Skip to content

Add documentation on new timelines_access instance configuration attribute #1745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 28, 2025
Merged

Add documentation on new timelines_access instance configuration attribute #1745

merged 5 commits into from
Oct 28, 2025

Conversation

@ClearlyClaire
Copy link
Contributor

Fixes MAS-607

@daprice
Copy link
Contributor

daprice commented Oct 27, 2025

Thanks! As a client dev I’d appreciate if the docs could clarify how calls to timeline APIs will behave based on these settings.

For example if I make an unauthenticated call to /api/v1/timelines/tag/SomeHashtag without specifying local or remote parameters, on a server where hashtag_feeds.local is “public” and hashtag_feeds.remote is “authenticated”, will I get a 401, or will I get the timeline response with remote posts filtered out?

What if I make the same call with remote=true: should I expect 401, or an empty response? And so on.

If a feed is set to “disabled”, how can API clients determine what the “special role” is and whether the current user has it?

@ClearlyClaire
Copy link
Contributor Author

For example if I make an unauthenticated call to /api/v1/timelines/tag/SomeHashtag without specifying local or remote parameters, on a server where hashtag_feeds.local is “public” and hashtag_feeds.remote is “authenticated”, will I get a 401, or will I get the timeline response with remote posts filtered out?

What if I make the same call with remote=true: should I expect 401, or an empty response? And so on.

For unauthenticated requests to endpoints covering that are not allowed, 401 is returned, because there is precedent for that with the previous setting to disable those feeds for unauthenticated access.

For authenticated access, this will always return a 200 ok, but results will be filtered accordingly.

oneiros
oneiros approved these changes Oct 28, 2025
View reviewed changes
Copy link
Contributor

@oneiros oneiros left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent addition and I approve this, feel free to merge as is.

If you like, I think there is a tiny opportunity to streamline this a little: The Descriptions all start with "Information with regards to access restrictions ...". I think the "Information with regards to" part is a bit redundant and could just be removed. So for example "Information with regards to access restrictions on different timelines." would become "Access restrictions on different timelines.".

@ClearlyClaire ClearlyClaire merged commit 96f08f4 into main Oct 28, 2025
2 checks passed
@ClearlyClaire ClearlyClaire deleted the ClearlyClaire-patch-4 branch October 28, 2025 10:16
@daprice
Copy link
Contributor

daprice commented Oct 28, 2025

Perfect, thanks for the clarification!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oneiros oneiros oneiros approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ClearlyClaire @daprice @oneiros