diff --git a/api/funkwhale_api/federation/views.py b/api/funkwhale_api/federation/views.py index 8509023c6..8b6617132 100644 --- a/api/funkwhale_api/federation/views.py +++ b/api/funkwhale_api/federation/views.py @@ -726,7 +726,6 @@ class PlaylistViewSet( FederationMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet ): authentication_classes = [authentication.SignatureAuthentication] - permission_classes = [common_permissions.PrivacyLevelPermission] renderer_classes = renderers.get_ap_renderers() queryset = playlists_models.Playlist.objects.local().select_related("actor") serializer_class = serializers.PlaylistCollectionSerializer @@ -759,7 +758,6 @@ class PlaylistTrackViewSet( FederationMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet ): authentication_classes = [authentication.SignatureAuthentication] - permission_classes = [common_permissions.PrivacyLevelPermission] renderer_classes = renderers.get_ap_renderers() queryset = playlists_models.PlaylistTrack.objects.local().select_related("actor") serializer_class = serializers.PlaylistTrackSerializer @@ -767,6 +765,8 @@ class PlaylistTrackViewSet( def retrieve(self, request, *args, **kwargs): plt = self.get_object() + if not has_playlist_access(request, plt.playlist): + return response.Response(status=403) if utils.should_redirect_ap_to_html(request.headers.get("accept")): return redirect_to_html(plt.get_absolute_url()) diff --git a/api/funkwhale_api/playlists/serializers.py b/api/funkwhale_api/playlists/serializers.py index e1d4c8dd3..c1c87bf35 100644 --- a/api/funkwhale_api/playlists/serializers.py +++ b/api/funkwhale_api/playlists/serializers.py @@ -72,10 +72,8 @@ class PlaylistSerializer(serializers.ModelSerializer): ): actor = self.context["request"].user.actor lib_qs = obj.library.received_follows.filter(actor=actor) - logger.info(f"lib_qs is {str(lib_qs)}") if lib_qs.exists(): - logger.info(f"lib_qs exiiiiiist {str(lib_qs[0].approved)}") if lib_qs[0].approved is None: return False else: