Rename privilege tags

I first focussed on getting things working
Now that they do and we know what tags there are, I put some thought in providing better names

I use the form <what_it_controls>_<what_it_allows_you_to_do>

:statuses_read    => :messages_read
:status_delete    => :messages_delete

:user_read        => :users_read
:user_deletion    => :users_delete
:user_activation  => :users_manage_activation_state
:user_invite      => :users_manage_invites
:user_tag         => :users_manage_tags
:user_credentials => :users_manage_credentials

:report_handle    => :reports_manage_reports

:emoji_management => :emoji_manage_emoji
This commit is contained in:
Ilja 2022-07-01 09:54:05 +02:00
parent 4e4eb81749
commit 37fdf148b0
27 changed files with 138 additions and 126 deletions

View File

@ -257,16 +257,16 @@
password_reset_token_validity: 60 * 60 * 24, password_reset_token_validity: 60 * 60 * 24,
profile_directory: true, profile_directory: true,
admin_privileges: [ admin_privileges: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
moderator_privileges: [], moderator_privileges: [],
max_endorsed_users: 20, max_endorsed_users: 20,

View File

@ -964,16 +964,16 @@
key: :admin_privileges, key: :admin_privileges,
type: {:list, :atom}, type: {:list, :atom},
suggestions: [ suggestions: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
description: description:
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@ -982,16 +982,16 @@
key: :moderator_privileges, key: :moderator_privileges,
type: {:list, :atom}, type: {:list, :atom},
suggestions: [ suggestions: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
description: description:
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"

View File

@ -542,7 +542,8 @@ def get_potential_receiver_ap_ids(%{data: %{"type" => "Follow", "object" => obje
end end
def get_potential_receiver_ap_ids(%{data: %{"type" => "Flag", "actor" => actor}}) do def get_potential_receiver_ap_ids(%{data: %{"type" => "Flag", "actor" => actor}}) do
(User.all_users_with_privilege(:report_handle) |> Enum.map(fn user -> user.ap_id end)) -- (User.all_users_with_privilege(:reports_manage_reports)
|> Enum.map(fn user -> user.ap_id end)) --
[actor] [actor]
end end

View File

@ -326,7 +326,7 @@ def visible_for(%User{} = user, nil) do
end end
def visible_for(%User{} = user, for_user) do def visible_for(%User{} = user, for_user) do
if privileged?(for_user, :user_activation) do if privileged?(for_user, :users_manage_activation_state) do
:visible :visible
else else
visible_account_status(user) visible_account_status(user)

View File

@ -392,7 +392,7 @@ defp do_flag(
_ <- notify_and_stream(activity), _ <- notify_and_stream(activity),
:ok <- :ok <-
maybe_federate(stripped_activity) do maybe_federate(stripped_activity) do
User.all_users_with_privilege(:report_handle) User.all_users_with_privilege(:reports_manage_reports)
|> Enum.filter(fn user -> user.ap_id != actor end) |> Enum.filter(fn user -> user.ap_id != actor end)
|> Enum.filter(fn user -> not is_nil(user.email) end) |> Enum.filter(fn user -> not is_nil(user.email) end)
|> Enum.each(fn privileged_user -> |> Enum.each(fn privileged_user ->

View File

@ -61,7 +61,7 @@ defp validate_data(cng) do
|> validate_required([:id, :type, :actor, :to, :cc, :object]) |> validate_required([:id, :type, :actor, :to, :cc, :object])
|> validate_inclusion(:type, ["Delete"]) |> validate_inclusion(:type, ["Delete"])
|> validate_delete_actor(:actor) |> validate_delete_actor(:actor)
|> validate_modification_rights(:status_delete) |> validate_modification_rights(:messages_delete)
|> validate_object_or_user_presence(allowed_types: @deletable_types) |> validate_object_or_user_presence(allowed_types: @deletable_types)
|> add_deleted_activity_id() |> add_deleted_activity_id()
end end

