Add privileges for :user_read

This commit is contained in:
Ilja 2022-05-28 12:15:36 +02:00
parent 3f26f1b30f
commit cbb26262a5
4 changed files with 88 additions and 50 deletions

View file

@ -263,7 +263,8 @@
:user_tag, :user_tag,
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle :report_handle,
:user_read
], ],
moderator_privileges: [], moderator_privileges: [],
max_endorsed_users: 20, max_endorsed_users: 20,

View file

@ -970,7 +970,8 @@
:user_tag, :user_tag,
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle :report_handle,
:user_read
], ],
description: description:
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@ -985,7 +986,8 @@
:user_tag, :user_tag,
:user_activation, :user_activation,
:user_invite, :user_invite,
:report_handle :report_handle,
:user_read
], ],
description: description:
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"

View file

@ -140,6 +140,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle)
end end
pipeline :require_privileged_role_user_read do
plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read)
end
pipeline :pleroma_html do pipeline :pleroma_html do
plug(:browser) plug(:browser)
plug(:authenticate) plug(:authenticate)
@ -328,12 +333,17 @@ defmodule Pleroma.Web.Router do
delete("/reports/:report_id/notes/:id", ReportController, :notes_delete) delete("/reports/:report_id/notes/:id", ReportController, :notes_delete)
end end
# AdminAPI: admins and mods (staff) can perform these actions # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through(:require_privileged_role_user_read)
get("/users", UserController, :index) get("/users", UserController, :index)
get("/users/:nickname", UserController, :show) get("/users/:nickname", UserController, :show)
end
# AdminAPI: admins and mods (staff) can perform these actions
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api)
get("/instances/:instance/statuses", InstanceController, :list_statuses) get("/instances/:instance/statuses", InstanceController, :list_statuses)
delete("/instances/:instance", InstanceController, :delete) delete("/instances/:instance", InstanceController, :delete)

View file

@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "with valid `admin_token` query parameter, skips OAuth scopes check" do test "with valid `admin_token` query parameter, skips OAuth scopes check" do
clear_config([:instance, :admin_privileges], [:user_read])
clear_config([:admin_token], "password123") clear_config([:admin_token], "password123")
user = insert(:user) user = insert(:user)
@ -47,50 +48,6 @@ test "with valid `admin_token` query parameter, skips OAuth scopes check" do
assert json_response_and_validate_schema(conn, 200) assert json_response_and_validate_schema(conn, 200)
end end
test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
%{admin: admin} do
user = insert(:user)
url = "/api/pleroma/admin/users/#{user.nickname}"
good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
bad_token3 = nil
for good_token <- [good_token1, good_token2, good_token3] do
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, good_token)
|> get(url)
assert json_response_and_validate_schema(conn, 200)
end
for good_token <- [good_token1, good_token2, good_token3] do
conn =
build_conn()
|> assign(:user, nil)
|> assign(:token, good_token)
|> get(url)
assert json_response(conn, :forbidden)
end
for bad_token <- [bad_token1, bad_token2, bad_token3] do
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, bad_token)
|> get(url)
assert json_response_and_validate_schema(conn, :forbidden)
end
end
describe "DELETE /api/pleroma/admin/users" do describe "DELETE /api/pleroma/admin/users" do
test "single user", %{admin: admin, conn: conn} do test "single user", %{admin: admin, conn: conn} do
clear_config([:instance, :federating], true) clear_config([:instance, :federating], true)
@ -321,7 +278,19 @@ test "Multiple user creation works in transaction", %{conn: conn} do
end end
end end
describe "/api/pleroma/admin/users/:nickname" do describe "GET /api/pleroma/admin/users/:nickname" do
setup do
clear_config([:instance, :admin_privileges], [:user_read])
end
test "returns 403 if not privileged with :user_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/user.nickname")
assert json_response(conn, :forbidden)
end
test "Show", %{conn: conn} do test "Show", %{conn: conn} do
user = insert(:user) user = insert(:user)
@ -337,6 +306,50 @@ test "when the user doesn't exist", %{conn: conn} do
assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404) assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404)
end end
test "requires admin:read:accounts or broader scope",
%{admin: admin} do
user = insert(:user)
url = "/api/pleroma/admin/users/#{user.nickname}"
good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
bad_token3 = nil
for good_token <- [good_token1, good_token2, good_token3] do
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, good_token)
|> get(url)
assert json_response_and_validate_schema(conn, 200)
end
for good_token <- [good_token1, good_token2, good_token3] do
conn =
build_conn()
|> assign(:user, nil)
|> assign(:token, good_token)
|> get(url)
assert json_response(conn, :forbidden)
end
for bad_token <- [bad_token1, bad_token2, bad_token3] do
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, bad_token)
|> get(url)
assert json_response_and_validate_schema(conn, :forbidden)
end
end
end end
describe "/api/pleroma/admin/users/follow" do describe "/api/pleroma/admin/users/follow" do
@ -392,6 +405,18 @@ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do
end end
describe "GET /api/pleroma/admin/users" do describe "GET /api/pleroma/admin/users" do
setup do
clear_config([:instance, :admin_privileges], [:user_read])
end
test "returns 403 if not privileged with :user_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users?page=1")
assert json_response(conn, :forbidden)
end
test "renders users array for the first page", %{conn: conn, admin: admin} do test "renders users array for the first page", %{conn: conn, admin: admin} do
user = insert(:user, local: false, tags: ["foo", "bar"]) user = insert(:user, local: false, tags: ["foo", "bar"])
user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude") user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude")