clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tighten profile restriction feature

Browse Source 
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
This commit is contained in:
Hypolite Petovan
2022-11-30 13:50:52 -05:00
parent 0d53c69610
commit b83526ad0b
16 changed files with 135 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Module/Profile/Photos.php
View File

@@ -88,8 +88,8 @@ class Photos extends \Friendica\Module\BaseProfile
$remote_contact = $contact && !$contact['blocked'] && !$contact['pending'];
}
if ($owner['hidewall'] && !$is_owner && !$remote_contact) {
throw new HttpException\ForbiddenException($this->t('Access to this item is restricted.'));
if ($owner['hidewall'] && !$this->session->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $owner['nickname'] . '/restricted');
}
$this->session->set('photo_return', $this->args->getCommand());