EnsureStaffPrivilegedPlug: don't let non-moderators through

This commit is contained in:
Alex Gleason 2021-12-27 17:18:26 -06:00
parent 264f0fde1b
commit 138f5a4517
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7

View File

@ -4,9 +4,8 @@
defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
@moduledoc """
Ensures if staff are privileged enough to do certain tasks
Ensures staff are privileged enough to do certain tasks.
"""
import Pleroma.Web.TranslationHelpers
import Plug.Conn
@ -19,7 +18,7 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
def call(conn, _) do
def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
if Config.get!([:instance, :privileged_staff]) do
conn
else
@ -28,4 +27,10 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
|> halt()
end
end
def call(conn, _) do
conn
|> render_error(:forbidden, "User is not a staff member.")
|> halt()
end
end