Commit Graph

14228 Commits

Author SHA1 Message Date
Ilja
15748fd301 Add better explanation in the Cheatsheet about what each tag does 2022-07-02 08:17:22 +02:00
Ilja
51f87ba30c Change order of privilege tags to make more sense
The tags were listed in different places
They were listed in a rather randomly order
I reordered them in a way I think makes more sense
2022-07-02 07:59:46 +02:00
Ilja
c0e4b1b3e2 Fix typo's
priviledge |-> privilege
2022-07-02 07:52:39 +02:00
Ilja
0d697bc15a Add docs and CHANGELOG entries 2022-07-01 10:50:32 +02:00
Ilja
37fdf148b0 Rename privilege tags
I first focussed on getting things working
Now that they do and we know what tags there are, I put some thought in providing better names

I use the form <what_it_controls>_<what_it_allows_you_to_do>

:statuses_read    => :messages_read
:status_delete    => :messages_delete

:user_read        => :users_read
:user_deletion    => :users_delete
:user_activation  => :users_manage_activation_state
:user_invite      => :users_manage_invites
:user_tag         => :users_manage_tags
:user_credentials => :users_manage_credentials

:report_handle    => :reports_manage_reports

:emoji_management => :emoji_manage_emoji
2022-07-01 10:28:09 +02:00
Ilja
4e4eb81749 Add nodes and privileges to nodeinfo
I didn't add it to /api/v1/instance
I was wondering if I should, but since it e.g. also didn't show staff, it felt better not to
2022-06-21 12:10:27 +02:00
Ilja
211e561e2a Show privileges to FE
I added an extra key
We already had is_admin and is_moderator, now we have an extra privileges key
2022-06-21 12:10:27 +02:00
Ilja
143ea7b80a Add deactivated status for privileged users
Deactivated users are only visible to users privileged with :user_activation since fc317f3b17
Here we also make sure the users who are deactivated get the status deactivated for users who are allowed to see these users
2022-06-21 12:10:27 +02:00
Ilja
e21ef5aef3 report notifications for privileged users
Instead of `Pleroma.User.all_superusers()` we now use `Pleroma.User.all_superusers(:report_handle)`

I also changed it for sending emails, but there were no tests.
2022-06-21 12:10:27 +02:00
Ilja
34adea8d28 Add Pleroma.User.all_users_with_privilege/1
This should eventually replace the Pleroma.User.all_superusers/0 function

* I added a new param `is_privileged` in User.query
* Now we can fetch all users with a specified privilege
2022-06-21 12:10:27 +02:00
Ilja
a1c8aa4721 Remove function superuser?
Everything now happens with privileged?/2
2022-06-21 12:10:27 +02:00
Ilja
eab13fed3e Hide pleroma:report for non-privileged users
Before we deleted the notifications, but that was a side effect and didn't always trigger any more.
Now we just hide them when an unprivileged user asks them.
2022-06-21 12:10:27 +02:00
Ilja
e45faddb38 Revert "Delete report notifs when demoting from superuser"
This reverts commit 89667189b8 and cdc5bbe836.

This is a side effect when changing user role.
The goal was to not have report notifications when someone isn't admin or moderator any more.
But this won't be triggered when we change the privilege tags for a role, so we can't use this sollution any more.
There was another solution to filter out report notifications during fetch.
It wasn't merged because this seemed 'cleaner' at the time, but now it seems the better sollution.
I'll add it in the next commit.
2022-06-21 12:10:27 +02:00
Ilja
edf0013ff3 User.visible_for/2
According to the tests, this was only used for unconfirmed accounts.
So this just needed to be restricted to users with privilege :user_activation
2022-06-21 12:10:27 +02:00
Ilja
bb61cfee8d Validator for deleting statusses is now done with priviledge instead of superuser 2022-06-21 12:10:27 +02:00
Ilja
7cf473c500 delete statusses is now privileged by :status_delete
Instead of superusers, you now need a role with privilige :status_delete to delete other users statusses
I also cleaned up some other stuff I saw
2022-06-21 12:10:27 +02:00
Ilja
7adfc2e0f4 Add Pleroma.User.privileged?/2
This should eventually replace Pleroma.User.superuser?/1
2022-06-21 12:10:27 +02:00
Ilja
9da81f41c6 Fix warning during test user_test.exs
Fixed the warning
    [warning] Please change `clear_config([section], key: value)` to `clear_config([section, key], value)`
2022-06-21 12:10:27 +02:00
Ilja
c842e62675 Add last priviliges
I still had three endpoints I didn't really know what to do with them. I added them under separate tags
* :instance_delete
* :moderation_log_read
* :stats_read

