Merge branch 'fix-admin-api-scope' into 'develop'
fix oauth scopes for AdminApi#reports_update See merge request pleroma/pleroma!2087
This commit is contained in:
commit
c814f22030
@ -75,7 +75,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|
|||||||
plug(
|
plug(
|
||||||
OAuthScopesPlug,
|
OAuthScopesPlug,
|
||||||
%{scopes: ["write:reports"], admin: true}
|
%{scopes: ["write:reports"], admin: true}
|
||||||
when action in [:report_update_state, :report_respond]
|
when action in [:reports_update]
|
||||||
)
|
)
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
|
@ -1363,6 +1363,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "requires write:reports scope", %{conn: conn, id: id, admin: admin} do
|
||||||
|
read_token = insert(:oauth_token, user: admin, scopes: ["read"])
|
||||||
|
write_token = insert(:oauth_token, user: admin, scopes: ["write:reports"])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> assign(:token, read_token)
|
||||||
|
|> patch("/api/pleroma/admin/reports", %{
|
||||||
|
"reports" => [%{"state" => "resolved", "id" => id}]
|
||||||
|
})
|
||||||
|
|> json_response(403)
|
||||||
|
|
||||||
|
assert response == %{
|
||||||
|
"error" => "Insufficient permissions: admin:write:reports | write:reports."
|
||||||
|
}
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> assign(:token, write_token)
|
||||||
|
|> patch("/api/pleroma/admin/reports", %{
|
||||||
|
"reports" => [%{"state" => "resolved", "id" => id}]
|
||||||
|
})
|
||||||
|
|> json_response(:no_content)
|
||||||
|
end
|
||||||
|
|
||||||
test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
|
test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
|
||||||
conn
|
conn
|
||||||
|> patch("/api/pleroma/admin/reports", %{
|
|> patch("/api/pleroma/admin/reports", %{
|
||||||
|
Loading…
Reference in New Issue
Block a user