Add priviledges for :statuses_read
This was the last in :require_privileged_staff. I'll remove that in the next commit
This commit is contained in:
parent
8a9144ca8b
commit
b1ff5241c2
4 changed files with 75 additions and 10 deletions
|
@ -119,6 +119,11 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials)
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_privileged_role_statuses_read do
|
||||||
|
plug(:admin_api)
|
||||||
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :pleroma_html do
|
pipeline :pleroma_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
@ -242,22 +247,22 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through([:admin_api, :require_privileged_role_user_deletion])
|
pipe_through(:require_privileged_role_user_deletion)
|
||||||
|
|
||||||
delete("/users", UserController, :delete)
|
delete("/users", UserController, :delete)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through([:admin_api, :require_privileged_role_user_credentials])
|
pipe_through(:require_privileged_role_user_credentials)
|
||||||
|
|
||||||
get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
|
get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
|
||||||
patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
|
patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through([:admin_api, :require_privileged_staff])
|
pipe_through(:require_privileged_role_statuses_read)
|
||||||
|
|
||||||
get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)
|
get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)
|
||||||
get("/users/:nickname/chats", AdminAPIController, :list_user_chats)
|
get("/users/:nickname/chats", AdminAPIController, :list_user_chats)
|
||||||
|
@ -268,6 +273,11 @@ defmodule Pleroma.Web.Router do
|
||||||
get("/chats/:id/messages", ChatController, :messages)
|
get("/chats/:id/messages", ChatController, :messages)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
|
||||||
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
|
pipe_through([:admin_api, :require_privileged_staff])
|
||||||
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions
|
# AdminAPI: admins and mods (staff) can perform these actions
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:admin_api)
|
||||||
|
|
|
@ -359,6 +359,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/users/:nickname/statuses" do
|
describe "GET /api/pleroma/admin/users/:nickname/statuses" do
|
||||||
setup do
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
insert(:note_activity, user: user)
|
insert(:note_activity, user: user)
|
||||||
|
@ -375,6 +377,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
assert length(activities) == 3
|
assert length(activities) == 3
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "renders user's statuses with pagination", %{conn: conn, user: user} do
|
test "renders user's statuses with pagination", %{conn: conn, user: user} do
|
||||||
%{"total" => 3, "activities" => [activity1]} =
|
%{"total" => 3, "activities" => [activity1]} =
|
||||||
conn
|
conn
|
||||||
|
@ -436,21 +446,32 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/users/:nickname/chats" do
|
describe "GET /api/pleroma/admin/users/:nickname/chats" do
|
||||||
setup do
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
|
%{user: user}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "renders user's chats", %{conn: conn, user: user} do
|
||||||
recipients = insert_list(3, :user)
|
recipients = insert_list(3, :user)
|
||||||
|
|
||||||
Enum.each(recipients, fn recipient ->
|
Enum.each(recipients, fn recipient ->
|
||||||
CommonAPI.post_chat_message(user, recipient, "yo")
|
CommonAPI.post_chat_message(user, recipient, "yo")
|
||||||
end)
|
end)
|
||||||
|
|
||||||
%{user: user}
|
|
||||||
end
|
|
||||||
|
|
||||||
test "renders user's chats", %{conn: conn, user: user} do
|
|
||||||
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
|
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
|
||||||
|
|
||||||
assert json_response(conn, 200) |> length() == 3
|
assert json_response(conn, 200) |> length() == 3
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do
|
describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do
|
||||||
|
|
|
@ -63,7 +63,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/chats/:id/messages" do
|
describe "GET /api/pleroma/admin/chats/:id/messages" do
|
||||||
setup do: admin_setup()
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
admin_setup()
|
||||||
|
end
|
||||||
|
|
||||||
test "it paginates", %{conn: conn} do
|
test "it paginates", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -114,10 +117,21 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
||||||
|
|
||||||
assert length(result) == 3
|
assert length(result) == 3
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_read", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/chats/:id" do
|
describe "GET /api/pleroma/admin/chats/:id" do
|
||||||
setup do: admin_setup()
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
admin_setup()
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns a chat", %{conn: conn} do
|
test "it returns a chat", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -135,6 +149,14 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
|
||||||
assert %{} = result["receiver"]
|
assert %{} = result["receiver"]
|
||||||
refute result["account"]
|
refute result["account"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_read", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn = get(conn, "/api/pleroma/admin/chats/some_id")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "unauthorized chat moderation" do
|
describe "unauthorized chat moderation" do
|
||||||
|
|
|
@ -152,6 +152,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/statuses" do
|
describe "GET /api/pleroma/admin/statuses" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
end
|
||||||
|
|
||||||
test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
|
test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
|
||||||
blocked = insert(:user)
|
blocked = insert(:user)
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -197,5 +201,13 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
||||||
conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
|
conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
|
||||||
assert json_response_and_validate_schema(conn, 200) |> length() == 3
|
assert json_response_and_validate_schema(conn, 200) |> length() == 3
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_read", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn = get(conn, "/api/pleroma/admin/statuses")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue