last off :statuses_read
From the endpoints left to do, I believe these should be under :statuses_read. These should be the last for that privilege for this MR
This commit is contained in:
parent
4cb0dbb5dc
commit
34a98990db
@ -292,6 +292,10 @@ defmodule Pleroma.Web.Router do
|
||||
|
||||
get("/chats/:id", ChatController, :show)
|
||||
get("/chats/:id/messages", ChatController, :messages)
|
||||
|
||||
get("/instances/:instance/statuses", InstanceController, :list_statuses)
|
||||
|
||||
get("/statuses/:id", StatusController, :show)
|
||||
end
|
||||
|
||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||
@ -345,10 +349,8 @@ defmodule Pleroma.Web.Router do
|
||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||
pipe_through(:admin_api)
|
||||
|
||||
get("/instances/:instance/statuses", InstanceController, :list_statuses)
|
||||
delete("/instances/:instance", InstanceController, :delete)
|
||||
|
||||
get("/statuses/:id", StatusController, :show)
|
||||
put("/statuses/:id", StatusController, :update)
|
||||
delete("/statuses/:id", StatusController, :delete)
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
use Pleroma.Web.ConnCase, async: false
|
||||
use Oban.Testing, repo: Pleroma.Repo
|
||||
|
||||
import Pleroma.Factory
|
||||
@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
||||
end
|
||||
|
||||
test "GET /instances/:instance/statuses", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
|
||||
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
|
||||
insert_pair(:note_activity, user: user)
|
||||
@ -60,6 +61,10 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
||||
|> json_response(200)
|
||||
|
||||
assert length(activities) == 3
|
||||
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden)
|
||||
end
|
||||
|
||||
test "DELETE /instances/:instance", %{conn: conn} do
|
||||
|
@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/statuses/:id" do
|
||||
setup do
|
||||
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||
end
|
||||
|
||||
test "not found", %{conn: conn} do
|
||||
assert conn
|
||||
|> get("/api/pleroma/admin/statuses/not_found")
|
||||
@ -50,6 +54,12 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
||||
assert account["is_active"] == actor.is_active
|
||||
assert account["is_confirmed"] == actor.is_confirmed
|
||||
end
|
||||
|
||||
test "denies reading activity when not privileged", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
describe "PUT /api/pleroma/admin/statuses/:id" do
|
||||
|
Loading…
Reference in New Issue
Block a user