From 063fff4041e3a8dcb7a5609a2947e2e6ac882126 Mon Sep 17 00:00:00 2001 From: Effy Elden Date: Wed, 21 Dec 2022 13:58:32 +1100 Subject: [PATCH] Prevent unauthenticated access to tag timelines if timeline_preview is disabled --- app/controllers/api/v1/timelines/tag_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 64a1db58d..6643b22a2 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class Api::V1::Timelines::TagController < Api::BaseController + before_action :require_user!, only: [:show], if: :require_auth? before_action :load_tag after_action :insert_pagination_headers, unless: -> { @statuses.empty? } @@ -10,6 +11,10 @@ class Api::V1::Timelines::TagController < Api::BaseController end private + + def require_auth? + !Setting.timeline_preview + end def load_tag @tag = Tag.find_normalized(params[:id])