Add privileges for :user_tag
This commit is contained in:
parent
5a65e2dac5
commit
cb60cc4e02
4 changed files with 84 additions and 23 deletions
|
@ -256,7 +256,7 @@ config :pleroma, :instance,
|
||||||
show_reactions: true,
|
show_reactions: true,
|
||||||
password_reset_token_validity: 60 * 60 * 24,
|
password_reset_token_validity: 60 * 60 * 24,
|
||||||
profile_directory: true,
|
profile_directory: true,
|
||||||
admin_privileges: [:user_deletion, :user_credentials, :statuses_read],
|
admin_privileges: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||||
moderator_privileges: [],
|
moderator_privileges: [],
|
||||||
max_endorsed_users: 20,
|
max_endorsed_users: 20,
|
||||||
birthday_required: false,
|
birthday_required: false,
|
||||||
|
|
|
@ -963,14 +963,14 @@ config :pleroma, :config_description, [
|
||||||
%{
|
%{
|
||||||
key: :admin_privileges,
|
key: :admin_privileges,
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
suggestions: [:user_deletion, :user_credentials, :statuses_read],
|
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :moderator_privileges,
|
key: :moderator_privileges,
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
suggestions: [:user_deletion, :user_credentials, :statuses_read],
|
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
},
|
},
|
||||||
|
|
|
@ -120,6 +120,11 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read)
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_privileged_role_user_tag do
|
||||||
|
plug(:admin_api)
|
||||||
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :pleroma_html do
|
pipeline :pleroma_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
@ -269,12 +274,17 @@ defmodule Pleroma.Web.Router do
|
||||||
get("/chats/:id/messages", ChatController, :messages)
|
get("/chats/:id/messages", ChatController, :messages)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:require_privileged_role_user_tag)
|
||||||
|
|
||||||
put("/users/tag", AdminAPIController, :tag_users)
|
put("/users/tag", AdminAPIController, :tag_users)
|
||||||
delete("/users/tag", AdminAPIController, :untag_users)
|
delete("/users/tag", AdminAPIController, :untag_users)
|
||||||
|
end
|
||||||
|
|
||||||
|
# AdminAPI: admins and mods (staff) can perform these actions
|
||||||
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
|
pipe_through(:admin_api)
|
||||||
|
|
||||||
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
||||||
patch("/users/activate", UserController, :activate)
|
patch("/users/activate", UserController, :activate)
|
||||||
|
|
|
@ -92,18 +92,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "PUT /api/pleroma/admin/users/tag" do
|
describe "PUT /api/pleroma/admin/users/tag" do
|
||||||
setup %{conn: conn} do
|
setup %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:user_tag])
|
||||||
|
|
||||||
user1 = insert(:user, %{tags: ["x"]})
|
user1 = insert(:user, %{tags: ["x"]})
|
||||||
user2 = insert(:user, %{tags: ["y"]})
|
user2 = insert(:user, %{tags: ["y"]})
|
||||||
user3 = insert(:user, %{tags: ["unchanged"]})
|
user3 = insert(:user, %{tags: ["unchanged"]})
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("accept", "application/json")
|
|
||||||
|> put(
|
|
||||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
|
||||||
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
|
||||||
)
|
|
||||||
|
|
||||||
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -113,6 +107,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
user1: user1,
|
user1: user1,
|
||||||
user2: user2
|
user2: user2
|
||||||
} do
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> put(
|
||||||
|
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||||
|
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
||||||
|
)
|
||||||
|
|
||||||
assert empty_json_response(conn)
|
assert empty_json_response(conn)
|
||||||
assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
|
assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
|
||||||
assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
|
assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
|
||||||
|
@ -130,26 +132,43 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
"@#{admin.nickname} added tags: #{tags} to users: #{users}"
|
"@#{admin.nickname} added tags: #{tags} to users: #{users}"
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
|
test "it does not modify tags of not specified users", %{
|
||||||
|
conn: conn,
|
||||||
|
user1: user1,
|
||||||
|
user2: user2,
|
||||||
|
user3: user3
|
||||||
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> put(
|
||||||
|
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||||
|
"#{user2.nickname}&tags[]=foo&tags[]=bar"
|
||||||
|
)
|
||||||
|
|
||||||
assert empty_json_response(conn)
|
assert empty_json_response(conn)
|
||||||
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :user_tag", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> put("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "DELETE /api/pleroma/admin/users/tag" do
|
describe "DELETE /api/pleroma/admin/users/tag" do
|
||||||
setup %{conn: conn} do
|
setup %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:user_tag])
|
||||||
user1 = insert(:user, %{tags: ["x"]})
|
user1 = insert(:user, %{tags: ["x"]})
|
||||||
user2 = insert(:user, %{tags: ["y", "z"]})
|
user2 = insert(:user, %{tags: ["y", "z"]})
|
||||||
user3 = insert(:user, %{tags: ["unchanged"]})
|
user3 = insert(:user, %{tags: ["unchanged"]})
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("accept", "application/json")
|
|
||||||
|> delete(
|
|
||||||
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
|
||||||
"#{user2.nickname}&tags[]=x&tags[]=z"
|
|
||||||
)
|
|
||||||
|
|
||||||
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
%{conn: conn, user1: user1, user2: user2, user3: user3}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -159,6 +178,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
user1: user1,
|
user1: user1,
|
||||||
user2: user2
|
user2: user2
|
||||||
} do
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> delete(
|
||||||
|
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||||
|
"#{user2.nickname}&tags[]=x&tags[]=z"
|
||||||
|
)
|
||||||
|
|
||||||
assert empty_json_response(conn)
|
assert empty_json_response(conn)
|
||||||
assert User.get_cached_by_id(user1.id).tags == []
|
assert User.get_cached_by_id(user1.id).tags == []
|
||||||
assert User.get_cached_by_id(user2.id).tags == ["y"]
|
assert User.get_cached_by_id(user2.id).tags == ["y"]
|
||||||
|
@ -176,10 +203,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
"@#{admin.nickname} removed tags: #{tags} from users: #{users}"
|
"@#{admin.nickname} removed tags: #{tags} from users: #{users}"
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
|
test "it does not modify tags of not specified users", %{
|
||||||
|
conn: conn,
|
||||||
|
user1: user1,
|
||||||
|
user2: user2,
|
||||||
|
user3: user3
|
||||||
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> delete(
|
||||||
|
"/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
|
||||||
|
"#{user2.nickname}&tags[]=x&tags[]=z"
|
||||||
|
)
|
||||||
|
|
||||||
assert empty_json_response(conn)
|
assert empty_json_response(conn)
|
||||||
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :user_tag", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> delete("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "/api/pleroma/admin/users/:nickname/permission_group" do
|
describe "/api/pleroma/admin/users/:nickname/permission_group" do
|
||||||
|
|
Loading…
Reference in a new issue