diff options
| author | Alex Gleason <alex@alexgleason.me> | 2021-12-27 17:06:22 +0000 |
|---|---|---|
| committer | Alex Gleason <alex@alexgleason.me> | 2021-12-27 17:06:22 +0000 |
| commit | a659428024e22cbb5316675515cb304d5ea334d2 (patch) | |
| tree | 1236b57518a5ca0e74af4a812a115c07a6d43807 /test | |
| parent | 6e27fc9c12be2bd4ac4287a5a775ff8862ee92c6 (diff) | |
| parent | 479fc5fff8355e552c5d2297d83f4ca7456d4f03 (diff) | |
| download | pleroma-a659428024e22cbb5316675515cb304d5ea334d2.tar.gz pleroma-a659428024e22cbb5316675515cb304d5ea334d2.zip | |
Merge branch 'restricted-moderators' into 'develop'
AdminAPI: Optionally restrict moderators from accessing sensitive data
See merge request pleroma/pleroma!3578
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs new file mode 100644 index 000000000..74f4ae504 --- /dev/null +++ b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs @@ -0,0 +1,60 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug + import Pleroma.Factory + + test "accepts a user that is an admin" do + user = insert(:user, is_admin: true) + + conn = assign(build_conn(), :user, user) + + ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) + + assert conn == ret_conn + end + + test "accepts a user that is a moderator when :privileged_staff is enabled" do + clear_config([:instance, :privileged_staff], true) + user = insert(:user, is_moderator: true) + + conn = assign(build_conn(), :user, user) + + ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) + + assert conn == ret_conn + end + + test "denies a user that is a moderator when :privileged_staff is disabled" do + clear_config([:instance, :privileged_staff], false) + user = insert(:user, is_moderator: true) + + conn = + build_conn() + |> assign(:user, user) + |> EnsureStaffPrivilegedPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies a user that isn't a staff member" do + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + |> EnsureStaffPrivilegedPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies when a user isn't set" do + conn = EnsureStaffPrivilegedPlug.call(build_conn(), %{}) + + assert conn.status == 403 + end +end |