From c5844625b41c2167e21ec6d7f544457970b2a9b8 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 13 Aug 2024 02:50:50 +0000 Subject: [PATCH] Issue 14186: Respect public restrictions for ttimeline API endpoint --- .../Api/Mastodon/Timelines/PublicTimeline.php | 39 ++++++++++++++++++- src/Module/Api/Mastodon/Trends/Statuses.php | 23 ++++++++++- 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/src/Module/Api/Mastodon/Timelines/PublicTimeline.php b/src/Module/Api/Mastodon/Timelines/PublicTimeline.php index a605db90ef..106fb3038f 100644 --- a/src/Module/Api/Mastodon/Timelines/PublicTimeline.php +++ b/src/Module/Api/Mastodon/Timelines/PublicTimeline.php @@ -21,26 +21,47 @@ namespace Friendica\Module\Api\Mastodon\Timelines; +use Friendica\App; +use Friendica\Core\Config\Capability\IManageConfigValues; +use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Item; use Friendica\Model\Post; +use Friendica\Module\Api\ApiResponse; use Friendica\Module\BaseApi; +use Friendica\Module\Conversation\Community; use Friendica\Network\HTTPException; use Friendica\Object\Api\Mastodon\TimelineOrderByTypes; +use Friendica\Util\Profiler; +use Psr\Log\LoggerInterface; /** * @see https://docs.joinmastodon.org/methods/timelines/ */ class PublicTimeline extends BaseApi { + /** + * @var IManageConfigValues + */ + private $config; + + public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = []) + { + parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); + $this->config = $config; + } /** * @throws HTTPException\InternalServerErrorException */ protected function rawContent(array $request = []) { + if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) { + $this->checkAllowedScope(BaseApi::SCOPE_READ); + } + $uid = self::getCurrentUserID(); $request = $this->getRequest([ @@ -56,6 +77,10 @@ class PublicTimeline extends BaseApi 'friendica_order' => TimelineOrderByTypes::ID, // Sort order options (defaults to ID) ], $request); + if (!$this->localAllowed() && !$this->globalAllowed()) { + $this->jsonExit([]); + } + $condition = [ 'gravity' => [Item::GRAVITY_PARENT, Item::GRAVITY_COMMENT], 'private' => Item::PUBLIC, 'network' => Protocol::FEDERATED, 'author-blocked' => false, 'author-hidden' => false @@ -64,13 +89,13 @@ class PublicTimeline extends BaseApi $condition = $this->addPagingConditions($request, $condition); $params = $this->buildOrderAndLimitParams($request); - if ($request['local']) { + if ($request['local'] && $this->localAllowed()) { $condition = DBA::mergeConditions($condition, ['origin' => true]); } else { $condition = DBA::mergeConditions($condition, ['uid' => 0]); } - if ($request['remote']) { + if ($request['remote'] && $this->globalAllowed()) { $condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin` AND `post-user`.`uri-id` = `post-timeline-view`.`uri-id`)"]); } @@ -113,4 +138,14 @@ class PublicTimeline extends BaseApi self::setLinkHeader($request['friendica_order'] != TimelineOrderByTypes::ID); $this->jsonExit($statuses); } + + private function localAllowed(): bool + { + return in_array($this->config->get('system', 'community_page_style'), [Community::LOCAL, Community::LOCAL_AND_GLOBAL]); + } + + private function globalAllowed(): bool + { + return in_array($this->config->get('system', 'community_page_style'), [Community::GLOBAL, Community::LOCAL_AND_GLOBAL]); + } } diff --git a/src/Module/Api/Mastodon/Trends/Statuses.php b/src/Module/Api/Mastodon/Trends/Statuses.php index 4cd6a8fd27..7884e36b6d 100644 --- a/src/Module/Api/Mastodon/Trends/Statuses.php +++ b/src/Module/Api/Mastodon/Trends/Statuses.php @@ -21,25 +21,46 @@ namespace Friendica\Module\Api\Mastodon\Trends; +use Friendica\App; +use Friendica\Core\Config\Capability\IManageConfigValues; +use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Protocol; -use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Post; +use Friendica\Module\Api\ApiResponse; use Friendica\Module\BaseApi; +use Friendica\Module\Conversation\Community; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Profiler; +use Psr\Log\LoggerInterface; /** * @see https://docs.joinmastodon.org/methods/trends/#statuses */ class Statuses extends BaseApi { + /** + * @var IManageConfigValues + */ + private $config; + + public function __construct(IManageConfigValues $config, \Friendica\Factory\Api\Mastodon\Error $errorFactory, App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = []) + { + parent::__construct($errorFactory, $app, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); + $this->config = $config; + } + /** * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ protected function rawContent(array $request = []) { + if ($this->config->get('system', 'block_public') || $this->config->get('system', 'community_page_style') == Community::DISABLED_VISITOR) { + $this->checkAllowedScope(BaseApi::SCOPE_READ); + } + $uid = self::getCurrentUserID(); $request = $this->getRequest([