Issue 14186: Respect public restrictions for ttimeline API endpoint

author Michael <heluecht@pirati.ca>

Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)

committer Michael <heluecht@pirati.ca>

Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)
author Michael <heluecht@pirati.ca>
Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)
committer Michael <heluecht@pirati.ca>
Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)
diff --git a/src/Module/Api/Mastodon/Timelines/PublicTimeline.php b/src/Module/Api/Mastodon/Timelines/PublicTimeline.php

index a605db90efd0157c0536ccee0540170bd62e0517..106fb3038f7b74c8cb2e7d57fb3e716d17a23069 100644 (file)
--- a/src/Module/Api/Mastodon/Timelines/PublicTimeline.php
+++ b/src/Module/Api/Mastodon/Timelines/PublicTimeline.php
@@ -21,26 +21,47 @@
  
  namespace Friendica\Module\Api\Mastodon\Timelines;
  
+use Friendica\App;
+use Friendica\Core\Config\Capability\IManageConfigValues;
+use Friendica\Core\L10n;
  use Friendica\Core\Logger;
  use Friendica\Core\Protocol;
  use Friendica\Database\DBA;
  use Friendica\DI;
  use Friendica\Model\Item;
  use Friendica\Model\Post;
+use Friendica\Module\Api\ApiResponse;
  use Friendica\Module\BaseApi;
+use Friendica\Module\Conversation\Community;
  use Friendica\Network\HTTPException;
  use Friendica\Object\Api\Mastodon\TimelineOrderByTypes;
+use Friendica\Util\Profiler;
+use Psr\Log\LoggerInterface;
  
  /**
   * @see https://docs.joinmastodon.org/methods/timelines/
   */
  class PublicTimeline extends BaseApi
  {
+       /**
+        * @var IManageConfigValues
+        */
+       private $config;
+
+       public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = [])
+       {
+               parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
+               $this->config = $config;
+       }
         /**
          * @throws HTTPException\InternalServerErrorException
          */
         protected function rawContent(array $request = [])
         {
+               if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
+                       $this->checkAllowedScope(BaseApi::SCOPE_READ);
+               }
+
                 $uid = self::getCurrentUserID();
  
                 $request = $this->getRequest([
@@ -56,6 +77,10 @@ class PublicTimeline extends BaseApi
                         'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID)
                 ], $request);
  
+               if (!$this->localAllowed() && !$this->globalAllowed()) {
+                       $this->jsonExit([]);
+               }
+
                 $condition = [
                         'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC,
                         'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false
@@ -64,13 +89,13 @@ class PublicTimeline extends BaseApi
                 $condition = $this->addPagingConditions($request, $condition);
                 $params = $this->buildOrderAndLimitParams($request);
  
-               if ($request['local']) {
+               if ($request['local'] && $this->localAllowed()) {
                         $condition = DBA::mergeConditions($condition, ['origin' => true]);
                 } else {
                         $condition = DBA::mergeConditions($condition, ['uid' => 0]);
                 }
  
-               if ($request['remote']) {
+               if ($request['remote'] && $this->globalAllowed()) {
                         $condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]);
                 }
  
@@ -113,4 +138,14 @@ class PublicTimeline extends BaseApi
                 self::setLinkHeader($request['friendica_order'] != TimelineOrderByTypes::ID);
                 $this->jsonExit($statuses);
         }
+
+       private function localAllowed(): bool
+       {
+               return in_array($this->config->get('system', 'community_page_style'), [Community::LOCAL, Community::LOCAL_AND_GLOBAL]);
+       }
+
+       private function globalAllowed(): bool
+       {
+               return in_array($this->config->get('system', 'community_page_style'), [Community::GLOBAL, Community::LOCAL_AND_GLOBAL]);
+       }
  }
diff --git a/src/Module/Api/Mastodon/Trends/Statuses.php b/src/Module/Api/Mastodon/Trends/Statuses.php

index 4cd6a8fd27140fe0a57720ee87f5c887c9f08776..7884e36b6de637e5a90b6d9a7b78b2ec4f5e4b18 100644 (file)
--- a/src/Module/Api/Mastodon/Trends/Statuses.php
+++ b/src/Module/Api/Mastodon/Trends/Statuses.php
@@ -21,25 +21,46 @@
  
  namespace Friendica\Module\Api\Mastodon\Trends;
  
+use Friendica\App;
+use Friendica\Core\Config\Capability\IManageConfigValues;
+use Friendica\Core\L10n;
  use Friendica\Core\Logger;
  use Friendica\Core\Protocol;
-use Friendica\Core\System;
  use Friendica\Database\DBA;
  use Friendica\DI;
  use Friendica\Model\Post;
+use Friendica\Module\Api\ApiResponse;
  use Friendica\Module\BaseApi;
+use Friendica\Module\Conversation\Community;
  use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Profiler;
+use Psr\Log\LoggerInterface;
  
  /**
   * @see https://docs.joinmastodon.org/methods/trends/#statuses
   */
  class Statuses extends BaseApi
  {
+       /**
+        * @var IManageConfigValues
+        */
+       private $config;
+
+       public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = [])
+       {
+               parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
+               $this->config = $config;
+       }
+
         /**
          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
          */
         protected function rawContent(array $request = [])
         {
+               if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) {
+                       $this->checkAllowedScope(BaseApi::SCOPE_READ);
+               }
+
                 $uid = self::getCurrentUserID();
  
                 $request = $this->getRequest([
author	Michael <heluecht@pirati.ca>
	Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)
committer	Michael <heluecht@pirati.ca>
	Tue, 13 Aug 2024 02:50:50 +0000 (02:50 +0000)
src/Module/Api/Mastodon/Timelines/PublicTimeline.php		patch \| blob \| history
src/Module/Api/Mastodon/Trends/Statuses.php		patch \| blob \| history