admin_api_controller.ex 6.33 KB
Newer Older
1
# Pleroma: A lightweight social networking server
kaniini's avatar
kaniini committed
2
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3
4
# SPDX-License-Identifier: AGPL-3.0-only

5
defmodule Pleroma.Web.AdminAPI.AdminAPIController do
6
7
  @users_page_size 50

Haelwenn's avatar
Haelwenn committed
8
  use Pleroma.Web, :controller
9
  alias Pleroma.User
10
  alias Pleroma.Web.ActivityPub.Relay
11
  alias Pleroma.Web.MastodonAPI.Admin.AccountView
Haelwenn's avatar
Haelwenn committed
12

13
14
  import Pleroma.Web.ControllerHelper, only: [json_response: 3]

Haelwenn's avatar
Haelwenn committed
15
16
17
18
  require Logger

  action_fallback(:errors)

19
  def user_delete(conn, %{"nickname" => nickname}) do
20
21
    User.get_by_nickname(nickname)
    |> User.delete()
22
23

    conn
24
    |> json(nickname)
Haelwenn's avatar
Haelwenn committed
25
26
  end

27
28
29
30
  def user_create(
        conn,
        %{"nickname" => nickname, "email" => email, "password" => password}
      ) do
31
    user_data = %{
32
      nickname: nickname,
33
      name: nickname,
34
35
36
      email: email,
      password: password,
      password_confirmation: password,
37
      bio: "."
38
39
    }

40
41
    changeset = User.register_changeset(%User{}, user_data, confirmed: true)
    {:ok, user} = User.register(changeset)
42
43

    conn
44
    |> json(user.nickname)
45
46
  end

Maxim Filippov's avatar
Maxim Filippov committed
47
48
49
50
51
52
  def user_toggle_activation(conn, %{"nickname" => nickname}) do
    user = User.get_by_nickname(nickname)

    {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)

    conn
53
    |> json(AccountView.render("show.json", %{user: updated_user}))
Maxim Filippov's avatar
Maxim Filippov committed
54
55
  end

56
57
58
59
60
61
62
63
64
65
  def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
    with {:ok, _} <- User.tag(nicknames, tags),
         do: json_response(conn, :no_content, "")
  end

  def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
    with {:ok, _} <- User.untag(nicknames, tags),
         do: json_response(conn, :no_content, "")
  end

66
67
68
69
70
71
72
  def list_users(%{assigns: %{user: admin}} = conn, %{"page" => page_string}) do
    with {page, _} <- Integer.parse(page_string),
         users <- User.all_except_one(admin, page, @users_page_size),
         count <- User.count_all_except_one(admin),
         do:
           conn
           |> json(
73
             AccountView.render("index.json", %{
74
75
76
77
78
               users: users,
               count: count,
               page_size: @users_page_size
             })
           )
Maxim Filippov's avatar
Maxim Filippov committed
79
80
  end

81
82
83
84
85
86
87
88
  def search_users(%{assigns: %{user: admin}} = conn, %{"query" => term} = params) do
    users =
      User.search(term,
        query: User.maybe_local_user_query(params["local"] == "true"),
        resolve: true,
        for_user: admin,
        limit: @users_page_size
      )
Maxim Filippov's avatar
Maxim Filippov committed
89
90
91
92
93
94
95
96
97
98
99

    conn
    |> json(
      AccountView.render("index.json", %{
        users: users,
        count: length(users),
        page_size: @users_page_size
      })
    )
  end

100
101
  def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
      when permission_group in ["moderator", "admin"] do
102
103
104
    user = User.get_by_nickname(nickname)

    info =
lain's avatar
lain committed
105
      %{}
106
      |> Map.put("is_" <> permission_group, true)
107

lain's avatar
lain committed
108
109
110
    info_cng = User.Info.admin_api_update(user.info, info)

    cng =
Maksim's avatar
updates    
Maksim committed
111
112
      user
      |> Ecto.Changeset.change()
lain's avatar
lain committed
113
114
      |> Ecto.Changeset.put_embed(:info, info_cng)

Maksim's avatar
Maksim committed
115
    {:ok, _user} = User.update_and_set_cache(cng)
116

