Add privileges for :user_activation
This commit is contained in:
parent
cb60cc4e02
commit
e102d25d23
@ -256,7 +256,13 @@ config :pleroma, :instance,
|
|||||||
show_reactions: true,
|
show_reactions: true,
|
||||||
password_reset_token_validity: 60 * 60 * 24,
|
password_reset_token_validity: 60 * 60 * 24,
|
||||||
profile_directory: true,
|
profile_directory: true,
|
||||||
admin_privileges: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
admin_privileges: [
|
||||||
|
:user_deletion,
|
||||||
|
:user_credentials,
|
||||||
|
:statuses_read,
|
||||||
|
:user_tag,
|
||||||
|
:user_activation
|
||||||
|
],
|
||||||
moderator_privileges: [],
|
moderator_privileges: [],
|
||||||
max_endorsed_users: 20,
|
max_endorsed_users: 20,
|
||||||
birthday_required: false,
|
birthday_required: false,
|
||||||
|
@ -963,14 +963,26 @@ config :pleroma, :config_description, [
|
|||||||
%{
|
%{
|
||||||
key: :admin_privileges,
|
key: :admin_privileges,
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
suggestions: [
|
||||||
|
:user_deletion,
|
||||||
|
:user_credentials,
|
||||||
|
:statuses_read,
|
||||||
|
:user_tag,
|
||||||
|
:user_activation
|
||||||
|
],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :moderator_privileges,
|
key: :moderator_privileges,
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
suggestions: [
|
||||||
|
:user_deletion,
|
||||||
|
:user_credentials,
|
||||||
|
:statuses_read,
|
||||||
|
:user_tag,
|
||||||
|
:user_activation
|
||||||
|
],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
},
|
},
|
||||||
|
@ -125,6 +125,11 @@ defmodule Pleroma.Web.Router do
|
|||||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag)
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_privileged_role_user_activation do
|
||||||
|
plug(:admin_api)
|
||||||
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :pleroma_html do
|
pipeline :pleroma_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
@ -282,15 +287,20 @@ defmodule Pleroma.Web.Router do
|
|||||||
delete("/users/tag", AdminAPIController, :untag_users)
|
delete("/users/tag", AdminAPIController, :untag_users)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:require_privileged_role_user_activation)
|
||||||
|
|
||||||
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
||||||
patch("/users/activate", UserController, :activate)
|
patch("/users/activate", UserController, :activate)
|
||||||
patch("/users/deactivate", UserController, :deactivate)
|
patch("/users/deactivate", UserController, :deactivate)
|
||||||
patch("/users/approve", UserController, :approve)
|
end
|
||||||
|
|
||||||
|
# AdminAPI: admins and mods (staff) can perform these actions
|
||||||
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
|
pipe_through(:admin_api)
|
||||||
|
|
||||||
|
patch("/users/approve", UserController, :approve)
|
||||||
post("/users/invite_token", InviteController, :create)
|
post("/users/invite_token", InviteController, :create)
|
||||||
get("/users/invites", InviteController, :index)
|
get("/users/invites", InviteController, :index)
|
||||||
post("/users/revoke_invite", InviteController, :revoke)
|
post("/users/revoke_invite", InviteController, :revoke)
|
||||||
|
@ -824,48 +824,6 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
|
|
||||||
user_one = insert(:user, is_active: false)
|
|
||||||
user_two = insert(:user, is_active: false)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("content-type", "application/json")
|
|
||||||
|> patch(
|
|
||||||
"/api/pleroma/admin/users/activate",
|
|
||||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
|
||||||
)
|
|
||||||
|
|
||||||
response = json_response_and_validate_schema(conn, 200)
|
|
||||||
assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
|
|
||||||
|
|
||||||
log_entry = Repo.one(ModerationLog)
|
|
||||||
|
|
||||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
|
||||||
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
|
||||||
end
|
|
||||||
|
|
||||||
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
|
|
||||||
user_one = insert(:user, is_active: true)
|
|
||||||
user_two = insert(:user, is_active: true)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("content-type", "application/json")
|
|
||||||
|> patch(
|
|
||||||
"/api/pleroma/admin/users/deactivate",
|
|
||||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
|
||||||
)
|
|
||||||
|
|
||||||
response = json_response_and_validate_schema(conn, 200)
|
|
||||||
assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
|
|
||||||
|
|
||||||
log_entry = Repo.one(ModerationLog)
|
|
||||||
|
|
||||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
|
||||||
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
|
||||||
end
|
|
||||||
|
|
||||||
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
|
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
|
||||||
user_one = insert(:user, is_approved: false)
|
user_one = insert(:user, is_approved: false)
|
||||||
user_two = insert(:user, is_approved: false)
|
user_two = insert(:user, is_approved: false)
|
||||||
@ -937,7 +895,56 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
|
|||||||
"@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}"
|
"@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "user activation" do
|
||||||
|
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||||
|
|
||||||
|
user_one = insert(:user, is_active: false)
|
||||||
|
user_two = insert(:user, is_active: false)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch(
|
||||||
|
"/api/pleroma/admin/users/activate",
|
||||||
|
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||||
|
)
|
||||||
|
|
||||||
|
response = json_response_and_validate_schema(conn, 200)
|
||||||
|
assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
|
||||||
|
|
||||||
|
log_entry = Repo.one(ModerationLog)
|
||||||
|
|
||||||
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||||
|
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||||
|
|
||||||
|
user_one = insert(:user, is_active: true)
|
||||||
|
user_two = insert(:user, is_active: true)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch(
|
||||||
|
"/api/pleroma/admin/users/deactivate",
|
||||||
|
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||||
|
)
|
||||||
|
|
||||||
|
response = json_response_and_validate_schema(conn, 200)
|
||||||
|
assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
|
||||||
|
|
||||||
|
log_entry = Repo.one(ModerationLog)
|
||||||
|
|
||||||
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||||
|
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||||
|
end
|
||||||
|
|
||||||
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
|
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||||
|
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
@ -957,6 +964,46 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
|
|||||||
"@#{admin.nickname} deactivated users: @#{user.nickname}"
|
"@#{admin.nickname} deactivated users: @#{user.nickname}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_activation to activate", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch(
|
||||||
|
"/api/pleroma/admin/users/activate",
|
||||||
|
%{nicknames: ["user_one.nickname", "user_two.nickname"]}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_activation to deactivate", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch(
|
||||||
|
"/api/pleroma/admin/users/deactivate",
|
||||||
|
%{nicknames: ["user_one.nickname", "user_two.nickname"]}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :statuses_activation to toggle activation", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("content-type", "application/json")
|
||||||
|
|> patch("/api/pleroma/admin/users/user.nickname/toggle_activation")
|
||||||
|
|
||||||
|
assert json_response(conn, :forbidden)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp user_response(user, attrs \\ %{}) do
|
defp user_response(user, attrs \\ %{}) do
|
||||||
%{
|
%{
|
||||||
"is_active" => user.is_active,
|
"is_active" => user.is_active,
|
||||||
|
Loading…
Reference in New Issue
Block a user