Add privilige :emoji_management

This commit is contained in:
Ilja 2022-06-11 22:18:21 +02:00
parent 0ee8f33250
commit ecd42a2ce1
6 changed files with 138 additions and 7 deletions

View file

@ -265,7 +265,8 @@ config :pleroma, :instance,
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read, :user_read,
:status_delete :status_delete,
:emoji_management
], ],
moderator_privileges: [], moderator_privileges: [],
max_endorsed_users: 20, max_endorsed_users: 20,

View file

@ -972,7 +972,8 @@ config :pleroma, :config_description, [
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read, :user_read,
:status_delete :status_delete,
:emoji_management
], ],
description: description:
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@ -989,7 +990,8 @@ config :pleroma, :config_description, [
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read, :user_read,
:status_delete :status_delete,
:emoji_management
], ],
description: description:
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"

View file

@ -150,6 +150,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete)
end end
pipeline :require_privileged_role_emoji_management do
plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_management)
end
pipeline :pleroma_html do pipeline :pleroma_html do
plug(:browser) plug(:browser)
plug(:authenticate) plug(:authenticate)
@ -360,6 +365,13 @@ defmodule Pleroma.Web.Router do
delete("/chats/:id/messages/:message_id", ChatController, :delete_message) delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
end end
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:require_privileged_role_emoji_management)
post("/reload_emoji", AdminAPIController, :reload_emoji)
end
# AdminAPI: admins and mods (staff) can perform these actions # AdminAPI: admins and mods (staff) can perform these actions
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through(:admin_api)
@ -368,13 +380,12 @@ defmodule Pleroma.Web.Router do
get("/moderation_log", AdminAPIController, :list_log) get("/moderation_log", AdminAPIController, :list_log)
post("/reload_emoji", AdminAPIController, :reload_emoji)
get("/stats", AdminAPIController, :stats) get("/stats", AdminAPIController, :stats)
end end
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
scope "/pack" do scope "/pack" do
pipe_through(:admin_api) pipe_through(:require_privileged_role_emoji_management)
post("/", EmojiPackController, :create) post("/", EmojiPackController, :create)
patch("/", EmojiPackController, :update) patch("/", EmojiPackController, :update)
@ -389,7 +400,7 @@ defmodule Pleroma.Web.Router do
# Modifying packs # Modifying packs
scope "/packs" do scope "/packs" do
pipe_through(:admin_api) pipe_through(:require_privileged_role_emoji_management)
get("/import", EmojiPackController, :import_from_filesystem) get("/import", EmojiPackController, :import_from_filesystem)
get("/remote", EmojiPackController, :remote) get("/remote", EmojiPackController, :remote)

View file

@ -1060,6 +1060,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert Repo.aggregate(Pleroma.User.Backup, :count) == 2 assert Repo.aggregate(Pleroma.User.Backup, :count) == 2
end end
end end
describe "POST /api/v1/pleroma/admin/reload_emoji" do
setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin)
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, token)
{:ok, %{conn: conn, admin: admin}}
end
test "it requires privileged role :emoji_management", %{conn: conn} do
assert conn
|> post("/api/v1/pleroma/admin/reload_emoji")
|> json_response(200)
clear_config([:instance, :admin_privileges], [])
assert conn
|> post("/api/v1/pleroma/admin/reload_emoji")
|> json_response(:forbidden)
end
end
end end
# Needed for testing # Needed for testing

View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
use Pleroma.Web.ConnCase use Pleroma.Web.ConnCase, async: false
import Mock import Mock
import Tesla.Mock import Tesla.Mock
@ -30,6 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -377,5 +378,32 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
}) })
|> json_response_and_validate_schema(:bad_request) |> json_response_and_validate_schema(:bad_request)
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], [])
assert admin_conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/emoji/packs/files?name=test_pack", %{
file: %Plug.Upload{
filename: "shortcode.png",
path: "#{Pleroma.Config.get([:instance, :static_dir])}/add/shortcode.png"
}
})
|> json_response(:forbidden)
assert admin_conn
|> put_req_header("content-type", "multipart/form-data")
|> patch("/api/pleroma/emoji/packs/files?name=test_pack", %{
shortcode: "blank",
new_filename: "dir_2/blank_3.png"
})
|> json_response(:forbidden)
assert admin_conn
|> put_req_header("content-type", "multipart/form-data")
|> delete("/api/pleroma/emoji/packs/files?name=test_pack&shortcode=blank3")
|> json_response(:forbidden)
end
end end
end end

View file

@ -99,6 +99,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
end end
describe "GET /api/pleroma/emoji/packs/remote" do describe "GET /api/pleroma/emoji/packs/remote" do
setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
end
test "shareable instance", %{admin_conn: admin_conn, conn: conn} do test "shareable instance", %{admin_conn: admin_conn, conn: conn} do
resp = resp =
conn conn
@ -136,6 +140,14 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
"error" => "The requested instance does not support sharing emoji packs" "error" => "The requested instance does not support sharing emoji packs"
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], [])
assert admin_conn
|> get("/api/pleroma/emoji/packs/remote?url=https://example.com")
|> json_response(:forbidden)
end
end end
describe "GET /api/pleroma/emoji/packs/archive?name=:name" do describe "GET /api/pleroma/emoji/packs/archive?name=:name" do
@ -170,6 +182,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
end end
describe "POST /api/pleroma/emoji/packs/download" do describe "POST /api/pleroma/emoji/packs/download" do
setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
end
test "shared pack from remote and non shared from fallback-src", %{ test "shared pack from remote and non shared from fallback-src", %{
admin_conn: admin_conn, admin_conn: admin_conn,
conn: conn conn: conn
@ -344,10 +360,24 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
"The pack was not set as shared and there is no fallback src to download from" "The pack was not set as shared and there is no fallback src to download from"
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn} do
clear_config([:instance, :admin_privileges], [])
assert conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/emoji/packs/download", %{
url: "https://example.com",
name: "test_pack",
as: "test_pack2"
})
|> json_response(:forbidden)
end
end end
describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -435,9 +465,22 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
"error" => "The fallback archive does not have all files specified in pack.json" "error" => "The fallback archive does not have all files specified in pack.json"
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do
clear_config([:instance, :admin_privileges], [])
assert conn
|> put_req_header("content-type", "multipart/form-data")
|> patch("/api/pleroma/emoji/pack?name=test_pack", %{metadata: new_data})
|> json_response(:forbidden)
end
end end
describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do
setup do
clear_config([:instance, :admin_privileges], [:emoji_management])
end
test "returns an error on creates pack when file system not writable", %{ test "returns an error on creates pack when file system not writable", %{
admin_conn: admin_conn admin_conn: admin_conn
} do } do
@ -520,6 +563,18 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
"error" => "pack name cannot be empty" "error" => "pack name cannot be empty"
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], [])
assert admin_conn
|> post("/api/pleroma/emoji/pack?name= ")
|> json_response(:forbidden)
assert admin_conn
|> delete("/api/pleroma/emoji/pack?name= ")
|> json_response(:forbidden)
end
end end
test "deleting nonexisting pack", %{admin_conn: admin_conn} do test "deleting nonexisting pack", %{admin_conn: admin_conn} do
@ -578,6 +633,12 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
"blank2" => "blank.png", "blank2" => "blank.png",
"foo" => "blank.png" "foo" => "blank.png"
} }
clear_config([:instance, :admin_privileges], [])
assert admin_conn
|> get("/api/pleroma/emoji/packs/import")
|> json_response(:forbidden)
end end
describe "GET /api/pleroma/emoji/pack?name=:name" do describe "GET /api/pleroma/emoji/pack?name=:name" do