EnsureStaffPrivilegedPlug: don't let non-moderators through

This commit is contained in:
Alex Gleason 2021-12-27 17:18:26 -06:00
parent 264f0fde1b
commit 138f5a4517
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
1 changed files with 8 additions and 3 deletions

View File

@ -4,9 +4,8 @@
defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
@moduledoc """ @moduledoc """
Ensures if staff are privileged enough to do certain tasks Ensures staff are privileged enough to do certain tasks.
""" """
import Pleroma.Web.TranslationHelpers import Pleroma.Web.TranslationHelpers
import Plug.Conn import Plug.Conn
@ -19,7 +18,7 @@ def init(options) do
def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
def call(conn, _) do def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
if Config.get!([:instance, :privileged_staff]) do if Config.get!([:instance, :privileged_staff]) do
conn conn
else else
@ -28,4 +27,10 @@ def call(conn, _) do
|> halt() |> halt()
end end
end end
def call(conn, _) do
conn
|> render_error(:forbidden, "User is not a staff member.")
|> halt()
end
end end