ChatController: Use OAuth scopes.

This commit is contained in:
lain 2020-04-17 13:04:46 +02:00
parent f8c3ae7a62
commit d45ae64858
2 changed files with 36 additions and 23 deletions

View File

@ -8,6 +8,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
alias Pleroma.Object
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Web.CommonAPI
alias Pleroma.Web.PleromaAPI.ChatView
alias Pleroma.Web.PleromaAPI.ChatMessageView
@ -16,10 +17,18 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
import Ecto.Query
# TODO
# - Oauth stuff
# - Views / Representers
# - Error handling
plug(
OAuthScopesPlug,
%{scopes: ["write:statuses"]} when action in [:post_chat_message, :create]
)
plug(
OAuthScopesPlug,
%{scopes: ["read:statuses"]} when action in [:messages, :index]
)
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ChatOperation
def post_chat_message(%{assigns: %{user: %{id: user_id} = user}} = conn, %{
@ -62,6 +71,11 @@ def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{"id" => id} =
conn
|> put_view(ChatMessageView)
|> render("index.json", for: user, objects: messages, chat: chat)
else
_ ->
conn
|> put_status(:not_found)
|> json(%{error: "not found"})
end
end

View File

@ -10,15 +10,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do
import Pleroma.Factory
describe "POST /api/v1/pleroma/chats/:id/messages" do
test "it posts a message to the chat", %{conn: conn} do
user = insert(:user)
setup do: oauth_access(["write:statuses"])
test "it posts a message to the chat", %{conn: conn, user: user} do
other_user = insert(:user)
{:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id)
result =
conn
|> assign(:user, user)
|> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "Hallo!!"})
|> json_response(200)
@ -28,8 +28,9 @@ test "it posts a message to the chat", %{conn: conn} do
end
describe "GET /api/v1/pleroma/chats/:id/messages" do
test "it paginates", %{conn: conn} do
user = insert(:user)
setup do: oauth_access(["read:statuses"])
test "it paginates", %{conn: conn, user: user} do
recipient = insert(:user)
Enum.each(1..30, fn _ ->
@ -40,7 +41,6 @@ test "it paginates", %{conn: conn} do
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats/#{chat.id}/messages")
|> json_response(200)
@ -48,17 +48,13 @@ test "it paginates", %{conn: conn} do
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats/#{chat.id}/messages", %{"max_id" => List.last(result)["id"]})
|> json_response(200)
assert length(result) == 10
end
# TODO
# - Test the case where it's not the user's chat
test "it returns the messages for a given chat", %{conn: conn} do
user = insert(:user)
test "it returns the messages for a given chat", %{conn: conn, user: user} do
other_user = insert(:user)
third_user = insert(:user)
@ -71,7 +67,6 @@ test "it returns the messages for a given chat", %{conn: conn} do
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats/#{chat.id}/messages")
|> json_response(200)
@ -81,17 +76,25 @@ test "it returns the messages for a given chat", %{conn: conn} do
end)
assert length(result) == 3
# Trying to get the chat of a different user
result =
conn
|> assign(:user, other_user)
|> get("/api/v1/pleroma/chats/#{chat.id}/messages")
assert result |> json_response(404)
end
end
describe "POST /api/v1/pleroma/chats/by-ap-id/:id" do
setup do: oauth_access(["write:statuses"])
test "it creates or returns a chat", %{conn: conn} do
user = insert(:user)
other_user = insert(:user)
result =
conn
|> assign(:user, user)
|> post("/api/v1/pleroma/chats/by-ap-id/#{URI.encode_www_form(other_user.ap_id)}")
|> json_response(200)
@ -100,9 +103,9 @@ test "it creates or returns a chat", %{conn: conn} do
end
describe "GET /api/v1/pleroma/chats" do
test "it paginates", %{conn: conn} do
user = insert(:user)
setup do: oauth_access(["read:statuses"])
test "it paginates", %{conn: conn, user: user} do
Enum.each(1..30, fn _ ->
recipient = insert(:user)
{:ok, _} = Chat.get_or_create(user.id, recipient.ap_id)
@ -110,7 +113,6 @@ test "it paginates", %{conn: conn} do
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats")
|> json_response(200)
@ -118,7 +120,6 @@ test "it paginates", %{conn: conn} do
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats", %{max_id: List.last(result)["id"]})
|> json_response(200)
@ -126,8 +127,7 @@ test "it paginates", %{conn: conn} do
end
test "it return a list of chats the current user is participating in, in descending order of updates",
%{conn: conn} do
user = insert(:user)
%{conn: conn, user: user} do
har = insert(:user)
jafnhar = insert(:user)
tridi = insert(:user)
@ -144,7 +144,6 @@ test "it return a list of chats the current user is participating in, in descend
result =
conn
|> assign(:user, user)
|> get("/api/v1/pleroma/chats")
|> json_response(200)