Fix deleting banned users' statuses
This commit is contained in:
parent
8669a0abcb
commit
fee6e2aac4
3 changed files with 36 additions and 1 deletions
|
@ -88,7 +88,7 @@ defmodule Pleroma.Web.CommonAPI do
|
||||||
|
|
||||||
def delete(activity_id, user) do
|
def delete(activity_id, user) do
|
||||||
with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
|
with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
|
||||||
{:find_activity, Activity.get_by_id(activity_id)},
|
{:find_activity, Activity.get_by_id(activity_id, filter: [])},
|
||||||
{_, %Object{} = object, _} <-
|
{_, %Object{} = object, _} <-
|
||||||
{:find_object, Object.normalize(activity, fetch: false), activity},
|
{:find_object, Object.normalize(activity, fetch: false), activity},
|
||||||
true <- User.superuser?(user) || user.ap_id == object.data["actor"],
|
true <- User.superuser?(user) || user.ap_id == object.data["actor"],
|
||||||
|
|
|
@ -225,6 +225,20 @@ defmodule Pleroma.Web.CommonAPITest do
|
||||||
|
|
||||||
refute Activity.get_by_id(post.id)
|
refute Activity.get_by_id(post.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it allows privileged users to delete banned user's posts" do
|
||||||
|
clear_config([:instance, :moderator_privileges], [:messages_delete])
|
||||||
|
user = insert(:user)
|
||||||
|
moderator = insert(:user, is_moderator: true)
|
||||||
|
|
||||||
|
{:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
|
||||||
|
User.set_activation(user, false)
|
||||||
|
|
||||||
|
assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
|
||||||
|
assert delete.local
|
||||||
|
|
||||||
|
refute Activity.get_by_id(post.id)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test "favoriting race condition" do
|
test "favoriting race condition" do
|
||||||
|
|
|
@ -1073,6 +1073,27 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
|
||||||
refute Activity.get_by_id(activity1.id)
|
refute Activity.get_by_id(activity1.id)
|
||||||
refute Activity.get_by_id(activity2.id)
|
refute Activity.get_by_id(activity2.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "when you're privileged and the user is banned", %{conn: conn} do
|
||||||
|
clear_config([:instance, :moderator_privileges], [:messages_delete])
|
||||||
|
posting_user = insert(:user, is_active: false)
|
||||||
|
refute posting_user.is_active
|
||||||
|
activity = insert(:note_activity, user: posting_user)
|
||||||
|
user = insert(:user, is_moderator: true)
|
||||||
|
|
||||||
|
res_conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> assign(:token, insert(:oauth_token, user: user, scopes: ["write:statuses"]))
|
||||||
|
|> delete("/api/v1/statuses/#{activity.id}")
|
||||||
|
|
||||||
|
assert %{} = json_response_and_validate_schema(res_conn, 200)
|
||||||
|
|
||||||
|
# assert ModerationLog |> Repo.one() |> ModerationLog.get_log_entry_message() ==
|
||||||
|
# "@#{user.nickname} deleted status ##{activity.id}"
|
||||||
|
|
||||||
|
refute Activity.get_by_id(activity.id)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "reblogging" do
|
describe "reblogging" do
|
||||||
|
|
Loading…
Reference in a new issue