View File

@ -144,7 +144,7 @@ def delete(activity_id, user) do
{:find_activity, Activity.get_by_id(activity_id)}, {:find_activity, Activity.get_by_id(activity_id)},
{_, %Object{} = object, _} <- {_, %Object{} = object, _} <-
{:find_object, Object.normalize(activity, fetch: false), activity}, {:find_object, Object.normalize(activity, fetch: false), activity},
true <- User.privileged?(user, :status_delete) || user.ap_id == object.data["actor"], true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"],
{:ok, delete_data, _} <- Builder.delete(user, object.data["id"]), {:ok, delete_data, _} <- Builder.delete(user, object.data["id"]),
{:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do {:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do
{:ok, delete} {:ok, delete}

View File

@ -65,7 +65,8 @@ def get_notifications(user, params \\ %{}) do
cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end) cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end)
options = options =
if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do if "pleroma:report" not in options.include_types or
User.privileged?(user, :reports_manage_reports) do
options options
else else
options options

View File

@ -402,7 +402,7 @@ defp maybe_put_allow_following_move(data, %User{id: user_id} = user, %User{id: u
defp maybe_put_allow_following_move(data, _, _), do: data defp maybe_put_allow_following_move(data, _, _), do: data
defp maybe_put_activation_status(data, user, user_for) do defp maybe_put_activation_status(data, user, user_for) do
if User.privileged?(user_for, :user_activation), if User.privileged?(user_for, :users_manage_activation_state),
do: Kernel.put_in(data, [:pleroma, :deactivated], !user.is_active), do: Kernel.put_in(data, [:pleroma, :deactivated], !user.is_active),
else: data else: data
end end

View File

@ -107,52 +107,52 @@ defmodule Pleroma.Web.Router do
pipeline :require_privileged_role_user_deletion do pipeline :require_privileged_role_user_deletion do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_deletion) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_delete)
end end
pipeline :require_privileged_role_user_credentials do pipeline :require_privileged_role_user_credentials do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_credentials)
end end
pipeline :require_privileged_role_statuses_read do pipeline :require_privileged_role_statuses_read do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_read)
end end
pipeline :require_privileged_role_user_tag do pipeline :require_privileged_role_user_tag do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_tags)
end end
pipeline :require_privileged_role_user_activation do pipeline :require_privileged_role_user_activation do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_activation_state)
end end
pipeline :require_privileged_role_user_invite do pipeline :require_privileged_role_user_invite do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_invite) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_invites)
end end
pipeline :require_privileged_role_report_handle do pipeline :require_privileged_role_report_handle do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :reports_manage_reports)
end end
pipeline :require_privileged_role_user_read do pipeline :require_privileged_role_user_read do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_read)
end end
pipeline :require_privileged_role_status_delete do pipeline :require_privileged_role_status_delete do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_delete)
end end
pipeline :require_privileged_role_emoji_management do pipeline :require_privileged_role_emoji_management do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_management) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_manage_emoji)
end end
pipeline :require_privileged_role_instance_delete do pipeline :require_privileged_role_instance_delete do

View File

@ -41,7 +41,7 @@ test "creates a report notification only for privileged users" do
{:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
{:ok, []} = Notification.create_notifications(activity1) {:ok, []} = Notification.create_notifications(activity1)
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
{:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
{:ok, [notification]} = Notification.create_notifications(activity2) {:ok, [notification]} = Notification.create_notifications(activity2)
@ -50,7 +50,7 @@ test "creates a report notification only for privileged users" do
end end
test "suppresses notifications for own reports" do test "suppresses notifications for own reports" do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
reporting_admin = insert(:user, is_admin: true) reporting_admin = insert(:user, is_admin: true)
reported_user = insert(:user) reported_user = insert(:user)

View File

@ -1995,9 +1995,9 @@ test "returns true when the account is unconfirmed and confirmation is required
assert User.visible_for(user, other_user) == :visible assert User.visible_for(user, other_user) == :visible
end end
test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :users_manage_activation_state, confirmation required)" do
clear_config([:instance, :account_activation_required], true) clear_config([:instance, :account_activation_required], true)
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user = insert(:user, local: true, is_confirmed: false) user = insert(:user, local: true, is_confirmed: false)
other_user = insert(:user, local: true, is_admin: true) other_user = insert(:user, local: true, is_admin: true)

View File

@ -92,7 +92,7 @@ test "it's invalid if the actor of the object and the actor of delete are from d
test "it's only valid if the actor of the object is a privileged local user", test "it's only valid if the actor of the object is a privileged local user",
%{valid_post_delete: valid_post_delete} do %{valid_post_delete: valid_post_delete} do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
user = user =
insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo") insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")

View File

@ -92,7 +92,7 @@ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or bro
describe "PUT /api/pleroma/admin/users/tag" do describe "PUT /api/pleroma/admin/users/tag" do
setup %{conn: conn} do setup %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_tag]) clear_config([:instance, :admin_privileges], [:users_manage_tags])
user1 = insert(:user, %{tags: ["x"]}) user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y"]}) user2 = insert(:user, %{tags: ["y"]})
@ -150,7 +150,7 @@ test "it does not modify tags of not specified users", %{
assert User.get_cached_by_id(user3.id).tags == ["unchanged"] assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
end end
test "it requires privileged role :user_tag", %{conn: conn} do test "it requires privileged role :users_manage_tags", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -164,7 +164,7 @@ test "it requires privileged role :user_tag", %{conn: conn} do
describe "DELETE /api/pleroma/admin/users/tag" do describe "DELETE /api/pleroma/admin/users/tag" do
setup %{conn: conn} do setup %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_tag]) clear_config([:instance, :admin_privileges], [:users_manage_tags])
user1 = insert(:user, %{tags: ["x"]}) user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y", "z"]}) user2 = insert(:user, %{tags: ["y", "z"]})
user3 = insert(:user, %{tags: ["unchanged"]}) user3 = insert(:user, %{tags: ["unchanged"]})
@ -221,7 +221,7 @@ test "it does not modify tags of not specified users", %{
assert User.get_cached_by_id(user3.id).tags == ["unchanged"] assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
end end
test "it requires privileged role :user_tag", %{conn: conn} do test "it requires privileged role :users_manage_tags", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -324,7 +324,7 @@ test "/:right DELETE, can remove from a permission group (multiple)", %{
describe "/api/pleroma/admin/users/:nickname/password_reset" do describe "/api/pleroma/admin/users/:nickname/password_reset" do
test "it returns a password reset link", %{conn: conn} do test "it returns a password reset link", %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_credentials]) clear_config([:instance, :admin_privileges], [:users_manage_credentials])
user = insert(:user) user = insert(:user)
@ -338,7 +338,7 @@ test "it returns a password reset link", %{conn: conn} do
assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"])
end end
test "it requires privileged role :user_credentials", %{conn: conn} do test "it requires privileged role :users_manage_credentials", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -410,7 +410,7 @@ test "need_reboot flag", %{conn: conn} do
describe "GET /api/pleroma/admin/users/:nickname/statuses" do describe "GET /api/pleroma/admin/users/:nickname/statuses" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user) user = insert(:user)
@ -428,7 +428,7 @@ test "renders user's statuses", %{conn: conn, user: user} do
assert length(activities) == 3 assert length(activities) == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do test "it requires privileged role :messages_read", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses") conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
@ -497,7 +497,7 @@ test "excludes reblogs by default", %{conn: conn, user: user} do
describe "GET /api/pleroma/admin/users/:nickname/chats" do describe "GET /api/pleroma/admin/users/:nickname/chats" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user) user = insert(:user)
@ -516,7 +516,7 @@ test "renders user's chats", %{conn: conn, user: user} do
assert json_response(conn, 200) |> length() == 3 assert json_response(conn, 200) |> length() == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do test "it requires privileged role :messages_read", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
@ -811,7 +811,7 @@ test "returns 403 if requested by a non-admin" do
end end
test "changes password and email", %{conn: conn, admin: admin, user: user} do test "changes password and email", %{conn: conn, admin: admin, user: user} do
clear_config([:instance, :admin_privileges], [:user_credentials]) clear_config([:instance, :admin_privileges], [:users_manage_credentials])
assert user.password_reset_pending == false assert user.password_reset_pending == false
@ -855,7 +855,7 @@ test "returns 403 if requested by a non-admin", %{user: user} do
assert json_response(conn, :forbidden) assert json_response(conn, :forbidden)
end end
test "returns 403 if not privileged with :user_credentials", %{conn: conn, user: user} do test "returns 403 if not privileged with :users_manage_credentials", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -1085,7 +1085,7 @@ test "it doesn't limit admins", %{conn: conn} do
describe "POST /api/v1/pleroma/admin/reload_emoji" do describe "POST /api/v1/pleroma/admin/reload_emoji" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
admin = insert(:user, is_admin: true) admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin) token = insert(:oauth_admin_token, user: admin)
@ -1098,7 +1098,7 @@ test "it doesn't limit admins", %{conn: conn} do
{:ok, %{conn: conn, admin: admin}} {:ok, %{conn: conn, admin: admin}}
end end
test "it requires privileged role :emoji_management", %{conn: conn} do test "it requires privileged role :emoji_manage_emoji", %{conn: conn} do
assert conn assert conn
|> post("/api/v1/pleroma/admin/reload_emoji") |> post("/api/v1/pleroma/admin/reload_emoji")
|> json_response(200) |> json_response(200)

View File

@ -28,7 +28,7 @@ defp admin_setup do
describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
admin_setup() admin_setup()
end end
@ -64,7 +64,7 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do
assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -76,7 +76,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do
describe "GET /api/pleroma/admin/chats/:id/messages" do describe "GET /api/pleroma/admin/chats/:id/messages" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
admin_setup() admin_setup()
end end
@ -130,7 +130,7 @@ test "it returns the messages for a given chat", %{conn: conn} do
assert length(result) == 3 assert length(result) == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/chats/some_id/messages") conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")
@ -141,7 +141,7 @@ test "it requires privileged role :statuses_read", %{conn: conn} do
describe "GET /api/pleroma/admin/chats/:id" do describe "GET /api/pleroma/admin/chats/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
admin_setup() admin_setup()
end end
@ -162,7 +162,7 @@ test "it returns a chat", %{conn: conn} do
refute result["account"] refute result["account"]
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/chats/some_id") conn = get(conn, "/api/pleroma/admin/chats/some_id")

View File

@ -31,7 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
end end
test "GET /instances/:instance/statuses", %{conn: conn} do test "GET /instances/:instance/statuses", %{conn: conn} do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
insert_pair(:note_activity, user: user) insert_pair(:note_activity, user: user)

View File

@ -26,10 +26,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
setup do setup do
clear_config([:instance, :registrations_open], false) clear_config([:instance, :registrations_open], false)
clear_config([:instance, :invites_enabled], true) clear_config([:instance, :invites_enabled], true)
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -134,7 +134,7 @@ test "email with +", %{conn: conn, admin: admin} do
setup do setup do
clear_config([:instance, :registrations_open]) clear_config([:instance, :registrations_open])
clear_config([:instance, :invites_enabled]) clear_config([:instance, :invites_enabled])
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
@ -178,10 +178,10 @@ test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
describe "POST /api/pleroma/admin/users/invite_token" do describe "POST /api/pleroma/admin/users/invite_token" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -257,10 +257,10 @@ test "with max use and expires_at", %{conn: conn} do
describe "GET /api/pleroma/admin/users/invites" do describe "GET /api/pleroma/admin/users/invites" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/invites") conn = get(conn, "/api/pleroma/admin/users/invites")
@ -297,10 +297,10 @@ test "with invite", %{conn: conn} do
describe "POST /api/pleroma/admin/users/revoke_invite" do describe "POST /api/pleroma/admin/users/revoke_invite" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =

View File

@ -27,10 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
describe "GET /api/pleroma/admin/reports/:id" do describe "GET /api/pleroma/admin/reports/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn} do test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -77,7 +77,7 @@ test "returns 404 when report id is invalid", %{conn: conn} do
describe "PATCH /api/pleroma/admin/reports" do describe "PATCH /api/pleroma/admin/reports" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
[reporter, target_user] = insert_pair(:user) [reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user) activity = insert(:note_activity, user: target_user)
@ -102,7 +102,11 @@ test "returns 404 when report id is invalid", %{conn: conn} do
} }
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn, id: id, admin: admin} do test "returns 403 if not privileged with :reports_manage_reports", %{
conn: conn,
id: id,
admin: admin
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -240,10 +244,10 @@ test "updates state of multiple reports", %{
describe "GET /api/pleroma/admin/reports" do describe "GET /api/pleroma/admin/reports" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn} do test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -361,7 +365,7 @@ test "returns 403 when requested by anonymous" do
describe "POST /api/pleroma/admin/reports/:id/notes" do describe "POST /api/pleroma/admin/reports/:id/notes" do
setup %{conn: conn, admin: admin} do setup %{conn: conn, admin: admin} do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
[reporter, target_user] = insert_pair(:user) [reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user) activity = insert(:note_activity, user: target_user)
@ -391,7 +395,10 @@ test "returns 403 when requested by anonymous" do
} }
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn, report_id: report_id} do test "returns 403 if not privileged with :reports_manage_reports", %{
conn: conn,
report_id: report_id
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
post_conn = post_conn =

View File

@ -27,7 +27,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
describe "GET /api/pleroma/admin/statuses/:id" do describe "GET /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
end end
test "not found", %{conn: conn} do test "not found", %{conn: conn} do
@ -64,7 +64,7 @@ test "denies reading activity when not privileged", %{conn: conn} do
describe "PUT /api/pleroma/admin/statuses/:id" do describe "PUT /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -134,7 +134,7 @@ test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
json_response_and_validate_schema(conn, :bad_request) json_response_and_validate_schema(conn, :bad_request)
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -146,7 +146,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do
describe "DELETE /api/pleroma/admin/statuses/:id" do describe "DELETE /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -171,7 +171,7 @@ test "returns 404 when the status does not exist", %{conn: conn} do
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -183,7 +183,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do
describe "GET /api/pleroma/admin/statuses" do describe "GET /api/pleroma/admin/statuses" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
end end
test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
@ -232,7 +232,7 @@ test "returns private and direct statuses with godmode on", %{conn: conn, admin:
assert json_response_and_validate_schema(conn, 200) |> length() == 3 assert json_response_and_validate_schema(conn, 200) |> length() == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/statuses") conn = get(conn, "/api/pleroma/admin/statuses")

View File

@ -38,7 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "with valid `admin_token` query parameter, skips OAuth scopes check" do test "with valid `admin_token` query parameter, skips OAuth scopes check" do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
clear_config([:admin_token], "password123") clear_config([:admin_token], "password123")
user = insert(:user) user = insert(:user)
@ -51,7 +51,7 @@ test "with valid `admin_token` query parameter, skips OAuth scopes check" do
describe "DELETE /api/pleroma/admin/users" do describe "DELETE /api/pleroma/admin/users" do
test "single user", %{admin: admin, conn: conn} do test "single user", %{admin: admin, conn: conn} do
clear_config([:instance, :federating], true) clear_config([:instance, :federating], true)
clear_config([:instance, :admin_privileges], [:user_deletion]) clear_config([:instance, :admin_privileges], [:users_delete])
user = user =
insert(:user, insert(:user,
@ -107,7 +107,7 @@ test "single user", %{admin: admin, conn: conn} do
end end
test "multiple users", %{admin: admin, conn: conn} do test "multiple users", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_deletion]) clear_config([:instance, :admin_privileges], [:users_delete])
user_one = insert(:user) user_one = insert(:user)
user_two = insert(:user) user_two = insert(:user)
@ -280,10 +280,10 @@ test "Multiple user creation works in transaction", %{conn: conn} do
describe "GET /api/pleroma/admin/users/:nickname" do describe "GET /api/pleroma/admin/users/:nickname" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
end end
test "returns 403 if not privileged with :user_read", %{conn: conn} do test "returns 403 if not privileged with :users_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/user.nickname") conn = get(conn, "/api/pleroma/admin/users/user.nickname")
@ -406,10 +406,10 @@ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do
describe "GET /api/pleroma/admin/users" do describe "GET /api/pleroma/admin/users" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
end end
test "returns 403 if not privileged with :user_read", %{conn: conn} do test "returns 403 if not privileged with :users_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users?page=1") conn = get(conn, "/api/pleroma/admin/users?page=1")
@ -850,7 +850,7 @@ test "it omits relay user", %{admin: admin, conn: conn} do
end end
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
user_one = insert(:user, is_approved: false) user_one = insert(:user, is_approved: false)
user_two = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false)
@ -872,7 +872,7 @@ test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
"@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
end end
test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :user_invite", test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites",
%{conn: conn} do %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
@ -939,7 +939,7 @@ test "PATCH /api/pleroma/admin/users/unsuggest", %{admin: admin, conn: conn} do
describe "user activation" do describe "user activation" do
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user_one = insert(:user, is_active: false) user_one = insert(:user, is_active: false)
user_two = insert(:user, is_active: false) user_two = insert(:user, is_active: false)
@ -962,7 +962,7 @@ test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
end end
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user_one = insert(:user, is_active: true) user_one = insert(:user, is_active: true)
user_two = insert(:user, is_active: true) user_two = insert(:user, is_active: true)
@ -985,7 +985,7 @@ test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
end end
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user = insert(:user) user = insert(:user)

View File

@ -332,7 +332,7 @@ test "it does not allow a user to delete posts from another user" do
end end
test "it allows privileged users to delete other user's posts" do test "it allows privileged users to delete other user's posts" do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
user = insert(:user) user = insert(:user)
moderator = insert(:user, is_moderator: true) moderator = insert(:user, is_moderator: true)
@ -357,7 +357,7 @@ test "it doesn't allow unprivileged mods or admins to delete other user's posts"
end end
test "privileged users deleting non-local posts won't federate the delete" do test "privileged users deleting non-local posts won't federate the delete" do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
# This is the user of the ingested activity # This is the user of the ingested activity
_user = _user =
insert(:user, insert(:user,

View File

@ -74,7 +74,7 @@ test "by default, does not contain pleroma:chat_mention" do
end end
test "by default, does not contain pleroma:report" do test "by default, does not contain pleroma:report" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)
@ -105,7 +105,7 @@ test "by default, does not contain pleroma:report" do
end end
test "Pleroma:report is hidden for non-privileged users" do test "Pleroma:report is hidden for non-privileged users" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)

View File

@ -969,7 +969,7 @@ test "when you didn't create it" do
end end
test "when you're privileged to", %{conn: conn} do test "when you're privileged to", %{conn: conn} do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
moderator = insert(:user, is_moderator: true) moderator = insert(:user, is_moderator: true)

View File

@ -358,7 +358,7 @@ test "Represent a Funkwhale channel" do
end end
test "Represent a deactivated user for a privileged user" do test "Represent a deactivated user for a privileged user" do
clear_config([:instance, :moderator_privileges], [:user_activation]) clear_config([:instance, :moderator_privileges], [:users_manage_activation_state])
admin = insert(:user, is_moderator: true) admin = insert(:user, is_moderator: true)
deactivated_user = insert(:user, is_active: false) deactivated_user = insert(:user, is_active: false)

View File

@ -218,7 +218,7 @@ test "Poll notification" do
end end
test "Report notification" do test "Report notification" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
reporting_user = insert(:user) reporting_user = insert(:user)
reported_user = insert(:user) reported_user = insert(:user)

View File

@ -30,7 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -379,7 +379,7 @@ test "update with empty shortcode", %{admin_conn: admin_conn} do
|> json_response_and_validate_schema(:bad_request) |> json_response_and_validate_schema(:bad_request)
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn

View File

@ -100,7 +100,7 @@ test "GET /api/pleroma/emoji/packs", %{conn: conn} do
describe "GET /api/pleroma/emoji/packs/remote" do describe "GET /api/pleroma/emoji/packs/remote" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "shareable instance", %{admin_conn: admin_conn, conn: conn} do test "shareable instance", %{admin_conn: admin_conn, conn: conn} do
@ -141,7 +141,7 @@ test "non shareable instance", %{admin_conn: admin_conn} do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn
@ -183,7 +183,7 @@ test "non downloadable pack", %{conn: conn} do
describe "POST /api/pleroma/emoji/packs/download" do describe "POST /api/pleroma/emoji/packs/download" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "shared pack from remote and non shared from fallback-src", %{ test "shared pack from remote and non shared from fallback-src", %{
@ -361,7 +361,7 @@ test "other error", %{admin_conn: admin_conn} do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -377,7 +377,7 @@ test "it requires privileged role :emoji_management", %{admin_conn: conn} do
describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -466,7 +466,10 @@ test "when the fallback source doesn't have all the files", ctx do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do test "it requires privileged role :emoji_manage_emoji", %{
admin_conn: conn,
new_data: new_data
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -478,7 +481,7 @@ test "it requires privileged role :emoji_management", %{admin_conn: conn, new_da
describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "returns an error on creates pack when file system not writable", %{ test "returns an error on creates pack when file system not writable", %{
@ -564,7 +567,7 @@ test "with empty name", %{admin_conn: admin_conn} do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn