EnsureStaffPrivilegedPlug: don't let non-moderators through

This commit is contained in:
Alex Gleason 2021-12-27 17:18:26 -06:00
parent 264f0fde1b
commit 138f5a4517
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7

View file

@ -4,9 +4,8 @@
defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
@moduledoc """ @moduledoc """
Ensures if staff are privileged enough to do certain tasks Ensures staff are privileged enough to do certain tasks.
""" """
import Pleroma.Web.TranslationHelpers import Pleroma.Web.TranslationHelpers
import Plug.Conn import Plug.Conn
@ -19,7 +18,7 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
def call(conn, _) do def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
if Config.get!([:instance, :privileged_staff]) do if Config.get!([:instance, :privileged_staff]) do
conn conn
else else
@ -28,4 +27,10 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
|> halt() |> halt()
end end
end end
def call(conn, _) do
conn
|> render_error(:forbidden, "User is not a staff member.")
|> halt()
end
end end