[Bug] Local/remote activities "unauthenticated access" options are broken #151

New Issue

Closed

opened 2022-08-31 17:27:03 +00:00 by eris · 5 comments

eris commented 2022-08-31 17:27:03 +00:00

Contributor

Copy Link

This must have been a recent change?

These options would normally disable local and remote statuses if not logged in or accessing from authenticated API but now they don't respect that at all.

This has been happening before the "with replies" patch so we can rule that out.

Occurs on both Disq and develop branch of akkoma, as well as stable branch of akkoma. Will test upstream pleroma-fe as well. Possible backend issue?

Edit: Tested upstream pleroma-fe as well and it's broken there also. So either this is broken in both or its a backend issue

This must have been a recent change? These options would normally disable local and remote statuses if not logged in or accessing from authenticated API but now they don't respect that at all. This has been happening before the "with replies" patch so we can rule that out. Occurs on both Disq and develop branch of akkoma, as well as stable branch of akkoma. Will test upstream pleroma-fe as well. Possible backend issue? Edit: Tested upstream pleroma-fe as well and it's broken there also. So either this is broken in both or its a backend issue

remote statuses.PNG

258 KiB

local statuses.PNG

187 KiB

eris added the

Bug

label 2022-08-31 17:27:03 +00:00

floatingghost commented 2022-08-31 18:00:00 +00:00

Owner

Copy Link

it appears to be working as expected, though it is counter-intuitive

you're probably looking for this setting:

whilst being able to see activities via the timeline appears to subvert visibility, it wouldn't make any sense to allow public timeline but then restrict all local activities

in short, switch on restrict timeline/profiles

it appears to be working as expected, though it is counter-intuitive you're probably looking for this setting:  whilst being able to see activities via the timeline appears to subvert visibility, it wouldn't make any sense to allow public timeline but then restrict all local activities in short, switch on restrict timeline/profiles

image.png

22 KiB

image.png

18 KiB

eris commented 2022-08-31 18:09:25 +00:00

Author

Contributor

Copy Link

it appears to be working as expected, though it is counter-intuitive

whilst being able to see activities via the timeline appears to subvert visibility, it wouldn't make any sense to allow public timeline but then restrict all local activities

in short, switch on restrict timeline/profiles

I have these disallowed regardless and confirm that those options do work for disallowing those timelines. This is in regards to the Activities option only.

The expected behavior should be, with Activities options disabled, on user profiles you cannot see local or remote activities, but they display regardless. That means these options are fully broken.

There's many cases where I would want someone to see my profile (ie to be able to remote follow) but not have posts displayed -- or in my case, to have local statuses displayed but not remote statuses.

However as confirmed, this also occurs with upstream pleroma-fe (but haven't tested with upstream backend, just akkoma's)

Updated title for clarity

> it appears to be working as expected, though it is counter-intuitive > > whilst being able to see activities via the timeline appears to subvert visibility, it wouldn't make any sense to allow public timeline but then restrict all local activities > > in short, switch on restrict timeline/profiles I have these disallowed regardless and confirm that those options do work for disallowing those timelines. This is in regards to the Activities option only. The expected behavior should be, with Activities options disabled, on user profiles you cannot see local or remote activities, but they display regardless. That means these options are fully broken. There's many cases where I would want someone to see my profile (ie to be able to remote follow) but not have posts displayed -- or in my case, to have local statuses displayed but not remote statuses. However as confirmed, this also occurs with upstream pleroma-fe (but haven't tested with upstream backend, just akkoma's) Updated title for clarity

Screen Shot 2022-08-31 at 11.06.49 AM.png

381 KiB

eris changed title from [Bug] Local/remote "unauthenticated access" options are broken to [Bug] Local/remote activities "unauthenticated access" options are broken 2022-08-31 18:11:38 +00:00

floatingghost commented 2022-08-31 18:13:23 +00:00

Owner

Copy Link

That means these options are fully broken.

i'd argue it's just badly documented

it does indeed disallow access to the activity data if accessed directly, but via the timeline it's allowed - since you can see the timeline

this is 100% a backend option, fe will do nothing for it

but indeed it's quite a confusing set of options and should probably be cleaned up

> That means these options are fully broken. i'd argue it's just badly documented it does indeed disallow access to the activity data if accessed directly, but via the timeline it's allowed - since you can see the timeline this is 100% a backend option, fe will do nothing for it but indeed it's quite a confusing set of options and should probably be cleaned up

eris commented 2022-08-31 18:16:42 +00:00

Author

Contributor

Copy Link

I'll note that these options worked fine until recently and only now are broken, and I'd definitely please ask that you do NOT remove those options. Disqordia's use case depended on them which is why I noticed the change. The documentation is not the issue.

If I can get hj to find the issue if its upstream as well then it would be much preferable to merge the fix for them.

I'll note that these options worked fine until recently and only now are broken, and I'd definitely please ask that you do NOT remove those options. Disqordia's use case depended on them which is why I noticed the change. The documentation is not the issue. If I can get hj to find the issue if its upstream as well then it would be much preferable to merge the fix for them.

eris commented 2022-08-31 19:32:26 +00:00

Author

Contributor

Copy Link

Closing this frontend issue due to confirmation by hj that this is a backend issue

Closing this frontend issue due to confirmation by hj that this is a backend issue

eris closed this issue 2022-08-31 19:32:26 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

translations

stable

dm-privacy

paginate-follow-requests

link-verification

cypress

i18n

branch-artifact

marked-mfm

build-on-merge

woodpecker

v3.11.0

v3.10.0

2023.05

2023.04

2023.03

2.4.5-2

2.4.5-1

2.4.5

2.4.4-1

2.4.4

2.4.3

ci-1

ci-0

2.4.2

2.4.0

2.3.0

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.3

2.0.2

0.9.999

0.9.99

0.9.9

Labels

Clear labels   

a11y

Issues and PRs about accessibility

  

Bug

Applies to issues describing bugs

  

Bug fix

Pull requests that squash bugs

  

Critical Priority

  

Documentation

  

Feature

Pull requests that implement new features

  

Feature request

Issues that request new features

  

Held for next release cycle

PR reviewed during release candidate phase, approved and held as PR

  

High Priority

  

Low Priority

  

Medium Priority

  

Minor change

For minor changes, ie CSS alignment changes

  

Translation/Locale

For changes related to translations

  

WIP

Work in progress

No Label

a11y

Bug

Bug fix

Critical Priority

Documentation

Feature

Feature request

Held for next release cycle

High Priority

Low Priority

Medium Priority

Minor change

Translation/Locale

WIP

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma-fe#151

No description provided.