Merge branch '1895-hashtag-timeline-restrict-unauthenticated-fix' into 'develop'

[#1895] Made hashtag timeline respect `:restrict_unauthenticated` instance setting Closes #1895 See merge request pleroma/pleroma!2731
2020-07-08 10:55:03 +00:00 · 2020-07-08 10:55:03 +00:00 · 6335b32aa8
commit 6335b32aa8
parent a8447c3803 a6495f4a68
4 changed files with 108 additions and 24 deletions
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@ -37,7 +37,7 @@ To add configuration to your config file, you can copy it from the base config.
 * `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
 * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
 * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance.
-* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
+* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. See also: `restrict_unauthenticated`.
 * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
 * `managed_config`: Whenether the config for pleroma-fe is configured in [:frontend_configurations](#frontend_configurations) or in ``static/config.json``.
 * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
@ -971,11 +971,11 @@ config :pleroma, :database_config_whitelist, [

 ### :restrict_unauthenticated

-Restrict access for unauthenticated users to timelines (public and federate), user profiles and statuses.
+Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses.

 * `timelines`: public and federated timelines
  * `local`: public timeline
-  * `federated`
+  * `federated`: federated timeline (includes public timeline)
 * `profiles`: user profiles
  * `local`
  * `remote`
@ -983,6 +983,7 @@ Restrict access for unauthenticated users to timelines (public and federate), us
  * `local`
  * `remote`

+Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline). 

 ## Pleroma.Web.ApiSpec.CastAndValidate