37fdf148b0
I first focussed on getting things working Now that they do and we know what tags there are, I put some thought in providing better names I use the form <what_it_controls>_<what_it_allows_you_to_do> :statuses_read => :messages_read :status_delete => :messages_delete :user_read => :users_read :user_deletion => :users_delete :user_activation => :users_manage_activation_state :user_invite => :users_manage_invites :user_tag => :users_manage_tags :user_credentials => :users_manage_credentials :report_handle => :reports_manage_reports :emoji_management => :emoji_manage_emoji
243 lines
7.8 KiB
Elixir
243 lines
7.8 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
|
use Pleroma.Web.ConnCase, async: false
|
|
|
|
import Pleroma.Factory
|
|
|
|
alias Pleroma.Activity
|
|
alias Pleroma.ModerationLog
|
|
alias Pleroma.Repo
|
|
alias Pleroma.User
|
|
alias Pleroma.Web.CommonAPI
|
|
|
|
setup do
|
|
admin = insert(:user, is_admin: true)
|
|
token = insert(:oauth_admin_token, user: admin)
|
|
|
|
conn =
|
|
build_conn()
|
|
|> assign(:user, admin)
|
|
|> assign(:token, token)
|
|
|
|
{:ok, %{admin: admin, token: token, conn: conn}}
|
|
end
|
|
|
|
describe "GET /api/pleroma/admin/statuses/:id" do
|
|
setup do
|
|
clear_config([:instance, :admin_privileges], [:messages_read])
|
|
end
|
|
|
|
test "not found", %{conn: conn} do
|
|
assert conn
|
|
|> get("/api/pleroma/admin/statuses/not_found")
|
|
|> json_response_and_validate_schema(:not_found)
|
|
end
|
|
|
|
test "shows activity", %{conn: conn} do
|
|
activity = insert(:note_activity)
|
|
|
|
response =
|
|
conn
|
|
|> get("/api/pleroma/admin/statuses/#{activity.id}")
|
|
|> json_response_and_validate_schema(200)
|
|
|
|
assert response["id"] == activity.id
|
|
|
|
account = response["account"]
|
|
actor = User.get_by_ap_id(activity.actor)
|
|
|
|
assert account["id"] == actor.id
|
|
assert account["nickname"] == actor.nickname
|
|
assert account["is_active"] == actor.is_active
|
|
assert account["is_confirmed"] == actor.is_confirmed
|
|
end
|
|
|
|
test "denies reading activity when not privileged", %{conn: conn} do
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
|
|
end
|
|
end
|
|
|
|
describe "PUT /api/pleroma/admin/statuses/:id" do
|
|
setup do
|
|
clear_config([:instance, :admin_privileges], [:messages_delete])
|
|
activity = insert(:note_activity)
|
|
|
|
%{id: activity.id}
|
|
end
|
|
|
|
test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
|
|
response =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "true"})
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
assert response["sensitive"]
|
|
|
|
log_entry = Repo.one(ModerationLog)
|
|
|
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
|
"@#{admin.nickname} updated status ##{id}, set sensitive: 'true'"
|
|
|
|
response =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "false"})
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
refute response["sensitive"]
|
|
end
|
|
|
|
test "change visibility flag", %{conn: conn, id: id, admin: admin} do
|
|
response =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "public"})
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
assert response["visibility"] == "public"
|
|
|
|
log_entry = Repo.one(ModerationLog)
|
|
|
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
|
"@#{admin.nickname} updated status ##{id}, set visibility: 'public'"
|
|
|
|
response =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "private"})
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
assert response["visibility"] == "private"
|
|
|
|
response =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "unlisted"})
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
assert response["visibility"] == "unlisted"
|
|
end
|
|
|
|
test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
|
|
conn =
|
|
conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "test"})
|
|
|
|
assert %{"error" => "test - Invalid value for enum."} =
|
|
json_response_and_validate_schema(conn, :bad_request)
|
|
end
|
|
|
|
test "it requires privileged role :messages_delete", %{conn: conn} do
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
assert conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> put("/api/pleroma/admin/statuses/some_id", %{})
|
|
|> json_response(:forbidden)
|
|
end
|
|
end
|
|
|
|
describe "DELETE /api/pleroma/admin/statuses/:id" do
|
|
setup do
|
|
clear_config([:instance, :admin_privileges], [:messages_delete])
|
|
activity = insert(:note_activity)
|
|
|
|
%{id: activity.id}
|
|
end
|
|
|
|
test "deletes status", %{conn: conn, id: id, admin: admin} do
|
|
conn
|
|
|> delete("/api/pleroma/admin/statuses/#{id}")
|
|
|> json_response_and_validate_schema(:ok)
|
|
|
|
refute Activity.get_by_id(id)
|
|
|
|
log_entry = Repo.one(ModerationLog)
|
|
|
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
|
"@#{admin.nickname} deleted status ##{id}"
|
|
end
|
|
|
|
test "returns 404 when the status does not exist", %{conn: conn} do
|
|
conn = delete(conn, "/api/pleroma/admin/statuses/test")
|
|
|
|
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
|
|
end
|
|
|
|
test "it requires privileged role :messages_delete", %{conn: conn} do
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
assert conn
|
|
|> put_req_header("content-type", "application/json")
|
|
|> delete("/api/pleroma/admin/statuses/some_id")
|
|
|> json_response(:forbidden)
|
|
end
|
|
end
|
|
|
|
describe "GET /api/pleroma/admin/statuses" do
|
|
setup do
|
|
clear_config([:instance, :admin_privileges], [:messages_read])
|
|
end
|
|
|
|
test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
|
|
blocked = insert(:user)
|
|
user = insert(:user)
|
|
User.block(admin, blocked)
|
|
|
|
{:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
|
|
|
|
{:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"})
|
|
{:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
|
|
{:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
|
|
{:ok, _} = CommonAPI.post(blocked, %{status: ".", visibility: "public"})
|
|
|
|
response =
|
|
conn
|
|
|> get("/api/pleroma/admin/statuses")
|
|
|> json_response_and_validate_schema(200)
|
|
|
|
refute "private" in Enum.map(response, & &1["visibility"])
|
|
assert length(response) == 3
|
|
end
|
|
|
|
test "returns only local statuses with local_only on", %{conn: conn} do
|
|
user = insert(:user)
|
|
remote_user = insert(:user, local: false, nickname: "archaeme@archae.me")
|
|
insert(:note_activity, user: user, local: true)
|
|
insert(:note_activity, user: remote_user, local: false)
|
|
|
|
response =
|
|
conn
|
|
|> get("/api/pleroma/admin/statuses?local_only=true")
|
|
|> json_response_and_validate_schema(200)
|
|
|
|
assert length(response) == 1
|
|
end
|
|
|
|
test "returns private and direct statuses with godmode on", %{conn: conn, admin: admin} do
|
|
user = insert(:user)
|
|
|
|
{:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
|
|
|
|
{:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
|
|
{:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
|
|
conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
|
|
assert json_response_and_validate_schema(conn, 200) |> length() == 3
|
|
end
|
|
|
|
test "it requires privileged role :messages_read", %{conn: conn} do
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
conn = get(conn, "/api/pleroma/admin/statuses")
|
|
|
|
assert json_response(conn, :forbidden)
|
|
end
|
|
end
|
|
end
|