asonix/hyaenidae
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Server: don't show remote posts to unauthenticated users

Browse source
This commit is contained in:
asonix 2021-02-01 22:16:28 -06:00
parent c5e0b3e207
commit 87d062c0d4
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/pagination/submission.rs
View file

@ -347,10 +347,10 @@ pub(crate) fn can_view(
let requires_login = submission.is_logged_in_only()
|| if let Some(profile) = cache.profile_map.get(&submission.profile_id()) {
profile.login_required()
profile.local_owner().is_none() || profile.login_required()
} else {
let profile = store.profiles.by_id(submission.profile_id()).ok()??;
let requires_login = profile.login_required();
let requires_login = profile.local_owner().is_none() || profile.login_required();
cache.profile_map.insert(profile.id(), profile);
requires_login
};

4
src/submissions.rs
View file

@ -605,6 +605,10 @@ async fn can_view(
return Ok(Some(crate::to_404()));
}
if poster.local_owner().is_none() && viewer.is_none() {
return Ok(Some(crate::to_404()));
}
let is_self = viewer
.as_ref()
.map(|pid| *pid == poster.id())