From 37fdf148b0963b62ab746a8ece2aacf893ba8934 Mon Sep 17 00:00:00 2001 From: Ilja Date: Fri, 1 Jul 2022 09:54:05 +0200 Subject: [PATCH] Rename privilege tags I first focussed on getting things working Now that they do and we know what tags there are, I put some thought in providing better names I use the form _ :statuses_read => :messages_read :status_delete => :messages_delete :user_read => :users_read :user_deletion => :users_delete :user_activation => :users_manage_activation_state :user_invite => :users_manage_invites :user_tag => :users_manage_tags :user_credentials => :users_manage_credentials :report_handle => :reports_manage_reports :emoji_management => :emoji_manage_emoji --- config/config.exs | 20 +++++----- config/description.exs | 40 +++++++++---------- lib/pleroma/notification.ex | 3 +- lib/pleroma/user.ex | 2 +- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- .../object_validators/delete_validator.ex | 2 +- lib/pleroma/web/common_api.ex | 2 +- lib/pleroma/web/mastodon_api/mastodon_api.ex | 3 +- .../web/mastodon_api/views/account_view.ex | 2 +- lib/pleroma/web/router.ex | 20 +++++----- test/pleroma/notification_test.exs | 4 +- test/pleroma/user_test.exs | 4 +- .../delete_validation_test.exs | 2 +- .../controllers/admin_api_controller_test.exs | 28 ++++++------- .../controllers/chat_controller_test.exs | 12 +++--- .../controllers/instance_controller_test.exs | 2 +- .../controllers/invite_controller_test.exs | 18 ++++----- .../controllers/report_controller_test.exs | 23 +++++++---- .../controllers/status_controller_test.exs | 14 +++---- .../controllers/user_controller_test.exs | 24 +++++------ test/pleroma/web/common_api_test.exs | 4 +- .../notification_controller_test.exs | 4 +- .../controllers/status_controller_test.exs | 2 +- .../mastodon_api/views/account_view_test.exs | 2 +- .../views/notification_view_test.exs | 2 +- .../emoji_file_controller_test.exs | 4 +- .../emoji_pack_controller_test.exs | 19 +++++---- 27 files changed, 138 insertions(+), 126 deletions(-) diff --git a/config/config.exs b/config/config.exs index 263299e4d..935d4fc98 100644 --- a/config/config.exs +++ b/config/config.exs @@ -257,16 +257,16 @@ password_reset_token_validity: 60 * 60 * 24, profile_directory: true, admin_privileges: [ - :user_deletion, - :user_credentials, - :statuses_read, - :user_tag, - :user_activation, - :user_invite, - :report_handle, - :user_read, - :status_delete, - :emoji_management + :users_delete, + :users_manage_credentials, + :messages_read, + :users_manage_tags, + :users_manage_activation_state, + :users_manage_invites, + :reports_manage_reports, + :users_read, + :messages_delete, + :emoji_manage_emoji ], moderator_privileges: [], max_endorsed_users: 20, diff --git a/config/description.exs b/config/description.exs index 9f595fae0..e5a49139e 100644 --- a/config/description.exs +++ b/config/description.exs @@ -964,16 +964,16 @@ key: :admin_privileges, type: {:list, :atom}, suggestions: [ - :user_deletion, - :user_credentials, - :statuses_read, - :user_tag, - :user_activation, - :user_invite, - :report_handle, - :user_read, - :status_delete, - :emoji_management + :users_delete, + :users_manage_credentials, + :messages_read, + :users_manage_tags, + :users_manage_activation_state, + :users_manage_invites, + :reports_manage_reports, + :users_read, + :messages_delete, + :emoji_manage_emoji ], description: "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" @@ -982,16 +982,16 @@ key: :moderator_privileges, type: {:list, :atom}, suggestions: [ - :user_deletion, - :user_credentials, - :statuses_read, - :user_tag, - :user_activation, - :user_invite, - :report_handle, - :user_read, - :status_delete, - :emoji_management + :users_delete, + :users_manage_credentials, + :messages_read, + :users_manage_tags, + :users_manage_activation_state, + :users_manage_invites, + :reports_manage_reports, + :users_read, + :messages_delete, + :emoji_manage_emoji ], description: "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index 9a3ffc0c2..cfc4bfca3 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -542,7 +542,8 @@ def get_potential_receiver_ap_ids(%{data: %{"type" => "Follow", "object" => obje end def get_potential_receiver_ap_ids(%{data: %{"type" => "Flag", "actor" => actor}}) do - (User.all_users_with_privilege(:report_handle) |> Enum.map(fn user -> user.ap_id end)) -- + (User.all_users_with_privilege(:reports_manage_reports) + |> Enum.map(fn user -> user.ap_id end)) -- [actor] end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index fb2fade42..11c4d0684 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -326,7 +326,7 @@ def visible_for(%User{} = user, nil) do end def visible_for(%User{} = user, for_user) do - if privileged?(for_user, :user_activation) do + if privileged?(for_user, :users_manage_activation_state) do :visible else visible_account_status(user) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 68cd818b9..06c894efd 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -392,7 +392,7 @@ defp do_flag( _ <- notify_and_stream(activity), :ok <- maybe_federate(stripped_activity) do - User.all_users_with_privilege(:report_handle) + User.all_users_with_privilege(:reports_manage_reports) |> Enum.filter(fn user -> user.ap_id != actor end) |> Enum.filter(fn user -> not is_nil(user.email) end) |> Enum.each(fn privileged_user -> diff --git a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex index 6e4208167..4d8502ada 100644 --- a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex @@ -61,7 +61,7 @@ defp validate_data(cng) do |> validate_required([:id, :type, :actor, :to, :cc, :object]) |> validate_inclusion(:type, ["Delete"]) |> validate_delete_actor(:actor) - |> validate_modification_rights(:status_delete) + |> validate_modification_rights(:messages_delete) |> validate_object_or_user_presence(allowed_types: @deletable_types) |> add_deleted_activity_id() end diff --git a/lib/pleroma/web/common_api.ex b/lib/pleroma/web/common_api.ex index ce1d5a7cc..4ac5df63f 100644 --- a/lib/pleroma/web/common_api.ex +++ b/lib/pleroma/web/common_api.ex @@ -144,7 +144,7 @@ def delete(activity_id, user) do {:find_activity, Activity.get_by_id(activity_id)}, {_, %Object{} = object, _} <- {:find_object, Object.normalize(activity, fetch: false), activity}, - true <- User.privileged?(user, :status_delete) || user.ap_id == object.data["actor"], + true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"], {:ok, delete_data, _} <- Builder.delete(user, object.data["id"]), {:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do {:ok, delete} diff --git a/lib/pleroma/web/mastodon_api/mastodon_api.ex b/lib/pleroma/web/mastodon_api/mastodon_api.ex index 21ee5f0d4..932e5d4eb 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api.ex @@ -65,7 +65,8 @@ def get_notifications(user, params \\ %{}) do cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end) options = - if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do + if "pleroma:report" not in options.include_types or + User.privileged?(user, :reports_manage_reports) do options else options diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index a28ad9d85..34b34dc19 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -402,7 +402,7 @@ defp maybe_put_allow_following_move(data, %User{id: user_id} = user, %User{id: u defp maybe_put_allow_following_move(data, _, _), do: data defp maybe_put_activation_status(data, user, user_for) do - if User.privileged?(user_for, :user_activation), + if User.privileged?(user_for, :users_manage_activation_state), do: Kernel.put_in(data, [:pleroma, :deactivated], !user.is_active), else: data end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index f680c8353..cbb5ca55f 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -107,52 +107,52 @@ defmodule Pleroma.Web.Router do pipeline :require_privileged_role_user_deletion do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_deletion) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_delete) end pipeline :require_privileged_role_user_credentials do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_credentials) end pipeline :require_privileged_role_statuses_read do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_read) end pipeline :require_privileged_role_user_tag do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_tags) end pipeline :require_privileged_role_user_activation do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_activation_state) end pipeline :require_privileged_role_user_invite do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_invite) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_invites) end pipeline :require_privileged_role_report_handle do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :reports_manage_reports) end pipeline :require_privileged_role_user_read do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_read) end pipeline :require_privileged_role_status_delete do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_delete) end pipeline :require_privileged_role_emoji_management do plug(:admin_api) - plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_management) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_manage_emoji) end pipeline :require_privileged_role_instance_delete do diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index e1f4b1771..d0f34113b 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -41,7 +41,7 @@ test "creates a report notification only for privileged users" do {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, []} = Notification.create_notifications(activity1) - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, [notification]} = Notification.create_notifications(activity2) @@ -50,7 +50,7 @@ test "creates a report notification only for privileged users" do end test "suppresses notifications for own reports" do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) reporting_admin = insert(:user, is_admin: true) reported_user = insert(:user) diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 477553fe5..98e00cecb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1995,9 +1995,9 @@ test "returns true when the account is unconfirmed and confirmation is required assert User.visible_for(user, other_user) == :visible end - test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do + test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :users_manage_activation_state, confirmation required)" do clear_config([:instance, :account_activation_required], true) - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user = insert(:user, local: true, is_confirmed: false) other_user = insert(:user, local: true, is_admin: true) diff --git a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs index ba137604b..bbb31516c 100644 --- a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs +++ b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs @@ -92,7 +92,7 @@ test "it's invalid if the actor of the object and the actor of delete are from d test "it's only valid if the actor of the object is a privileged local user", %{valid_post_delete: valid_post_delete} do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) user = insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo") diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 180f6c83f..34ec28012 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -92,7 +92,7 @@ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or bro describe "PUT /api/pleroma/admin/users/tag" do setup %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_tag]) + clear_config([:instance, :admin_privileges], [:users_manage_tags]) user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y"]}) @@ -150,7 +150,7 @@ test "it does not modify tags of not specified users", %{ assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end - test "it requires privileged role :user_tag", %{conn: conn} do + test "it requires privileged role :users_manage_tags", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -164,7 +164,7 @@ test "it requires privileged role :user_tag", %{conn: conn} do describe "DELETE /api/pleroma/admin/users/tag" do setup %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_tag]) + clear_config([:instance, :admin_privileges], [:users_manage_tags]) user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y", "z"]}) user3 = insert(:user, %{tags: ["unchanged"]}) @@ -221,7 +221,7 @@ test "it does not modify tags of not specified users", %{ assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end - test "it requires privileged role :user_tag", %{conn: conn} do + test "it requires privileged role :users_manage_tags", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -324,7 +324,7 @@ test "/:right DELETE, can remove from a permission group (multiple)", %{ describe "/api/pleroma/admin/users/:nickname/password_reset" do test "it returns a password reset link", %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_credentials]) + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) user = insert(:user) @@ -338,7 +338,7 @@ test "it returns a password reset link", %{conn: conn} do assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) end - test "it requires privileged role :user_credentials", %{conn: conn} do + test "it requires privileged role :users_manage_credentials", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -410,7 +410,7 @@ test "need_reboot flag", %{conn: conn} do describe "GET /api/pleroma/admin/users/:nickname/statuses" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user) @@ -428,7 +428,7 @@ test "renders user's statuses", %{conn: conn, user: user} do assert length(activities) == 3 end - test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + test "it requires privileged role :messages_read", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses") @@ -497,7 +497,7 @@ test "excludes reblogs by default", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user) @@ -516,7 +516,7 @@ test "renders user's chats", %{conn: conn, user: user} do assert json_response(conn, 200) |> length() == 3 end - test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + test "it requires privileged role :messages_read", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") @@ -811,7 +811,7 @@ test "returns 403 if requested by a non-admin" do end test "changes password and email", %{conn: conn, admin: admin, user: user} do - clear_config([:instance, :admin_privileges], [:user_credentials]) + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) assert user.password_reset_pending == false @@ -855,7 +855,7 @@ test "returns 403 if requested by a non-admin", %{user: user} do assert json_response(conn, :forbidden) end - test "returns 403 if not privileged with :user_credentials", %{conn: conn, user: user} do + test "returns 403 if not privileged with :users_manage_credentials", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = @@ -1085,7 +1085,7 @@ test "it doesn't limit admins", %{conn: conn} do describe "POST /api/v1/pleroma/admin/reload_emoji" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) admin = insert(:user, is_admin: true) token = insert(:oauth_admin_token, user: admin) @@ -1098,7 +1098,7 @@ test "it doesn't limit admins", %{conn: conn} do {:ok, %{conn: conn, admin: admin}} end - test "it requires privileged role :emoji_management", %{conn: conn} do + test "it requires privileged role :emoji_manage_emoji", %{conn: conn} do assert conn |> post("/api/v1/pleroma/admin/reload_emoji") |> json_response(200) diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs index e080cd225..aa47b74e8 100644 --- a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs @@ -28,7 +28,7 @@ defp admin_setup do describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) admin_setup() end @@ -64,7 +64,7 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -76,7 +76,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do describe "GET /api/pleroma/admin/chats/:id/messages" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) admin_setup() end @@ -130,7 +130,7 @@ test "it returns the messages for a given chat", %{conn: conn} do assert length(result) == 3 end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/chats/some_id/messages") @@ -141,7 +141,7 @@ test "it requires privileged role :statuses_read", %{conn: conn} do describe "GET /api/pleroma/admin/chats/:id" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) admin_setup() end @@ -162,7 +162,7 @@ test "it returns a chat", %{conn: conn} do refute result["account"] end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/chats/some_id") diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index e75222f99..47af8e7d9 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -31,7 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do end test "GET /instances/:instance/statuses", %{conn: conn} do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") insert_pair(:note_activity, user: user) diff --git a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs index b8c812acc..8051cb2e9 100644 --- a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs @@ -26,10 +26,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do setup do clear_config([:instance, :registrations_open], false) clear_config([:instance, :invites_enabled], true) - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -134,7 +134,7 @@ test "email with +", %{conn: conn, admin: admin} do setup do