From 152f5c7983add9e5e2f56358142d4fcbc0443d39 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 6 Nov 2022 19:13:50 +0000
Subject: [PATCH] app: api: base_controller: allow API access to be
 configurable

---
 app/controllers/api/base_controller.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index c46fde65b23..883f60c8edf 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -133,7 +133,13 @@ class Api::BaseController < ApplicationController
   end
 
   def disallow_unauthenticated_api_access?
-    authorized_fetch_mode?
+    if ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true'
+      true
+    elsif ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'false'
+      false
+    else
+      authorized_fetch_mode?
+    end
   end
 
   private