Server: don't show remote posts to unauthenticated users
This commit is contained in:
parent
c5e0b3e207
commit
87d062c0d4
|
@ -347,10 +347,10 @@ pub(crate) fn can_view(
|
|||
|
||||
let requires_login = submission.is_logged_in_only()
|
||||
|| if let Some(profile) = cache.profile_map.get(&submission.profile_id()) {
|
||||
profile.login_required()
|
||||
profile.local_owner().is_none() || profile.login_required()
|
||||
} else {
|
||||
let profile = store.profiles.by_id(submission.profile_id()).ok()??;
|
||||
let requires_login = profile.login_required();
|
||||
let requires_login = profile.local_owner().is_none() || profile.login_required();
|
||||
cache.profile_map.insert(profile.id(), profile);
|
||||
requires_login
|
||||
};
|
||||
|
|
|
@ -605,6 +605,10 @@ async fn can_view(
|
|||
return Ok(Some(crate::to_404()));
|
||||
}
|
||||
|
||||
if poster.local_owner().is_none() && viewer.is_none() {
|
||||
return Ok(Some(crate::to_404()));
|
||||
}
|
||||
|
||||
let is_self = viewer
|
||||
.as_ref()
|
||||
.map(|pid| *pid == poster.id())
|
||||
|
|
Loading…
Reference in a new issue