Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • funkwhale funkwhale
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 376
    • Issues 376
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 16
    • Merge requests 16
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • funkwhalefunkwhale
  • funkwhalefunkwhale
  • Issues
  • #1672
Closed
Open
Issue created Jan 09, 2022 by Jean@popindavibe

Public access to API should be reserved to public content

What is the problem you are facing?

I'm trying to make public content public, and private content private.

Turns out, if I understood correctly, it's not possible currently:

  • either you open your API, and your whole libraries are browsable (though not playable, but a lot of metadata is available)
  • or you keep your API closed, and then public content never appears to non-authenticated users (though some may have channels or public libraries).

I was assuming initially that setting anything public would make it visible / available to authenticated / non-authenticated users alike. I understand now that the design is different, but it would be great to have this in-between option. That could be shown on the About page as well, since it's instance-wise.

It adds more flexibility instance-wise, with an API setting that would differentiate between:

  • Make all metadata public and public content available to anonymous access
  • Only make public-content metadata & data available to anonymous access
  • Require authenticated user to query API (access then depending on profile of libraries / user-accepted shares).

What are the possible drawbacks or issues with the requested changes?

I don't know.

Assignee
Assign to
Time tracking