clear_config([:instance, :registrations_open]) clear_config([:instance, :invites_enabled]) - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do @@ -178,10 +178,10 @@ test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do describe "POST /api/pleroma/admin/users/invite_token" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -257,10 +257,10 @@ test "with max use and expires_at", %{conn: conn} do describe "GET /api/pleroma/admin/users/invites" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/invites") @@ -297,10 +297,10 @@ test "with invite", %{conn: conn} do describe "POST /api/pleroma/admin/users/revoke_invite" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index 42b5000fc..b155cf01a 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -27,10 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "GET /api/pleroma/admin/reports/:id" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) end - test "returns 403 if not privileged with :report_handle", %{conn: conn} do + test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -77,7 +77,7 @@ test "returns 404 when report id is invalid", %{conn: conn} do describe "PATCH /api/pleroma/admin/reports" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -102,7 +102,11 @@ test "returns 404 when report id is invalid", %{conn: conn} do } end - test "returns 403 if not privileged with :report_handle", %{conn: conn, id: id, admin: admin} do + test "returns 403 if not privileged with :reports_manage_reports", %{ + conn: conn, + id: id, + admin: admin + } do clear_config([:instance, :admin_privileges], []) conn = @@ -240,10 +244,10 @@ test "updates state of multiple reports", %{ describe "GET /api/pleroma/admin/reports" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) end - test "returns 403 if not privileged with :report_handle", %{conn: conn} do + test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -361,7 +365,7 @@ test "returns 403 when requested by anonymous" do describe "POST /api/pleroma/admin/reports/:id/notes" do setup %{conn: conn, admin: admin} do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -391,7 +395,10 @@ test "returns 403 when requested by anonymous" do } end - test "returns 403 if not privileged with :report_handle", %{conn: conn, report_id: report_id} do + test "returns 403 if not privileged with :reports_manage_reports", %{ + conn: conn, + report_id: report_id + } do clear_config([:instance, :admin_privileges], []) post_conn = diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index 2daf6a50d..8908a2812 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -27,7 +27,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "GET /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) end test "not found", %{conn: conn} do @@ -64,7 +64,7 @@ test "denies reading activity when not privileged", %{conn: conn} do describe "PUT /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -134,7 +134,7 @@ test "returns 400 when visibility is unknown", %{conn: conn, id: id} do json_response_and_validate_schema(conn, :bad_request) end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -146,7 +146,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do describe "DELETE /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -171,7 +171,7 @@ test "returns 404 when the status does not exist", %{conn: conn} do assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -183,7 +183,7 @@ test "it requires privileged role :status_delete", %{conn: conn} do describe "GET /api/pleroma/admin/statuses" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) end test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do @@ -232,7 +232,7 @@ test "returns private and direct statuses with godmode on", %{conn: conn, admin: assert json_response_and_validate_schema(conn, 200) |> length() == 3 end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/statuses") diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index 01bee08d1..bb9dcb4aa 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -38,7 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "with valid `admin_token` query parameter, skips OAuth scopes check" do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) clear_config([:admin_token], "password123") user = insert(:user) @@ -51,7 +51,7 @@ test "with valid `admin_token` query parameter, skips OAuth scopes check" do describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) - clear_config([:instance, :admin_privileges], [:user_deletion]) + clear_config([:instance, :admin_privileges], [:users_delete]) user = insert(:user, @@ -107,7 +107,7 @@ test "single user", %{admin: admin, conn: conn} do end test "multiple users", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_deletion]) + clear_config([:instance, :admin_privileges], [:users_delete]) user_one = insert(:user) user_two = insert(:user) @@ -280,10 +280,10 @@ test "Multiple user creation works in transaction", %{conn: conn} do describe "GET /api/pleroma/admin/users/:nickname" do setup do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) end - test "returns 403 if not privileged with :user_read", %{conn: conn} do + test "returns 403 if not privileged with :users_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/user.nickname") @@ -406,10 +406,10 @@ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do describe "GET /api/pleroma/admin/users" do setup do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) end - test "returns 403 if not privileged with :user_read", %{conn: conn} do + test "returns 403 if not privileged with :users_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users?page=1") @@ -850,7 +850,7 @@ test "it omits relay user", %{admin: admin, conn: conn} do end test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) user_one = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false) @@ -872,7 +872,7 @@ test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" end - test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :user_invite", + test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) @@ -939,7 +939,7 @@ test "PATCH /api/pleroma/admin/users/unsuggest", %{admin: admin, conn: conn} do describe "user activation" do test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user_one = insert(:user, is_active: false) user_two = insert(:user, is_active: false) @@ -962,7 +962,7 @@ test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do end test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user_one = insert(:user, is_active: true) user_two = insert(:user, is_active: true) @@ -985,7 +985,7 @@ test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do end test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user = insert(:user) diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 4d960e945..25743daae 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -332,7 +332,7 @@ test "it does not allow a user to delete posts from another user" do end test "it allows privileged users to delete other user's posts" do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) user = insert(:user) moderator = insert(:user, is_moderator: true) @@ -357,7 +357,7 @@ test "it doesn't allow unprivileged mods or admins to delete other user's posts" end test "privileged users deleting non-local posts won't federate the delete" do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) # This is the user of the ingested activity _user = insert(:user, diff --git a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs index e0f1d2ac1..696ac8bd9 100644 --- a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs @@ -74,7 +74,7 @@ test "by default, does not contain pleroma:chat_mention" do end test "by default, does not contain pleroma:report" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) user = insert(:user) other_user = insert(:user) @@ -105,7 +105,7 @@ test "by default, does not contain pleroma:report" do end test "Pleroma:report is hidden for non-privileged users" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) user = insert(:user) other_user = insert(:user) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 4ea92e329..1d2bb3333 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -969,7 +969,7 @@ test "when you didn't create it" do end test "when you're privileged to", %{conn: conn} do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) activity = insert(:note_activity) moderator = insert(:user, is_moderator: true) diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs index ce94ec7e4..675c8409a 100644 --- a/test/pleroma/web/mastodon_api/views/account_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs @@ -358,7 +358,7 @@ test "Represent a Funkwhale channel" do end test "Represent a deactivated user for a privileged user" do - clear_config([:instance, :moderator_privileges], [:user_activation]) + clear_config([:instance, :moderator_privileges], [:users_manage_activation_state]) admin = insert(:user, is_moderator: true) deactivated_user = insert(:user, is_active: false) diff --git a/test/pleroma/web/mastodon_api/views/notification_view_test.exs b/test/pleroma/web/mastodon_api/views/notification_view_test.exs index 76338877e..594378be1 100644 --- a/test/pleroma/web/mastodon_api/views/notification_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/notification_view_test.exs @@ -218,7 +218,7 @@ test "Poll notification" do end test "Report notification" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) reporting_user = insert(:user) reported_user = insert(:user) diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs index e46a363a4..540b452c7 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs @@ -30,7 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -379,7 +379,7 @@ test "update with empty shortcode", %{admin_conn: admin_conn} do |> json_response_and_validate_schema(:bad_request) end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs index 6558767d2..1d5240639 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs @@ -100,7 +100,7 @@ test "GET /api/pleroma/emoji/packs", %{conn: conn} do describe "GET /api/pleroma/emoji/packs/remote" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "shareable instance", %{admin_conn: admin_conn, conn: conn} do @@ -141,7 +141,7 @@ test "non shareable instance", %{admin_conn: admin_conn} do } end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn @@ -183,7 +183,7 @@ test "non downloadable pack", %{conn: conn} do describe "POST /api/pleroma/emoji/packs/download" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "shared pack from remote and non shared from fallback-src", %{ @@ -361,7 +361,7 @@ test "other error", %{admin_conn: admin_conn} do } end - test "it requires privileged role :emoji_management", %{admin_conn: conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -377,7 +377,7 @@ test "it requires privileged role :emoji_management", %{admin_conn: conn} do describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -466,7 +466,10 @@ test "when the fallback source doesn't have all the files", ctx do } end - test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do + test "it requires privileged role :emoji_manage_emoji", %{ + admin_conn: conn, + new_data: new_data + } do clear_config([:instance, :admin_privileges], []) assert conn @@ -478,7 +481,7 @@ test "it requires privileged role :emoji_management", %{admin_conn: conn, new_da describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "returns an error on creates pack when file system not writable", %{ @@ -564,7 +567,7 @@ test "with empty name", %{admin_conn: admin_conn} do } end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn