Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Register
  • Sign in
  • funkwhale funkwhale
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 427
    • Issues 427
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
    • Model experiments
  • Analytics
    • Analytics
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • funkwhalefunkwhale
  • funkwhalefunkwhale
  • Issues
  • #1672

Public access to API should be reserved to public content

What is the problem you are facing?

I'm trying to make public content public, and private content private.

Turns out, if I understood correctly, it's not possible currently:

  • either you open your API, and your whole libraries are browsable (though not playable, but a lot of metadata is available)
  • or you keep your API closed, and then public content never appears to non-authenticated users (though some may have channels or public libraries).

I was assuming initially that setting anything public would make it visible / available to authenticated / non-authenticated users alike. I understand now that the design is different, but it would be great to have this in-between option. That could be shown on the About page as well, since it's instance-wise.

It adds more flexibility instance-wise, with an API setting that would differentiate between:

  • Make all metadata public and public content available to anonymous access
  • Only make public-content metadata & data available to anonymous access
  • Require authenticated user to query API (access then depending on profile of libraries / user-accepted shares).

What are the possible drawbacks or issues with the requested changes?

I don't know.

Assignee
Assign to
Time tracking