Commit 735f4004 authored by kaniini's avatar kaniini
Browse files

Merge branch 'delete-status' into 'develop'

Allow an admin to delete a user status #721 (MastoAPI)

See merge request !914
parents 130fc9ea 2827dfea
Pipeline #8774 passed with stages
in 3 minutes and 20 seconds
......@@ -30,7 +30,7 @@ def follow(follower, followed) do
def delete(activity_id, user) do
with %Activity{data: %{"object" => %{"id" => object_id}}} <- Repo.get(Activity, activity_id),
%Object{} = object <- Object.normalize(object_id),
true <- user.info.is_moderator || user.ap_id == object.data["actor"],
true <- User.superuser?(user) || user.ap_id == object.data["actor"],
{:ok, _} <- unpin(activity_id, user),
{:ok, delete} <- ActivityPub.delete(object) do
{:ok, delete}
......
......@@ -371,6 +371,30 @@ test "when you didn't create it", %{conn: conn} do
assert Repo.get(Activity, activity.id) == activity
end
test "when you're an admin or moderator", %{conn: conn} do
activity1 = insert(:note_activity)
activity2 = insert(:note_activity)
admin = insert(:user, info: %{is_admin: true})
moderator = insert(:user, info: %{is_moderator: true})
res_conn =
conn
|> assign(:user, admin)
|> delete("/api/v1/statuses/#{activity1.id}")
assert %{} = json_response(res_conn, 200)
res_conn =
conn
|> assign(:user, moderator)
|> delete("/api/v1/statuses/#{activity2.id}")
assert %{} = json_response(res_conn, 200)
refute Repo.get(Activity, activity1.id)
refute Repo.get(Activity, activity2.id)
end
end
describe "filters" do
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment