[#2046] Defaulted pleroma/restrict_unauthenticated basing on instance privacy setting (i.e. restrict on private instances only by default).
This commit is contained in:
parent
33e508d7c6
commit
95529ab709
7 changed files with 31 additions and 37 deletions
|
@ -725,10 +725,12 @@
|
|||
timeout: 300_000
|
||||
]
|
||||
|
||||
private_instance? = :if_instance_is_private
|
||||
|
||||
config :pleroma, :restrict_unauthenticated,
|
||||
timelines: %{local: false, federated: false},
|
||||
profiles: %{local: false, remote: false},
|
||||
activities: %{local: false, remote: false}
|
||||
timelines: %{local: private_instance?, federated: private_instance?},
|
||||
profiles: %{local: private_instance?, remote: private_instance?},
|
||||
activities: %{local: private_instance?, remote: private_instance?}
|
||||
|
||||
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
|
||||
|
||||
|
|
|
@ -81,6 +81,16 @@ def delete(key) do
|
|||
Application.delete_env(:pleroma, key)
|
||||
end
|
||||
|
||||
def restrict_unauthenticated_access?(resource, kind) do
|
||||
setting = get([:restrict_unauthenticated, resource, kind])
|
||||
|
||||
if setting in [nil, :if_instance_is_private] do
|
||||
!get!([:instance, :public])
|
||||
else
|
||||
setting
|
||||
end
|
||||
end
|
||||
|
||||
def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
|
||||
|
||||
def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []
|
||||
|
|
|
@ -311,10 +311,12 @@ def visible_for(%User{} = user, for_user) do
|
|||
|
||||
def visible_for(_, _), do: :invisible
|
||||
|
||||
defp restrict_unauthenticated?(%User{local: local}) do
|
||||
config_key = if local, do: :local, else: :remote
|
||||
defp restrict_unauthenticated?(%User{local: true}) do
|
||||
Config.restrict_unauthenticated_access?(:profiles, :local)
|
||||
end
|
||||
|
||||
Config.get([:restrict_unauthenticated, :profiles, config_key], false)
|
||||
defp restrict_unauthenticated?(%User{local: _}) do
|
||||
Config.restrict_unauthenticated_access?(:profiles, :remote)
|
||||
end
|
||||
|
||||
defp visible_account_status(user) do
|
||||
|
|
|
@ -59,12 +59,9 @@ def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{
|
|||
end
|
||||
|
||||
def visible_for_user?(%{local: local} = activity, nil) do
|
||||
cfg_key =
|
||||
if local,
|
||||
do: :local,
|
||||
else: :remote
|
||||
cfg_key = if local, do: :local, else: :remote
|
||||
|
||||
if Pleroma.Config.get([:restrict_unauthenticated, :activities, cfg_key]),
|
||||
if Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key),
|
||||
do: false,
|
||||
else: is_public?(activity)
|
||||
end
|
||||
|
|
|
@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
|
|||
import Pleroma.Web.ControllerHelper,
|
||||
only: [add_link_headers: 2, add_link_headers: 3]
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Pagination
|
||||
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
|
@ -89,11 +90,11 @@ def direct(%{assigns: %{user: user}} = conn, params) do
|
|||
end
|
||||
|
||||
defp restrict_unauthenticated?(true = _local_only) do
|
||||
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :local])
|
||||
Config.restrict_unauthenticated_access?(:timelines, :local)
|
||||
end
|
||||
|
||||
defp restrict_unauthenticated?(_) do
|
||||
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated])
|
||||
Config.restrict_unauthenticated_access?(:timelines, :federated)
|
||||
end
|
||||
|
||||
# GET /api/v1/timelines/public
|
||||
|
|
|
@ -16,7 +16,7 @@ def generate_terms(params) do
|
|||
end
|
||||
|
||||
def build_public_tag(acc, params) do
|
||||
if Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated], true) do
|
||||
if Pleroma.Config.restrict_unauthenticated_access?(:timelines, :federated) do
|
||||
acc
|
||||
else
|
||||
Map.put(acc, @public_url, public_timeline(params))
|
||||
|
|
|
@ -12,16 +12,8 @@ defmodule Pleroma.Web.Preload.Providers.TimelineTest do
|
|||
@public_url "/api/v1/timelines/public"
|
||||
|
||||
describe "unauthenticated timeliness when restricted" do
|
||||
setup do
|
||||
svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines])
|
||||
Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{local: true, federated: true})
|
||||
|
||||
on_exit(fn ->
|
||||
Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
|
||||
end)
|
||||
|
||||
:ok
|
||||
end
|
||||
setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
|
||||
setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
|
||||
|
||||
test "return nothing" do
|
||||
tl_data = Timelines.generate_terms(%{})
|
||||
|
@ -31,20 +23,10 @@ test "return nothing" do
|
|||
end
|
||||
|
||||
describe "unauthenticated timeliness when unrestricted" do
|
||||
setup do
|
||||
svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines])
|
||||
setup do: clear_config([:restrict_unauthenticated, :timelines, :local], false)
|
||||
setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], false)
|
||||
|
||||
Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{
|
||||
local: false,
|
||||
federated: false
|
||||
})
|
||||
|
||||
on_exit(fn ->
|
||||
Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
|
||||
end)
|
||||
|
||||
{:ok, user: insert(:user)}
|
||||
end
|
||||
setup do: {:ok, user: insert(:user)}
|
||||
|
||||
test "returns the timeline when not restricted" do
|
||||
assert Timelines.generate_terms(%{})
|
||||
|
|
Loading…
Reference in a new issue