Add privileges for :user_activation
This commit is contained in:
Ilja
parent
cb60cc4e02
commit
e102d25d23
@ -256,7 +256,13 @@ config :pleroma, :instance,
|
||||
show_reactions: true,
|
||||
password_reset_token_validity: 60 * 60 * 24,
|
||||
profile_directory: true,
|
||||
admin_privileges: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
admin_privileges: [
|
||||
:user_deletion,
|
||||
:user_credentials,
|
||||
:statuses_read,
|
||||
:user_tag,
|
||||
:user_activation
|
||||
],
|
||||
moderator_privileges: [],
|
||||
max_endorsed_users: 20,
|
||||
birthday_required: false,
|
||||
|
||||
@ -963,14 +963,26 @@ config :pleroma, :config_description, [
|
||||
%{
|
||||
key: :admin_privileges,
|
||||
type: {:list, :atom},
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
suggestions: [
|
||||
:user_deletion,
|
||||
:user_credentials,
|
||||
:statuses_read,
|
||||
:user_tag,
|
||||
:user_activation
|
||||
],
|
||||
description:
|
||||
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||
},
|
||||
%{
|
||||
key: :moderator_privileges,
|
||||
type: {:list, :atom},
|
||||
suggestions: [:user_deletion, :user_credentials, :statuses_read, :user_tag],
|
||||
suggestions: [
|
||||
:user_deletion,
|
||||
:user_credentials,
|
||||
:statuses_read,
|
||||
:user_tag,
|
||||
:user_activation
|
||||
],
|
||||
description:
|
||||
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||
},
|
||||
|
||||
@ -125,6 +125,11 @@ defmodule Pleroma.Web.Router do
|
||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag)
|
||||
end
|
||||
|
||||
pipeline :require_privileged_role_user_activation do
|
||||
plug(:admin_api)
|
||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation)
|
||||
end
|
||||
|
||||
pipeline :pleroma_html do
|
||||
plug(:browser)
|
||||
plug(:authenticate)
|
||||
@ -282,15 +287,20 @@ defmodule Pleroma.Web.Router do
|
||||
delete("/users/tag", AdminAPIController, :untag_users)
|
||||
end
|
||||
|
||||
# AdminAPI: admins and mods (staff) can perform these actions
|
||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||
pipe_through(:admin_api)
|
||||
pipe_through(:require_privileged_role_user_activation)
|
||||
|
||||
patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
|
||||
patch("/users/activate", UserController, :activate)
|
||||
patch("/users/deactivate", UserController, :deactivate)
|
||||
patch("/users/approve", UserController, :approve)
|
||||
end
|
||||
|
||||
# AdminAPI: admins and mods (staff) can perform these actions
|
||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||
pipe_through(:admin_api)
|
||||
|
||||
patch("/users/approve", UserController, :approve)
|
||||
post("/users/invite_token", InviteController, :create)
|
||||
get("/users/invites", InviteController, :index)
|
||||
post("/users/revoke_invite", InviteController, :revoke)
|
||||
|
||||
@ -824,48 +824,6 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
|
||||
end
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
|
||||
user_one = insert(:user, is_active: false)
|
||||
user_two = insert(:user, is_active: false)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/activate",
|
||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||
)
|
||||
|
||||
response = json_response_and_validate_schema(conn, 200)
|
||||
assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
|
||||
user_one = insert(:user, is_active: true)
|
||||
user_two = insert(:user, is_active: true)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/deactivate",
|
||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||
)
|
||||
|
||||
response = json_response_and_validate_schema(conn, 200)
|
||||
assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
|
||||
user_one = insert(:user, is_approved: false)
|
||||
user_two = insert(:user, is_approved: false)
|
||||
@ -937,24 +895,113 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
|
||||
"@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}"
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
|
||||
user = insert(:user)
|
||||
describe "user activation" do
|
||||
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
|
||||
user_one = insert(:user, is_active: false)
|
||||
user_two = insert(:user, is_active: false)
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) ==
|
||||
user_response(
|
||||
user,
|
||||
%{"is_active" => !user.is_active}
|
||||
)
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/activate",
|
||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||
)
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
response = json_response_and_validate_schema(conn, 200)
|
||||
assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} deactivated users: @#{user.nickname}"
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||
|
||||
user_one = insert(:user, is_active: true)
|
||||
user_two = insert(:user, is_active: true)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/deactivate",
|
||||
%{nicknames: [user_one.nickname, user_two.nickname]}
|
||||
)
|
||||
|
||||
response = json_response_and_validate_schema(conn, 200)
|
||||
assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
|
||||
end
|
||||
|
||||
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [:user_activation])
|
||||
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) ==
|
||||
user_response(
|
||||
user,
|
||||
%{"is_active" => !user.is_active}
|
||||
)
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} deactivated users: @#{user.nickname}"
|
||||
end
|
||||
|
||||
test "it requires privileged role :statuses_activation to activate", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/activate",
|
||||
%{nicknames: ["user_one.nickname", "user_two.nickname"]}
|
||||
)
|
||||
|
||||
assert json_response(conn, :forbidden)
|
||||
end
|
||||
|
||||
test "it requires privileged role :statuses_activation to deactivate", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch(
|
||||
"/api/pleroma/admin/users/deactivate",
|
||||
%{nicknames: ["user_one.nickname", "user_two.nickname"]}
|
||||
)
|
||||
|
||||
assert json_response(conn, :forbidden)
|
||||
end
|
||||
|
||||
test "it requires privileged role :statuses_activation to toggle activation", %{conn: conn} do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/users/user.nickname/toggle_activation")
|
||||
|
||||
assert json_response(conn, :forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
defp user_response(user, attrs \\ %{}) do
|
||||
|
||||
Loading…
Reference in New Issue
Block a user