Add privilege for announcements
This commit is contained in:
parent
44d14e8a9c
commit
c045a49909
4 changed files with 108 additions and 1 deletions
|
@ -269,6 +269,7 @@ config :pleroma, :instance,
|
||||||
:instances_delete,
|
:instances_delete,
|
||||||
:reports_manage_reports,
|
:reports_manage_reports,
|
||||||
:moderation_log_read,
|
:moderation_log_read,
|
||||||
|
:announcements_manage_announcements,
|
||||||
:emoji_manage_emoji,
|
:emoji_manage_emoji,
|
||||||
:statistics_read
|
:statistics_read
|
||||||
],
|
],
|
||||||
|
|
|
@ -984,6 +984,7 @@ config :pleroma, :config_description, [
|
||||||
:instances_delete,
|
:instances_delete,
|
||||||
:reports_manage_reports,
|
:reports_manage_reports,
|
||||||
:moderation_log_read,
|
:moderation_log_read,
|
||||||
|
:announcements_manage_announcements,
|
||||||
:emoji_manage_emoji,
|
:emoji_manage_emoji,
|
||||||
:statistics_read
|
:statistics_read
|
||||||
],
|
],
|
||||||
|
@ -1005,6 +1006,7 @@ config :pleroma, :config_description, [
|
||||||
:instances_delete,
|
:instances_delete,
|
||||||
:reports_manage_reports,
|
:reports_manage_reports,
|
||||||
:moderation_log_read,
|
:moderation_log_read,
|
||||||
|
:announcements_manage_announcements,
|
||||||
:emoji_manage_emoji,
|
:emoji_manage_emoji,
|
||||||
:statistics_read
|
:statistics_read
|
||||||
],
|
],
|
||||||
|
|
|
@ -170,6 +170,11 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statistics_read)
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statistics_read)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_privileged_role_announcements_manage_announcements do
|
||||||
|
plug(:admin_api)
|
||||||
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :announcements_manage_announcements)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :pleroma_html do
|
pipeline :pleroma_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
@ -289,6 +294,11 @@ defmodule Pleroma.Web.Router do
|
||||||
post("/frontends/install", FrontendController, :install)
|
post("/frontends/install", FrontendController, :install)
|
||||||
|
|
||||||
post("/backups", AdminAPIController, :create_backup)
|
post("/backups", AdminAPIController, :create_backup)
|
||||||
|
end
|
||||||
|
|
||||||
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
|
pipe_through(:require_privileged_role_announcements_manage_announcements)
|
||||||
|
|
||||||
get("/announcements", AnnouncementController, :index)
|
get("/announcements", AnnouncementController, :index)
|
||||||
post("/announcements", AnnouncementController, :create)
|
post("/announcements", AnnouncementController, :create)
|
||||||
|
|
|
@ -3,11 +3,12 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase, async: false
|
||||||
|
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
|
|
||||||
setup do
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:announcements_manage_announcements])
|
||||||
admin = insert(:user, is_admin: true)
|
admin = insert(:user, is_admin: true)
|
||||||
token = insert(:oauth_admin_token, user: admin)
|
token = insert(:oauth_admin_token, user: admin)
|
||||||
|
|
||||||
|
@ -31,6 +32,18 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
assert [%{"id" => ^id}] = response
|
assert [%{"id" => ^id}] = response
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/pleroma/admin/announcements")
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/pleroma/admin/announcements")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "it paginates announcements", %{conn: conn} do
|
test "it paginates announcements", %{conn: conn} do
|
||||||
_announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
|
_announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
|
||||||
|
|
||||||
|
@ -92,6 +105,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
assert %{"id" => ^id} = response
|
assert %{"id" => ^id} = response
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
|
||||||
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/pleroma/admin/announcements/#{id}")
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/pleroma/admin/announcements/#{id}")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns not found for non-existent id", %{conn: conn} do
|
test "it returns not found for non-existent id", %{conn: conn} do
|
||||||
%{id: id} = insert(:announcement)
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
@ -112,6 +139,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
|> json_response_and_validate_schema(:ok)
|
|> json_response_and_validate_schema(:ok)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
|
||||||
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> delete("/api/v1/pleroma/admin/announcements/#{id}")
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> delete("/api/v1/pleroma/admin/announcements/#{id}")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns not found for non-existent id", %{conn: conn} do
|
test "it returns not found for non-existent id", %{conn: conn} do
|
||||||
%{id: id} = insert(:announcement)
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
@ -156,6 +197,29 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq
|
assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
|
||||||
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
|
||||||
|
starts_at = NaiveDateTime.add(now, -10, :second)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
|
||||||
|
starts_at: NaiveDateTime.to_iso8601(starts_at)
|
||||||
|
})
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
|
||||||
|
starts_at: NaiveDateTime.to_iso8601(starts_at)
|
||||||
|
})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "it updates with time with utc timezone", %{conn: conn} do
|
test "it updates with time with utc timezone", %{conn: conn} do
|
||||||
%{id: id} = insert(:announcement)
|
%{id: id} = insert(:announcement)
|
||||||
|
|
||||||
|
@ -250,6 +314,36 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|
||||||
assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq
|
assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
|
||||||
|
content = "test post announcement api"
|
||||||
|
|
||||||
|
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
|
||||||
|
starts_at = NaiveDateTime.add(now, -10, :second)
|
||||||
|
ends_at = NaiveDateTime.add(now, 10, :second)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> post("/api/v1/pleroma/admin/announcements", %{
|
||||||
|
"content" => content,
|
||||||
|
"starts_at" => NaiveDateTime.to_iso8601(starts_at),
|
||||||
|
"ends_at" => NaiveDateTime.to_iso8601(ends_at),
|
||||||
|
"all_day" => true
|
||||||
|
})
|
||||||
|
|> json_response_and_validate_schema(:ok)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> post("/api/v1/pleroma/admin/announcements", %{
|
||||||
|
"content" => content,
|
||||||
|
"starts_at" => NaiveDateTime.to_iso8601(starts_at),
|
||||||
|
"ends_at" => NaiveDateTime.to_iso8601(ends_at),
|
||||||
|
"all_day" => true
|
||||||
|
})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
test "creating with time with utc timezones", %{conn: conn} do
|
test "creating with time with utc timezones", %{conn: conn} do
|
||||||
content = "test post announcement api"
|
content = "test post announcement api"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue