Commit Graph

14230 Commits

Author SHA1 Message Date
Ilja 6ef38c6523 Improve tests after code review 2022-07-05 08:57:50 +02:00
Ilja 42d4bd3a5d Rename pipelines and add forgotten tags
I renamed some tags before, but forgot to rename the pipelines
I also had some tags which I forgot to add to the config, description, etc.

These have now been done/added
2022-07-02 08:55:14 +02:00
Ilja 15748fd301 Add better explanation in the Cheatsheet about what each tag does 2022-07-02 08:17:22 +02:00
Ilja 51f87ba30c Change order of privilege tags to make more sense
The tags were listed in different places
They were listed in a rather randomly order
I reordered them in a way I think makes more sense
2022-07-02 07:59:46 +02:00
Ilja c0e4b1b3e2 Fix typo's
priviledge |-> privilege
2022-07-02 07:52:39 +02:00
Ilja 0d697bc15a Add docs and CHANGELOG entries 2022-07-01 10:50:32 +02:00
Ilja 37fdf148b0 Rename privilege tags
I first focussed on getting things working
Now that they do and we know what tags there are, I put some thought in providing better names

I use the form <what_it_controls>_<what_it_allows_you_to_do>

:statuses_read    => :messages_read
:status_delete    => :messages_delete

:user_read        => :users_read
:user_deletion    => :users_delete
:user_activation  => :users_manage_activation_state
:user_invite      => :users_manage_invites
:user_tag         => :users_manage_tags
:user_credentials => :users_manage_credentials

:report_handle    => :reports_manage_reports

:emoji_management => :emoji_manage_emoji
2022-07-01 10:28:09 +02:00
Ilja 4e4eb81749 Add nodes and privileges to nodeinfo
I didn't add it to /api/v1/instance
I was wondering if I should, but since it e.g. also didn't show staff, it felt better not to
2022-06-21 12:10:27 +02:00
Ilja 211e561e2a Show privileges to FE
I added an extra key
We already had is_admin and is_moderator, now we have an extra privileges key
2022-06-21 12:10:27 +02:00
Ilja 143ea7b80a Add deactivated status for privileged users
Deactivated users are only visible to users privileged with :user_activation since fc317f3b17
Here we also make sure the users who are deactivated get the status deactivated for users who are allowed to see these users
2022-06-21 12:10:27 +02:00
Ilja e21ef5aef3 report notifications for privileged users
Instead of `Pleroma.User.all_superusers()` we now use `Pleroma.User.all_superusers(:report_handle)`

I also changed it for sending emails, but there were no tests.
2022-06-21 12:10:27 +02:00
Ilja 34adea8d28 Add Pleroma.User.all_users_with_privilege/1
This should eventually replace the Pleroma.User.all_superusers/0 function

* I added a new param `is_privileged` in User.query
* Now we can fetch all users with a specified privilege
2022-06-21 12:10:27 +02:00
Ilja a1c8aa4721 Remove function superuser?
Everything now happens with privileged?/2
2022-06-21 12:10:27 +02:00
Ilja eab13fed3e Hide pleroma:report for non-privileged users
Before we deleted the notifications, but that was a side effect and didn't always trigger any more.
Now we just hide them when an unprivileged user asks them.
2022-06-21 12:10:27 +02:00
Ilja e45faddb38 Revert "Delete report notifs when demoting from superuser"
This reverts commit 89667189b8 and cdc5bbe836.

This is a side effect when changing user role.
The goal was to not have report notifications when someone isn't admin or moderator any more.
But this won't be triggered when we change the privilege tags for a role, so we can't use this sollution any more.
There was another solution to filter out report notifications during fetch.
It wasn't merged because this seemed 'cleaner' at the time, but now it seems the better sollution.
I'll add it in the next commit.
2022-06-21 12:10:27 +02:00
Ilja edf0013ff3 User.visible_for/2
According to the tests, this was only used for unconfirmed accounts.
So this just needed to be restricted to users with privilege :user_activation
2022-06-21 12:10:27 +02:00
Ilja bb61cfee8d Validator for deleting statusses is now done with priviledge instead of superuser 2022-06-21 12:10:27 +02:00
Ilja 7cf473c500 delete statusses is now privileged by :status_delete
Instead of superusers, you now need a role with privilige :status_delete to delete other users statusses
I also cleaned up some other stuff I saw
2022-06-21 12:10:27 +02:00
Ilja 7adfc2e0f4 Add Pleroma.User.privileged?/2
This should eventually replace Pleroma.User.superuser?/1
2022-06-21 12:10:27 +02:00
Ilja 9da81f41c6 Fix warning during test user_test.exs
Fixed the warning
    [warning] Please change `clear_config([section], key: value)` to `clear_config([section, key], value)`
2022-06-21 12:10:27 +02:00
Ilja c842e62675 Add last priviliges
I still had three endpoints I didn't really know what to do with them. I added them under separate tags
* :instance_delete
* :moderation_log_read
* :stats_read

I also checked and these are the last changes done by MR https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3480/diffs this is trying to fix
2022-06-21 12:10:27 +02:00
Ilja ecd42a2ce1 Add privilige :emoji_management 2022-06-21 12:10:27 +02:00
Ilja 0ee8f33250 Add privilige :status_delete
It also allows to update a message, so it's not just deleting. I need a better name...
2022-06-21 12:10:27 +02:00
Ilja 34a98990db last off :statuses_read
From the endpoints left to do, I believe these should be under :statuses_read.
These should be the last for that privilege for this MR
2022-06-21 12:10:27 +02:00
Ilja 4cb0dbb5dc Mark relevant tests synchronous
One of the things we do during the tests is change the config. But that's global state and different tests were interfering.
E.g. one test would set `clear_config([:instance, :admin_privileges], [:statuses_read])`, but while that runs, another test may
do `clear_config([:instance, :admin_privileges], [:user_invite])`. Now the code for the first test checks the setting, and it
finds `:user_invite` instead of `:statuses_read`.

Now the modules where this happens are marked to run synchronously, so they don't interfere with each other.
2022-06-21 12:10:27 +02:00
Ilja cbb26262a5 Add privileges for :user_read 2022-06-21 12:10:27 +02:00
Ilja 3f26f1b30f Add privileges for :report_handle 2022-06-21 12:10:27 +02:00
Ilja 14e697a64f Add privileges for :user_invite 2022-06-21 12:10:27 +02:00
Ilja e102d25d23 Add privileges for :user_activation 2022-06-21 12:10:27 +02:00
Ilja cb60cc4e02 Add privileges for :user_tag 2022-06-21 12:10:27 +02:00
Ilja 5a65e2dac5 Remove privileged_staff
Everything that was done through this setting, can now be set by giving the proper privileges to the roles.
2022-06-21 12:10:27 +02:00
Ilja b1ff5241c2 Add priviledges for :statuses_read
This was the last in :require_privileged_staff. I'll remove that in the next commit
2022-06-21 12:10:27 +02:00
Ilja 8a9144ca8b Add priviledges for :user_credentials
I only moved the ones from the :require_privileged_staff block for now
2022-06-21 12:10:27 +02:00
Ilja 9f6c364759 Add privilege :user_deletion 2022-06-21 12:10:27 +02:00
Ilja 5b19543f0a Add new setting and Plug to allow for privilege settings for staff 2022-06-21 12:10:26 +02:00
Haelwenn 7466136ad3 Merge branch 'lewdthewides-develop-patch-48691' into 'develop'
Instruct users to run 'git pull' as the pleroma user

See merge request pleroma/pleroma!3667
2022-05-22 17:09:54 +00:00
lain bdca5f5d68 Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'
StealEmojiPolicy: fix String rejected_shortcodes

See merge request pleroma/pleroma!3673
2022-05-19 08:55:39 +00:00
Hélène a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
lewdthewides 7977dd6ac7 Instruct users to run 'git pull' as the pleroma user 2022-05-12 16:02:58 +00:00
Haelwenn 4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Haelwenn 214ef7ff73 Merge branch 'security/2.4.3-develop' into 'develop'
Merge back 2.4.3

See merge request pleroma/pleroma!3663
2022-05-06 08:27:03 +00:00
Haelwenn (lanodan) Monnier f9943b2065 mix: Bump to 2.4.52 for 2.4.3 mergeback 2022-05-06 10:23:43 +02:00
Tusooa Zhu 57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Ilja c3b2b71ea2 update sweet_xml [Security] 2022-05-06 10:23:25 +02:00
Haelwenn 8517bc18aa Merge branch 'from/upstream-develop/tusooa/fix-en-fallback' into 'develop'
Fix incorrect fallback when English is set to first language

See merge request pleroma/pleroma!3656
2022-04-18 03:31:44 +00:00
Tusooa Zhu be08d9305b
Fix incorrect fallback when English is set to first language 2022-04-17 22:39:52 -04:00
Haelwenn a5d7e98de0 Merge branch 'fix_eratic_test_for_report_notes' into 'develop'
Fix eratic test for POST /api/pleroma/admin/reports/:id/notes

See merge request pleroma/pleroma!3653
2022-04-05 12:11:53 +00:00
Ilja 5f37db330f Fix eratic test for POST /api/pleroma/admin/reports/:id/notes
It retrieved two ReportNotes and then checked one of them. But the order isn't guaranteed, while the test tested on the content of the first ReportNote.

I made the test on the content more generic
2022-04-05 13:21:09 +02:00