdminSettings.new(timeline_preview: false).save + Form::AdminSettings.new(timeline_preview_local: false).save + Form::AdminSettings.new(timeline_preview_remote: false).save end it_behaves_like 'forbidden for wrong scope', 'profile' @@ -122,6 +131,11 @@ RSpec.describe 'Link' do end context 'when the instance allows public preview' do + before do + Form::AdminSettings.new(timeline_preview_local: true).save + Form::AdminSettings.new(timeline_preview_remote: true).save + end + context 'with an authorized user' do it_behaves_like 'a successful request to the link timeline' end