diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-05-14 16:07:37 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-05-14 16:07:37 +0000 |
| commit | e455ca3f3eee74db0b1e60550acf53bea915be3b (patch) | |
| tree | f8cd57de8a86433f6d1184940836163c84849c3a /lib | |
| parent | 4157c459b8f7ef1c4203338f2fae34aa18c77933 (diff) | |
| parent | 80308c5c262662084dc89de05e976e7166cbb304 (diff) | |
| download | pleroma-e455ca3f3eee74db0b1e60550acf53bea915be3b.tar.gz pleroma-e455ca3f3eee74db0b1e60550acf53bea915be3b.zip | |
Merge branch 'feature/database-configuration-whitelist' into 'develop'
Database configuration whitelist
See merge request pleroma/pleroma!2522
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/docs/json.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/admin_api/admin_api_controller.ex | 34 |
2 files changed, 29 insertions, 6 deletions
diff --git a/lib/pleroma/docs/json.ex b/lib/pleroma/docs/json.ex index 74f8b2615..d1cf1f487 100644 --- a/lib/pleroma/docs/json.ex +++ b/lib/pleroma/docs/json.ex @@ -18,7 +18,6 @@ defmodule Pleroma.Docs.JSON do with config <- Pleroma.Config.Loader.read("config/description.exs") do config[:pleroma][:config_description] |> Pleroma.Docs.Generator.convert_to_strings() - |> Jason.encode!() end end end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 9821173d0..451dc92d6 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -37,7 +37,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do require Logger - @descriptions_json Pleroma.Docs.JSON.compile() + @descriptions Pleroma.Docs.JSON.compile() @users_page_size 50 plug( @@ -897,9 +897,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end def config_descriptions(conn, _params) do - conn - |> Plug.Conn.put_resp_content_type("application/json") - |> Plug.Conn.send_resp(200, @descriptions_json) + descriptions = Enum.filter(@descriptions, &whitelisted_config?/1) + + json(conn, descriptions) end def config_show(conn, %{"only_db" => true}) do @@ -954,7 +954,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def config_update(conn, %{"configs" => configs}) do with :ok <- configurable_from_database(conn) do {_errors, results} = - Enum.map(configs, fn + configs + |> Enum.filter(&whitelisted_config?/1) + |> Enum.map(fn %{"group" => group, "key" => key, "delete" => true} = params -> ConfigDB.delete(%{group: group, key: key, subkeys: params["subkeys"]}) @@ -1016,6 +1018,28 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end end + defp whitelisted_config?(group, key) do + if whitelisted_configs = Config.get(:database_config_whitelist) do + Enum.any?(whitelisted_configs, fn + {whitelisted_group} -> + group == inspect(whitelisted_group) + + {whitelisted_group, whitelisted_key} -> + group == inspect(whitelisted_group) && key == inspect(whitelisted_key) + end) + else + true + end + end + + defp whitelisted_config?(%{"group" => group, "key" => key}) do + whitelisted_config?(group, key) + end + + defp whitelisted_config?(%{:group => group} = config) do + whitelisted_config?(group, config[:key]) + end + def reload_emoji(conn, _params) do Pleroma.Emoji.reload() |