Add privilige :status_delete

It also allows to update a message, so it's not just deleting. I need a better name...
This commit is contained in:
Ilja 2022-06-11 13:08:40 +02:00
parent 34a98990db
commit 0ee8f33250
5 changed files with 54 additions and 9 deletions

View file

@ -264,7 +264,8 @@
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read :user_read,
:status_delete
], ],
moderator_privileges: [], moderator_privileges: [],
max_endorsed_users: 20, max_endorsed_users: 20,

View file

@ -971,7 +971,8 @@
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read :user_read,
:status_delete
], ],
description: description:
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@ -987,7 +988,8 @@
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle, :report_handle,
:user_read :user_read,
:status_delete
], ],
description: description:
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"

View file

@ -145,6 +145,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read)
end end
pipeline :require_privileged_role_status_delete do
plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete)
end
pipeline :pleroma_html do pipeline :pleroma_html do
plug(:browser) plug(:browser)
plug(:authenticate) plug(:authenticate)
@ -345,21 +350,26 @@ defmodule Pleroma.Web.Router do
get("/users/:nickname", UserController, :show) get("/users/:nickname", UserController, :show)
end end
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:require_privileged_role_status_delete)
put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete)
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
end
# AdminAPI: admins and mods (staff) can perform these actions # AdminAPI: admins and mods (staff) can perform these actions
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through(:admin_api)
delete("/instances/:instance", InstanceController, :delete) delete("/instances/:instance", InstanceController, :delete)
put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete)
get("/moderation_log", AdminAPIController, :list_log) get("/moderation_log", AdminAPIController, :list_log)
post("/reload_emoji", AdminAPIController, :reload_emoji) post("/reload_emoji", AdminAPIController, :reload_emoji)
get("/stats", AdminAPIController, :stats) get("/stats", AdminAPIController, :stats)
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
end end
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do

View file

@ -27,7 +27,10 @@ defp admin_setup do
end end
describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
setup do: admin_setup() setup do
clear_config([:instance, :admin_privileges], [:status_delete])
admin_setup()
end
test "it deletes a message from the chat", %{conn: conn, admin: admin} do test "it deletes a message from the chat", %{conn: conn, admin: admin} do
user = insert(:user) user = insert(:user)
@ -60,6 +63,15 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do
refute MessageReference.get_by_id(recipient_cm_ref.id) refute MessageReference.get_by_id(recipient_cm_ref.id)
assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
end end
test "it requires privileged role :status_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
assert conn
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/admin/chats/some_id/messages/some_ref_id")
|> json_response(:forbidden)
end
end end
describe "GET /api/pleroma/admin/chats/:id/messages" do describe "GET /api/pleroma/admin/chats/:id/messages" do

View file

@ -64,6 +64,7 @@ test "denies reading activity when not privileged", %{conn: conn} do
describe "PUT /api/pleroma/admin/statuses/:id" do describe "PUT /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -132,10 +133,20 @@ test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
assert %{"error" => "test - Invalid value for enum."} = assert %{"error" => "test - Invalid value for enum."} =
json_response_and_validate_schema(conn, :bad_request) json_response_and_validate_schema(conn, :bad_request)
end end
test "it requires privileged role :status_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
assert conn
|> put_req_header("content-type", "application/json")
|> put("/api/pleroma/admin/statuses/some_id", %{})
|> json_response(:forbidden)
end
end end
describe "DELETE /api/pleroma/admin/statuses/:id" do describe "DELETE /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -159,6 +170,15 @@ test "returns 404 when the status does not exist", %{conn: conn} do
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
end end
test "it requires privileged role :status_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
assert conn
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/admin/statuses/some_id")
|> json_response(:forbidden)
end
end end
describe "GET /api/pleroma/admin/statuses" do describe "GET /api/pleroma/admin/statuses" do