diff options
| author | Ilja <ilja@ilja.space> | 2022-05-26 12:49:09 +0200 |
|---|---|---|
| committer | Ilja <ilja@ilja.space> | 2022-06-21 12:10:27 +0200 |
| commit | 9f6c36475914bfd1b8c02035341765b4d1bd4395 (patch) | |
| tree | 4f2d7043a1940c8d3b5d546c61b72ec931385daf | |
| parent | 5b19543f0afaaad7f8fc302946547ae5c18e8bb3 (diff) | |
| download | pleroma-9f6c36475914bfd1b8c02035341765b4d1bd4395.tar.gz pleroma-9f6c36475914bfd1b8c02035341765b4d1bd4395.zip | |
Add privilege :user_deletion
| -rw-r--r-- | config/config.exs | 2 | ||||
| -rw-r--r-- | config/description.exs | 10 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 14 | ||||
| -rw-r--r-- | test/pleroma/web/admin_api/controllers/user_controller_test.exs | 14 |
4 files changed, 33 insertions, 7 deletions
diff --git a/config/config.exs b/config/config.exs index 2d501e577..496a1d57a 100644 --- a/config/config.exs +++ b/config/config.exs @@ -257,7 +257,7 @@ config :pleroma, :instance, password_reset_token_validity: 60 * 60 * 24, profile_directory: true, privileged_staff: false, - admin_privileges: [], + admin_privileges: [:user_deletion], moderator_privileges: [], max_endorsed_users: 20, birthday_required: false, diff --git a/config/description.exs b/config/description.exs index b73b92c46..b45d416b1 100644 --- a/config/description.exs +++ b/config/description.exs @@ -969,14 +969,16 @@ config :pleroma, :config_description, [ %{ key: :admin_privileges, type: {:list, :atom}, - suggestions: [], - description: "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" + suggestions: [:user_deletion], + description: + "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" }, %{ key: :moderator_privileges, type: {:list, :atom}, - suggestions: [], - description: "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" + suggestions: [:user_deletion], + description: + "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" }, %{ key: :birthday_required, diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ceb6c3cfd..5012fbf9a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -109,6 +109,11 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.UserIsAdminPlug) end + pipeline :require_privileged_role_user_deletion do + plug(:admin_api) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_deletion) + end + pipeline :pleroma_html do plug(:browser) plug(:authenticate) @@ -231,11 +236,16 @@ defmodule Pleroma.Web.Router do post("/backups", AdminAPIController, :create_backup) end - # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config) + # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do - pipe_through([:admin_api, :require_privileged_staff]) + pipe_through([:admin_api, :require_privileged_role_user_deletion]) delete("/users", UserController, :delete) + end + + # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config) + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through([:admin_api, :require_privileged_staff]) get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index 79971be06..54a9619e8 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -94,6 +94,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) + clear_config([:instance, :admin_privileges], [:user_deletion]) user = insert(:user, @@ -149,6 +150,8 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "multiple users", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_deletion]) + user_one = insert(:user) user_two = insert(:user) @@ -168,6 +171,17 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do assert response -- [user_one.nickname, user_two.nickname] == [] end + + test "Needs privileged role", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/users?nickname=nickname") + + assert json_response(response, :forbidden) + end end describe "/api/pleroma/admin/users" do |