Commit 5e229e19 authored by Ilja's avatar Ilja
Browse files

Add "moderation_tag:account-invitation"

I moved the rest of scope "/api/v1/pleroma/admin" down because otherwise there's conflict between the endpoints `get("/users/:nickname"` and `get("/users/invites"`.
parent e80e55d9
Pipeline #39885 passed with stages
in 13 minutes and 19 seconds
...@@ -105,6 +105,11 @@ defmodule Pleroma.Web.Router do ...@@ -105,6 +105,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.UserIsAdminPlug) plug(Pleroma.Web.Plugs.UserIsAdminPlug)
end end
pipeline :require_moderation_tag_account_invitation do
plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsureUserTag, "moderation_tag:account-invitation")
end
pipeline :require_moderation_tag_report_triage do pipeline :require_moderation_tag_report_triage do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsureUserTag, "moderation_tag:report-triage") plug(Pleroma.Web.Plugs.EnsureUserTag, "moderation_tag:report-triage")
...@@ -262,9 +267,10 @@ defmodule Pleroma.Web.Router do ...@@ -262,9 +267,10 @@ defmodule Pleroma.Web.Router do
post("/backups", AdminAPIController, :create_backup) post("/backups", AdminAPIController, :create_backup)
end end
# AdminAPI: admins and mods (staff) can perform these actions # AdminAPI
# admins and mods (staff) with moderation_tag:account-invitation can perform these actions
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through(:require_moderation_tag_account_invitation)
patch("/users/approve", UserController, :approve) patch("/users/approve", UserController, :approve)
...@@ -272,23 +278,6 @@ defmodule Pleroma.Web.Router do ...@@ -272,23 +278,6 @@ defmodule Pleroma.Web.Router do
get("/users/invites", InviteController, :index) get("/users/invites", InviteController, :index)
post("/users/revoke_invite", InviteController, :revoke) post("/users/revoke_invite", InviteController, :revoke)
post("/users/email_invite", InviteController, :email) post("/users/email_invite", InviteController, :email)
get("/users", UserController, :index)
get("/users/:nickname", UserController, :show)
get("/instances/:instance/statuses", InstanceController, :list_statuses)
delete("/instances/:instance", InstanceController, :delete)
get("/statuses/:id", StatusController, :show)
put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete)
get("/moderation_log", AdminAPIController, :list_log)
post("/reload_emoji", AdminAPIController, :reload_emoji)
get("/stats", AdminAPIController, :stats)
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
end end
# AdminAPI # AdminAPI
...@@ -403,6 +392,28 @@ defmodule Pleroma.Web.Router do ...@@ -403,6 +392,28 @@ defmodule Pleroma.Web.Router do
end end
end end
# AdminAPI: admins and mods (staff) can perform these actions
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api)
get("/users", UserController, :index)
get("/users/:nickname", UserController, :show)
get("/instances/:instance/statuses", InstanceController, :list_statuses)
delete("/instances/:instance", InstanceController, :delete)
get("/statuses/:id", StatusController, :show)
put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete)
get("/moderation_log", AdminAPIController, :list_log)
post("/reload_emoji", AdminAPIController, :reload_emoji)
get("/stats", AdminAPIController, :stats)
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
end
scope "/", Pleroma.Web.TwitterAPI do scope "/", Pleroma.Web.TwitterAPI do
pipe_through(:pleroma_html) pipe_through(:pleroma_html)
......
...@@ -11,7 +11,7 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do ...@@ -11,7 +11,7 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
alias Pleroma.UserInviteToken alias Pleroma.UserInviteToken
setup do setup do
admin = insert(:user, is_admin: true) admin = insert(:user, is_admin: true, tags: ["moderation_tag:account-invitation"])
token = insert(:oauth_admin_token, user: admin) token = insert(:oauth_admin_token, user: admin)
conn = conn =
...@@ -79,6 +79,25 @@ test "it returns 403 if requested by a non-admin" do ...@@ -79,6 +79,25 @@ test "it returns 403 if requested by a non-admin" do
assert json_response(conn, :forbidden) assert json_response(conn, :forbidden)
end end
test "it requires user tag moderation_tag:account-invitation", %{conn: conn} do
recipient_email = "foo@bar.com"
recipient_name = "J. D."
