From 225edac118634b146c1bbf45f199d8a1257bcf56 Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 13 Sep 2019 16:03:46 +0200 Subject: [PATCH] Change /api/v1/timelines/public to require auth when public preview is off (#11802) Fixes #11289 --- app/controllers/api/v1/timelines/public_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb index aabe2432431..ccc10f966ca 100644 --- a/app/controllers/api/v1/timelines/public_controller.rb +++ b/app/controllers/api/v1/timelines/public_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class Api::V1::Timelines::PublicController < Api::BaseController + before_action :require_user!, only: [:show], if: :require_auth? after_action :insert_pagination_headers, unless: -> { @statuses.empty? } respond_to :json @@ -12,6 +13,10 @@ class Api::V1::Timelines::PublicController < Api::BaseController private + def require_auth? + !Setting.timeline_preview + end + def load_statuses cached_public_statuses end