about summary refs log tree commit diff
path: root/app/controllers/api
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2019-09-13 16:03:46 +0200
committerEugen Rochko <eugen@zeonfederated.com>2019-09-13 16:03:46 +0200
commit225edac118634b146c1bbf45f199d8a1257bcf56 (patch)
tree064fd78f970c1ff8e172a9dd0e0ced01c0b77009 /app/controllers/api
parent4e1b742cb270e7857d9e05b75b0409ce43732b7c (diff)
Change /api/v1/timelines/public to require auth when public preview is off (#11802)
Fixes #11289
Diffstat (limited to 'app/controllers/api')
-rw-r--r--app/controllers/api/v1/timelines/public_controller.rb5
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb
index aabe24324..ccc10f966 100644
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Timelines::PublicController < Api::BaseController
+  before_action :require_user!, only: [:show], if: :require_auth?
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
   respond_to :json
@@ -12,6 +13,10 @@ class Api::V1::Timelines::PublicController < Api::BaseController
 
   private
 
+  def require_auth?
+    !Setting.timeline_preview
+  end
+
   def load_statuses
     cached_public_statuses
   end