Add Pleroma.User.privileged?/2

This should eventually replace Pleroma.User.superuser?/1
This commit is contained in:
Ilja 2022-06-13 09:58:50 +02:00
parent 9da81f41c6
commit 7adfc2e0f4
2 changed files with 60 additions and 1 deletions

View file

@ -353,6 +353,24 @@ defp visible_account_status(user) do
end end
end end
@spec privileged?(User.t(), atom()) :: boolean()
def privileged?(%User{is_admin: false, is_moderator: false}, _), do: false
def privileged?(
%User{local: true, is_admin: is_admin, is_moderator: is_moderator},
privilege_tag
),
do:
privileged_for?(privilege_tag, is_admin, :admin_privileges) or
privileged_for?(privilege_tag, is_moderator, :moderator_privileges)
def privileged?(_, _), do: false
defp privileged_for?(privilege_tag, true, config_role_key),
do: privilege_tag in Config.get([:instance, config_role_key])
defp privileged_for?(_, _, _), do: false
@spec superuser?(User.t()) :: boolean() @spec superuser?(User.t()) :: boolean()
def superuser?(%User{local: true, is_admin: true}), do: true def superuser?(%User{local: true, is_admin: true}), do: true
def superuser?(%User{local: true, is_moderator: true}), do: true def superuser?(%User{local: true, is_moderator: true}), do: true

View file

@ -13,7 +13,7 @@ defmodule Pleroma.UserTest do
alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
use Pleroma.DataCase use Pleroma.DataCase, async: false
use Oban.Testing, repo: Pleroma.Repo use Oban.Testing, repo: Pleroma.Repo
import Pleroma.Factory import Pleroma.Factory
@ -1878,6 +1878,47 @@ test "returns :approval_pending for unapproved user" do
end end
end end
describe "privileged?/1" do
setup do
clear_config([:instance, :admin_privileges], [:cofe, :suya])
clear_config([:instance, :moderator_privileges], [:cofe, :suya])
end
test "returns false for unprivileged users" do
user = insert(:user, local: true)
refute User.privileged?(user, :cofe)
end
test "returns false for remote users" do
user = insert(:user, local: false)
remote_admin_user = insert(:user, local: false, is_admin: true)
refute User.privileged?(user, :cofe)
refute User.privileged?(remote_admin_user, :cofe)
end
test "returns true for local moderators if, and only if, they are privileged" do
user = insert(:user, local: true, is_moderator: true)
assert User.privileged?(user, :cofe)
clear_config([:instance, :moderator_privileges], [])
refute User.privileged?(user, :cofe)
end
test "returns true for local admins if, and only if, they are privileged" do
user = insert(:user, local: true, is_admin: true)
assert User.privileged?(user, :cofe)
clear_config([:instance, :admin_privileges], [])
refute User.privileged?(user, :cofe)
end
end
describe "superuser?/1" do describe "superuser?/1" do
test "returns false for unprivileged users" do test "returns false for unprivileged users" do
user = insert(:user, local: true) user = insert(:user, local: true)