I also checked and these are the last changes done by MR https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3480/diffs this is trying to fix
2022-06-21 12:10:27 +02:00
Ilja
ecd42a2ce1 Add privilige :emoji_management 2022-06-21 12:10:27 +02:00
Ilja
0ee8f33250 Add privilige :status_delete
It also allows to update a message, so it's not just deleting. I need a better name...
2022-06-21 12:10:27 +02:00
Ilja
34a98990db last off :statuses_read
From the endpoints left to do, I believe these should be under :statuses_read.
These should be the last for that privilege for this MR
2022-06-21 12:10:27 +02:00
Ilja
4cb0dbb5dc Mark relevant tests synchronous
One of the things we do during the tests is change the config. But that's global state and different tests were interfering.
E.g. one test would set `clear_config([:instance, :admin_privileges], [:statuses_read])`, but while that runs, another test may
do `clear_config([:instance, :admin_privileges], [:user_invite])`. Now the code for the first test checks the setting, and it
finds `:user_invite` instead of `:statuses_read`.

Now the modules where this happens are marked to run synchronously, so they don't interfere with each other.
2022-06-21 12:10:27 +02:00
Ilja
cbb26262a5 Add privileges for :user_read 2022-06-21 12:10:27 +02:00
Ilja
3f26f1b30f Add privileges for :report_handle 2022-06-21 12:10:27 +02:00
Ilja
14e697a64f Add privileges for :user_invite 2022-06-21 12:10:27 +02:00
Ilja
e102d25d23 Add privileges for :user_activation 2022-06-21 12:10:27 +02:00
Ilja
cb60cc4e02 Add privileges for :user_tag 2022-06-21 12:10:27 +02:00
Ilja
5a65e2dac5 Remove privileged_staff
Everything that was done through this setting, can now be set by giving the proper privileges to the roles.
2022-06-21 12:10:27 +02:00
Ilja
b1ff5241c2 Add priviledges for :statuses_read
This was the last in :require_privileged_staff. I'll remove that in the next commit
2022-06-21 12:10:27 +02:00
Ilja
8a9144ca8b Add priviledges for :user_credentials
I only moved the ones from the :require_privileged_staff block for now
2022-06-21 12:10:27 +02:00
Ilja
9f6c364759 Add privilege :user_deletion 2022-06-21 12:10:27 +02:00
Ilja
5b19543f0a Add new setting and Plug to allow for privilege settings for staff 2022-06-21 12:10:26 +02:00
Haelwenn
7466136ad3 Merge branch 'lewdthewides-develop-patch-48691' into 'develop'
Instruct users to run 'git pull' as the pleroma user

See merge request pleroma/pleroma!3667
2022-05-22 17:09:54 +00:00
lain
bdca5f5d68 Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'
StealEmojiPolicy: fix String rejected_shortcodes

See merge request pleroma/pleroma!3673
2022-05-19 08:55:39 +00:00
Hélène
a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
lewdthewides
7977dd6ac7 Instruct users to run 'git pull' as the pleroma user 2022-05-12 16:02:58 +00:00
Haelwenn
4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja
a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Haelwenn
214ef7ff73 Merge branch 'security/2.4.3-develop' into 'develop'
Merge back 2.4.3

See merge request pleroma/pleroma!3663
2022-05-06 08:27:03 +00:00
Haelwenn (lanodan) Monnier
f9943b2065 mix: Bump to 2.4.52 for 2.4.3 mergeback 2022-05-06 10:23:43 +02:00
Tusooa Zhu
57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu
e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Ilja
c3b2b71ea2 update sweet_xml [Security] 2022-05-06 10:23:25 +02:00
Haelwenn
8517bc18aa Merge branch 'from/upstream-develop/tusooa/fix-en-fallback' into 'develop'
Fix incorrect fallback when English is set to first language

See merge request pleroma/pleroma!3656
2022-04-18 03:31:44 +00:00
Tusooa Zhu
be08d9305b
Fix incorrect fallback when English is set to first language 2022-04-17 22:39:52 -04:00
Haelwenn
a5d7e98de0 Merge branch 'fix_eratic_test_for_report_notes' into 'develop'
Fix eratic test for POST /api/pleroma/admin/reports/:id/notes

See merge request pleroma/pleroma!3653
2022-04-05 12:11:53 +00:00
Ilja
5f37db330f Fix eratic test for POST /api/pleroma/admin/reports/:id/notes
It retrieved two ReportNotes and then checked one of them. But the order isn't guaranteed, while the test tested on the content of the first ReportNote.

I made the test on the content more generic
2022-04-05 13:21:09 +02:00
Haelwenn
d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Haelwenn
e63d49d238 Merge branch 'caddyfile-v2' into 'develop'
Update Caddyfile to Caddy v2

Closes #2764

See merge request pleroma/pleroma!3641
2022-03-20 18:14:00 +00:00