conn =
conn.assigns.user.tags
|> put_in(conn.assigns.user.tags -- ["moderation_tag:account-invitation"])
conn =
conn
|> put_req_header("content-type", "application/json;charset=utf-8")
|> post("/api/pleroma/admin/users/email_invite", %{
email: recipient_email,
name: recipient_name
})
assert json_response(conn, :forbidden)
end
test "email with +", %{conn: conn, admin: admin} do test "email with +", %{conn: conn, admin: admin} do
recipient_email = "foo+bar@baz.com" recipient_email = "foo+bar@baz.com"
...@@ -218,6 +237,19 @@ test "with max use and expires_at", %{conn: conn} do ...@@ -218,6 +237,19 @@ test "with max use and expires_at", %{conn: conn} do
assert invite.max_use == 150 assert invite.max_use == 150
assert invite.invite_type == "reusable_date_limited" assert invite.invite_type == "reusable_date_limited"
end end
test "it requires user tag moderation_tag:account-invitation", %{conn: conn} do
conn =
conn.assigns.user.tags
|> put_in(conn.assigns.user.tags -- ["moderation_tag:account-invitation"])
response =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/pleroma/admin/users/invite_token")
assert json_response(response, :forbidden)
end
end end
describe "GET /api/pleroma/admin/users/invites" do describe "GET /api/pleroma/admin/users/invites" do
...@@ -246,6 +278,16 @@ test "with invite", %{conn: conn} do ...@@ -246,6 +278,16 @@ test "with invite", %{conn: conn} do
] ]
} }
end end
test "it requires user tag moderation_tag:account-invitation", %{conn: conn} do
conn =
conn.assigns.user.tags
|> put_in(conn.assigns.user.tags -- ["moderation_tag:account-invitation"])
response = get(conn, "/api/pleroma/admin/users/invites")
assert json_response(response, :forbidden)
end
end end
describe "POST /api/pleroma/admin/users/revoke_invite" do describe "POST /api/pleroma/admin/users/revoke_invite" do
...@@ -276,5 +318,18 @@ test "with invalid token", %{conn: conn} do ...@@ -276,5 +318,18 @@ test "with invalid token", %{conn: conn} do
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
end end
test "it requires user tag moderation_tag:account-invitation", %{conn: conn} do
conn =
conn.assigns.user.tags
|> put_in(conn.assigns.user.tags -- ["moderation_tag:account-invitation"])
response =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
assert json_response(response, :forbidden)
end
end end
end end
...@@ -29,7 +29,11 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do ...@@ -29,7 +29,11 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
admin = admin =
insert(:user, insert(:user,
is_admin: true, is_admin: true,
tags: ["moderation_tag:account-activation", "moderation_tag:account-deletion"] tags: [
"moderation_tag:account-activation",
"moderation_tag:account-deletion",
"moderation_tag:account-invitation"
]
) )
token = insert(:oauth_admin_token, user: admin) token = insert(:oauth_admin_token, user: admin)
...@@ -924,25 +928,46 @@ test "it requires user tag moderation_tag:account-activation", %{conn: conn} do ...@@ -924,25 +928,46 @@ test "it requires user tag moderation_tag:account-activation", %{conn: conn} do
end end
end end
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do describe "PATCH /api/pleroma/admin/users/approve" do
user_one = insert(:user, is_approved: false) test "it approves users and logs an entry in the moderation log", %{admin: admin, conn: conn} do
user_two = insert(:user, is_approved: false) user_one = insert(:user, is_approved: false)
user_two = insert(:user, is_approved: false)
conn = conn =
conn conn
|> put_req_header("content-type", "application/json") |> put_req_header("content-type", "application/json")
|> patch( |> patch(
"/api/pleroma/admin/users/approve", "/api/pleroma/admin/users/approve",
%{nicknames: [user_one.nickname, user_two.nickname]} %{nicknames: [user_one.nickname, user_two.nickname]}
) )
response = json_response_and_validate_schema(conn, 200) response = json_response_and_validate_schema(conn, 200)
assert Enum.map(response["users"], & &1["is_approved"]) == [true, true] assert Enum.map(response["users"], & &1["is_approved"]) == [true, true]
log_entry = Repo.one(ModerationLog) log_entry = Repo.one(ModerationLog)
assert ModerationLog.get_log_entry_message(log_entry) == assert ModerationLog.get_log_entry_message(log_entry) ==
"@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
end
test "it requires user tag moderation_tag:account-invitation", %{conn: conn} do
conn =
conn.assigns.user.tags
|> put_in(conn.assigns.user.tags -- ["moderation_tag:account-invitation"])
user_one = insert(:user, is_approved: false)
user_two = insert(:user, is_approved: false)
response =
conn
|> put_req_header("content-type", "application/json")
|> patch(
"/api/pleroma/admin/users/approve",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
assert json_response(response, :forbidden)
end
end end
test "PATCH /api/pleroma/admin/users/suggest", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/suggest", %{admin: admin, conn: conn} do
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment