Add privileges for :user_tag
This commit is contained in:
parent
5a65e2dac5
commit
cb60cc4e02
4 changed files with 84 additions and 23 deletions
|
@ -256,7 +256,7 @@ config :pleroma, :instance,
|
|||
show_reactions: true,
|
||||
password_reset_token_validity: 60 * 60 * 24,
|
||||
profile_directory: true,
|
||||
admin_privileges: [:user_deletion, :user_credentials, :statuses_read],
|
||||
admin_privileges: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
moderator_privileges: [],
|
||||
max_endorsed_users: 20,
|
||||
birthday_required: false,
|
||||
|
|
|
@ -963,14 +963,14 @@ config :pleroma, :config_description, [
|
|||
%{
|
||||
key: :admin_privileges,
|
||||
type: {:list, :atom},
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read],
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
description:
|
||||
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||
},
|
||||
%{
|
||||
key: :moderator_privileges,
|
||||
type: {:list, :atom},
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read],
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
description:
|
||||
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||
},
|
||||
|
|
|
@ -120,6 +120,11 @@ defmodule Pleroma.Web.Router do
|
|||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read)
|
||||
end
|
||||
|
||||
pipeline :require_privileged_role_user_tag do
|
||||
plug(:admin_api)
|
||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag)
|
||||
end
|
||||
|
||||
pipeline :pleroma_html do
|
||||
plug(:browser)
|
||||
plug(:authenticate)
|
||||
|
@ -269,12 +274,17 @@ defmodule Pleroma.Web.Router do
|
|||
get("/chats/:id/messages", ChatController, :messages)
|
||||
end
|
||||
|
||||
# AdminAPI: admins and mods (staff) can perform these actions
|
||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||
pipe_through(:admin_api)
|
||||
pipe_through(:require_privileged_role_user_tag)
|
||||
|
||||
put("/users/tag", AdminAPIController, :tag_users)
|
||||
delete("/users/tag", AdminAPIController, :untag_users)
|
||||
end
|
||||
|
||||
# AdminAPI: admins and mods (staff) can perform these actions
|
||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||
pipe_through(:admin_api)
|
||||
|
||||
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
||||
patch("/users/activate", UserController, :activate)
|
||||
|
|
|
@ -92,18 +92,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
|
||||
describe "PUT /api/pleroma/admin/users/tag" do
|
||||
setup %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:user_tag])
|
||||
|
||||
user1 = insert(:user, %{tags: ["x"]})
|
||||
user2 = insert(:user, %{tags: ["y"]})
|
||||
user3 = insert(:user, %{tags: ["unchanged"]})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> put(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
||||
)
|
||||
|
||||
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
||||
end
|
||||
|
||||
|
@ -113,6 +107,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
user1: user1,
|
||||
user2: user2
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> put(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
||||
)
|
||||
|
||||
assert empty_json_response(conn)
|
||||
assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
|
||||
assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
|
||||
|
@ -130,26 +132,43 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
"@#{admin.nickname} added tags: #{tags} to users: #{users}"
|
||||
end
|
||||
|
||||
test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
|
||||
test "it does not modify tags of not specified users", %{
|
||||
conn: conn,
|
||||
user1: user1,
|
||||
user2: user2,
|
||||
user3: user3
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> put(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
||||
)
|
||||
|
||||
assert empty_json_response(conn)
|
||||
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
||||
end
|
||||
|
||||
test "it requires privileged role :user_tag", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> put("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
|
||||
|
||||
assert json_response(response, :forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
describe "DELETE /api/pleroma/admin/users/tag" do
|
||||
setup %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:user_tag])
|
||||
user1 = insert(:user, %{tags: ["x"]})
|
||||
user2 = insert(:user, %{tags: ["y", "z"]})
|
||||
user3 = insert(:user, %{tags: ["unchanged"]})
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> delete(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=x&tags[]=z"
|
||||
)
|
||||
|
||||
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
||||
end
|
||||
|
||||
|
@ -159,6 +178,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
user1: user1,
|
||||
user2: user2
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> delete(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=x&tags[]=z"
|
||||
)
|
||||
|
||||
assert empty_json_response(conn)
|
||||
assert User.get_cached_by_id(user1.id).tags == []
|
||||
assert User.get_cached_by_id(user2.id).tags == ["y"]
|
||||
|
@ -176,10 +203,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||
"@#{admin.nickname} removed tags: #{tags} from users: #{users}"
|
||||
end
|
||||
|
||||
test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
|
||||
test "it does not modify tags of not specified users", %{
|
||||
conn: conn,
|
||||
user1: user1,
|
||||
user2: user2,
|
||||
user3: user3
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> delete(
|
||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||
"#{user2.nickname}&tags[]=x&tags[]=z"
|
||||
)
|
||||
|
||||
assert empty_json_response(conn)
|
||||
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
||||
end
|
||||
|
||||
test "it requires privileged role :user_tag", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("accept", "application/json")
|
||||
|> delete("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
|
||||
|
||||
assert json_response(response, :forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/api/pleroma/admin/users/:nickname/permission_group" do
|
||||
|
|
Loading…
Reference in a new issue