Maksim's avatar
Maksim committed
117
118
119
120
    json(conn, info)
  end

  def right_add(conn, _) do
121
    conn
Maksim's avatar
Maksim committed
122
123
    |> put_status(404)
    |> json(%{error: "No such permission_group"})
124
125
  end

126
127
128
129
  def right_get(conn, %{"nickname" => nickname}) do
    user = User.get_by_nickname(nickname)

    conn
lain's avatar
lain committed
130
131
132
133
    |> json(%{
      is_moderator: user.info.is_moderator,
      is_admin: user.info.is_admin
    })
134
135
  end

136
137
138
  def right_delete(
        %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
        %{
139
          "permission_group" => permission_group,
140
141
142
          "nickname" => nickname
        }
      )
143
      when permission_group in ["moderator", "admin"] do
144
145
    if admin_nickname == nickname do
      conn
146
      |> put_status(403)
147
148
149
      |> json(%{error: "You can't revoke your own admin status."})
    else
      user = User.get_by_nickname(nickname)
150

151
      info =
lain's avatar
lain committed
152
        %{}
153
        |> Map.put("is_" <> permission_group, false)
154

lain's avatar
lain committed
155
156
157
158
159
160
      info_cng = User.Info.admin_api_update(user.info, info)

      cng =
        Ecto.Changeset.change(user)
        |> Ecto.Changeset.put_embed(:info, info_cng)

Maksim's avatar
Maksim committed
161
      {:ok, _user} = User.update_and_set_cache(cng)
162

Maksim's avatar
Maksim committed
163
      json(conn, info)
164
    end
165
166
167
168
169
  end

  def right_delete(conn, _) do
    conn
    |> put_status(404)
170
    |> json(%{error: "No such permission_group"})
Haelwenn's avatar
Haelwenn committed
171
172
  end

173
174
175
176
177
178
179
  def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
    with {:ok, status} <- Ecto.Type.cast(:boolean, status),
         %User{} = user <- User.get_by_nickname(nickname),
         {:ok, _} <- User.deactivate(user, !status),
         do: json_response(conn, :no_content, "")
  end

180
  def relay_follow(conn, %{"relay_url" => target}) do
Maksim's avatar
Maksim committed
181
182
    with {:ok, _message} <- Relay.follow(target) do
      json(conn, target)
183
    else
Maksim's avatar
Maksim committed
184
185
186
187
      _ ->
        conn
        |> put_status(500)
        |> json(target)
188
    end
Haelwenn's avatar
Haelwenn committed
189
190
  end

191
  def relay_unfollow(conn, %{"relay_url" => target}) do
Maksim's avatar
Maksim committed
192
193
    with {:ok, _message} <- Relay.unfollow(target) do
      json(conn, target)
194
    else
Maksim's avatar
Maksim committed
195
196
197
198
      _ ->
        conn
        |> put_status(500)
        |> json(target)
199
    end
Haelwenn's avatar
Haelwenn committed
200
201
  end

202
203
204
205
206
207
208
209
210
211
212
213
214
  @doc "Sends registration invite via email"
  def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
    with true <-
           Pleroma.Config.get([:instance, :invites_enabled]) &&
             !Pleroma.Config.get([:instance, :registrations_open]),
         {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
         email <-
           Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
         {:ok, _} <- Pleroma.Mailer.deliver(email) do
      json_response(conn, :no_content, "")
    end
  end

Maksim's avatar
Maksim committed
215
  @doc "Get a account registeration invite token (base64 string)"
216
  def get_invite_token(conn, _params) do
217
    {:ok, token} = Pleroma.UserInviteToken.create_token()
218
219

    conn
220
    |> json(token.token)
Haelwenn's avatar
Haelwenn committed
221
222
  end

Maksim's avatar
Maksim committed
223
  @doc "Get a password reset token (base64 string) for given nickname"
224
  def get_password_reset(conn, %{"nickname" => nickname}) do
225
226
227
228
    (%User{local: true} = user) = User.get_by_nickname(nickname)
    {:ok, token} = Pleroma.PasswordResetToken.create_token(user)

    conn
229
230
231
232
233
234
235
236
237
238
239
240
241
    |> json(token.token)
  end

  def errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
    |> json("Invalid parameters")
  end

  def errors(conn, _) do
    conn
    |> put_status(500)
    |> json("Something went wrong")
Haelwenn's avatar
Haelwenn committed
242
243
  end
end