Server: don't show remote posts to unauthenticated users
This commit is contained in:
parent
c5e0b3e207
commit
87d062c0d4
|
@ -347,10 +347,10 @@ pub(crate) fn can_view(
|
||||||
|
|
||||||
let requires_login = submission.is_logged_in_only()
|
let requires_login = submission.is_logged_in_only()
|
||||||
|| if let Some(profile) = cache.profile_map.get(&submission.profile_id()) {
|
|| if let Some(profile) = cache.profile_map.get(&submission.profile_id()) {
|
||||||
profile.login_required()
|
profile.local_owner().is_none() || profile.login_required()
|
||||||
} else {
|
} else {
|
||||||
let profile = store.profiles.by_id(submission.profile_id()).ok()??;
|
let profile = store.profiles.by_id(submission.profile_id()).ok()??;
|
||||||
let requires_login = profile.login_required();
|
let requires_login = profile.local_owner().is_none() || profile.login_required();
|
||||||
cache.profile_map.insert(profile.id(), profile);
|
cache.profile_map.insert(profile.id(), profile);
|
||||||
requires_login
|
requires_login
|
||||||
};
|
};
|
||||||
|
|
|
@ -605,6 +605,10 @@ async fn can_view(
|
||||||
return Ok(Some(crate::to_404()));
|
return Ok(Some(crate::to_404()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if poster.local_owner().is_none() && viewer.is_none() {
|
||||||
|
return Ok(Some(crate::to_404()));
|
||||||
|
}
|
||||||
|
|
||||||
let is_self = viewer
|
let is_self = viewer
|
||||||
.as_ref()
|
.as_ref()
|
||||||
.map(|pid| *pid == poster.id())
|
.map(|pid| *pid == poster.id())
|
||||||
|
|
Loading…
Reference in a new issue