last off :statuses_read
From the endpoints left to do, I believe these should be under :statuses_read. These should be the last for that privilege for this MR
This commit is contained in:
parent
4cb0dbb5dc
commit
34a98990db
@ -292,6 +292,10 @@ defmodule Pleroma.Web.Router do
|
|||||||
|
|
||||||
get("/chats/:id", ChatController, :show)
|
get("/chats/:id", ChatController, :show)
|
||||||
get("/chats/:id/messages", ChatController, :messages)
|
get("/chats/:id/messages", ChatController, :messages)
|
||||||
|
|
||||||
|
get("/instances/:instance/statuses", InstanceController, :list_statuses)
|
||||||
|
|
||||||
|
get("/statuses/:id", StatusController, :show)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
@ -345,10 +349,8 @@ defmodule Pleroma.Web.Router do
|
|||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:admin_api)
|
||||||
|
|
||||||
get("/instances/:instance/statuses", InstanceController, :list_statuses)
|
|
||||||
delete("/instances/:instance", InstanceController, :delete)
|
delete("/instances/:instance", InstanceController, :delete)
|
||||||
|
|
||||||
get("/statuses/:id", StatusController, :show)
|
|
||||||
put("/statuses/:id", StatusController, :update)
|
put("/statuses/:id", StatusController, :update)
|
||||||
delete("/statuses/:id", StatusController, :delete)
|
delete("/statuses/:id", StatusController, :delete)
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase, async: false
|
||||||
use Oban.Testing, repo: Pleroma.Repo
|
use Oban.Testing, repo: Pleroma.Repo
|
||||||
|
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
test "GET /instances/:instance/statuses", %{conn: conn} do
|
test "GET /instances/:instance/statuses", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
|
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
|
||||||
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
|
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
|
||||||
insert_pair(:note_activity, user: user)
|
insert_pair(:note_activity, user: user)
|
||||||
@ -60,6 +61,10 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|
|||||||
|> json_response(200)
|
|> json_response(200)
|
||||||
|
|
||||||
assert length(activities) == 3
|
assert length(activities) == 3
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "DELETE /instances/:instance", %{conn: conn} do
|
test "DELETE /instances/:instance", %{conn: conn} do
|
||||||
|
@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/statuses/:id" do
|
describe "GET /api/pleroma/admin/statuses/:id" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:statuses_read])
|
||||||
|
end
|
||||||
|
|
||||||
test "not found", %{conn: conn} do
|
test "not found", %{conn: conn} do
|
||||||
assert conn
|
assert conn
|
||||||
|> get("/api/pleroma/admin/statuses/not_found")
|
|> get("/api/pleroma/admin/statuses/not_found")
|
||||||
@ -50,6 +54,12 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
|
|||||||
assert account["is_active"] == actor.is_active
|
assert account["is_active"] == actor.is_active
|
||||||
assert account["is_confirmed"] == actor.is_confirmed
|
assert account["is_confirmed"] == actor.is_confirmed
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "denies reading activity when not privileged", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "PUT /api/pleroma/admin/statuses/:id" do
|
describe "PUT /api/pleroma/admin/statuses/:id" do
|
||||||
|
Loading…
Reference in New Issue
Block a user