Merge branch 'staff-plug' into 'develop'
Moderators: add UserIsStaffPlug See merge request pleroma/pleroma!3495
This commit is contained in:
commit
5f5dc24027
|
@ -0,0 +1,23 @@
|
||||||
|
# Pleroma: A lightweight social networking server
|
||||||
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
|
defmodule Pleroma.Web.Plugs.UserIsStaffPlug do
|
||||||
|
import Pleroma.Web.TranslationHelpers
|
||||||
|
import Plug.Conn
|
||||||
|
|
||||||
|
alias Pleroma.User
|
||||||
|
|
||||||
|
def init(options) do
|
||||||
|
options
|
||||||
|
end
|
||||||
|
|
||||||
|
def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
|
||||||
|
def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _), do: conn
|
||||||
|
|
||||||
|
def call(conn, _) do
|
||||||
|
conn
|
||||||
|
|> render_error(:forbidden, "User is not a staff member.")
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
|
@ -96,10 +96,14 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
|
plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
|
||||||
plug(:after_auth)
|
plug(:after_auth)
|
||||||
plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
|
plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
|
||||||
plug(Pleroma.Web.Plugs.UserIsAdminPlug)
|
plug(Pleroma.Web.Plugs.UserIsStaffPlug)
|
||||||
plug(Pleroma.Web.Plugs.IdempotencyPlug)
|
plug(Pleroma.Web.Plugs.IdempotencyPlug)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_admin do
|
||||||
|
plug(Pleroma.Web.Plugs.UserIsAdminPlug)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :mastodon_html do
|
pipeline :mastodon_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
@ -160,7 +164,7 @@ defmodule Pleroma.Web.Router do
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through([:admin_api, :require_admin])
|
||||||
|
|
||||||
put("/users/disable_mfa", AdminAPIController, :disable_mfa)
|
put("/users/disable_mfa", AdminAPIController, :disable_mfa)
|
||||||
put("/users/tag", AdminAPIController, :tag_users)
|
put("/users/tag", AdminAPIController, :tag_users)
|
||||||
|
@ -265,7 +269,7 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
||||||
scope "/pack" do
|
scope "/pack" do
|
||||||
pipe_through(:admin_api)
|
pipe_through([:admin_api, :require_admin])
|
||||||
|
|
||||||
post("/", EmojiPackController, :create)
|
post("/", EmojiPackController, :create)
|
||||||
patch("/", EmojiPackController, :update)
|
patch("/", EmojiPackController, :update)
|
||||||
|
@ -280,7 +284,7 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
# Modifying packs
|
# Modifying packs
|
||||||
scope "/packs" do
|
scope "/packs" do
|
||||||
pipe_through(:admin_api)
|
pipe_through([:admin_api, :require_admin])
|
||||||
|
|
||||||
get("/import", EmojiPackController, :import_from_filesystem)
|
get("/import", EmojiPackController, :import_from_filesystem)
|
||||||
get("/remote", EmojiPackController, :remote)
|
get("/remote", EmojiPackController, :remote)
|
||||||
|
|
|
@ -305,7 +305,7 @@ test "returns 403 when requested by a non-admin" do
|
||||||
|> get("/api/pleroma/admin/reports")
|
|> get("/api/pleroma/admin/reports")
|
||||||
|
|
||||||
assert json_response(conn, :forbidden) ==
|
assert json_response(conn, :forbidden) ==
|
||||||
%{"error" => "User is not an admin."}
|
%{"error" => "User is not a staff member."}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 403 when requested by anonymous" do
|
test "returns 403 when requested by anonymous" do
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
# Pleroma: A lightweight social networking server
|
||||||
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
|
defmodule Pleroma.Web.Plugs.UserIsStaffPlugTest do
|
||||||
|
use Pleroma.Web.ConnCase, async: true
|
||||||
|
|
||||||
|
alias Pleroma.Web.Plugs.UserIsStaffPlug
|
||||||
|
import Pleroma.Factory
|
||||||
|
|
||||||
|
test "accepts a user that is an admin" do
|
||||||
|
user = insert(:user, is_admin: true)
|
||||||
|
|
||||||
|
conn = assign(build_conn(), :user, user)
|
||||||
|
|
||||||
|
ret_conn = UserIsStaffPlug.call(conn, %{})
|
||||||
|
|
||||||
|
assert conn == ret_conn
|
||||||
|
end
|
||||||
|
|
||||||
|
test "accepts a user that is a moderator" do
|
||||||
|
user = insert(:user, is_moderator: true)
|
||||||
|
|
||||||
|
conn = assign(build_conn(), :user, user)
|
||||||
|
|
||||||
|
ret_conn = UserIsStaffPlug.call(conn, %{})
|
||||||
|
|
||||||
|
assert conn == ret_conn
|
||||||
|
end
|
||||||
|
|
||||||
|
test "denies a user that isn't a staff member" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> UserIsStaffPlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.status == 403
|
||||||
|
end
|
||||||
|
|
||||||
|
test "denies when a user isn't set" do
|
||||||
|
conn = UserIsStaffPlug.call(build_conn(), %{})
|
||||||
|
|
||||||
|
assert conn.status == 403
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue