summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/web/router.ex14
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index bfe5c7b90..87e564488 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -130,6 +130,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation)
end
+ pipeline :require_privileged_role_user_invite do
+ plug(:admin_api)
+ plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_invite)
+ end
+
pipeline :pleroma_html do
plug(:browser)
plug(:authenticate)
@@ -296,15 +301,20 @@ defmodule Pleroma.Web.Router do
patch("/users/deactivate", UserController, :deactivate)
end
- # AdminAPI: admins and mods (staff) can perform these actions
+ # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
- pipe_through(:admin_api)
+ pipe_through(:require_privileged_role_user_invite)
patch("/users/approve", UserController, :approve)
post("/users/invite_token", InviteController, :create)
get("/users/invites", InviteController, :index)
post("/users/revoke_invite", InviteController, :revoke)
post("/users/email_invite", InviteController, :email)
+ end
+
+ # AdminAPI: admins and mods (staff) can perform these actions
+ scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
+ pipe_through(:admin_api)
get("/users", UserController, :index)
get("/users/:nickname", UserController, :show)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 04:45:09 +0000