diff options
| author | Ilja <ilja@ilja.space> | 2022-05-26 13:27:06 +0200 |
|---|---|---|
| committer | Ilja <ilja@ilja.space> | 2022-06-21 12:10:27 +0200 |
| commit | 8a9144ca8b8e17df509dc8ac3934656b7dac8d77 (patch) | |
| tree | e4a4f74d5ddfb827f2281266ed662f357d1982aa /lib | |
| parent | 9f6c36475914bfd1b8c02035341765b4d1bd4395 (diff) | |
| download | pleroma-8a9144ca8b8e17df509dc8ac3934656b7dac8d77.tar.gz pleroma-8a9144ca8b8e17df509dc8ac3934656b7dac8d77.zip | |
Add priviledges for :user_credentials
I only moved the ones from the :require_privileged_staff block for now
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/router.ex | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5012fbf9a..24928ffb5 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -114,6 +114,11 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_deletion) end + pipeline :require_privileged_role_user_credentials do + plug(:admin_api) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials) + end + pipeline :pleroma_html do plug(:browser) plug(:authenticate) @@ -206,7 +211,6 @@ defmodule Pleroma.Web.Router do patch("/users/force_password_reset", AdminAPIController, :force_password_reset) get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials) - patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) get("/instance_document/:name", InstanceDocumentController, :show) patch("/instance_document/:name", InstanceDocumentController, :update) @@ -243,12 +247,17 @@ defmodule Pleroma.Web.Router do delete("/users", UserController, :delete) end - # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config) + # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do - pipe_through([:admin_api, :require_privileged_staff]) + pipe_through([:admin_api, :require_privileged_role_user_credentials]) get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) + end + + # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config) + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through([:admin_api, :require_privileged_staff]) get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) get("/users/:nickname/chats", AdminAPIController, :list_user_chats) |