summaryrefslogtreecommitdiff
path: root/test/pleroma/web/plugs/ensure_privileged_plug_test.exs
diff options
context:
space:
mode:
Diffstat (limited to 'test/pleroma/web/plugs/ensure_privileged_plug_test.exs')
-rw-r--r--test/pleroma/web/plugs/ensure_privileged_plug_test.exs96
1 files changed, 96 insertions, 0 deletions
diff --git a/test/pleroma/web/plugs/ensure_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs
new file mode 100644
index 000000000..423413946
--- /dev/null
+++ b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs
@@ -0,0 +1,96 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do
+ use Pleroma.Web.ConnCase, async: true
+
+ alias Pleroma.Web.Plugs.EnsurePrivilegedPlug
+ import Pleroma.Factory
+
+ test "denies a user that isn't moderator or admin" do
+ clear_config([:instance, :admin_privileges], [])
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> EnsurePrivilegedPlug.call(:cofe)
+
+ assert conn.status == 403
+ end
+
+ test "accepts an admin that is privileged" do
+ clear_config([:instance, :admin_privileges], [:cofe])
+ user = insert(:user, is_admin: true)
+ conn = assign(build_conn(), :user, user)
+
+ ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+ assert conn == ret_conn
+ end
+
+ test "denies an admin that isn't privileged" do
+ clear_config([:instance, :admin_privileges], [:suya])
+ user = insert(:user, is_admin: true)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> EnsurePrivilegedPlug.call(:cofe)
+
+ assert conn.status == 403
+ end
+
+ test "accepts a moderator that is privileged" do
+ clear_config([:instance, :moderator_privileges], [:cofe])
+ user = insert(:user, is_moderator: true)
+ conn = assign(build_conn(), :user, user)
+
+ ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+ assert conn == ret_conn
+ end
+
+ test "denies a moderator that isn't privileged" do
+ clear_config([:instance, :moderator_privileges], [:suya])
+ user = insert(:user, is_moderator: true)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> EnsurePrivilegedPlug.call(:cofe)
+
+ assert conn.status == 403
+ end
+
+ test "accepts for a priviledged role even if other role isn't priviledged" do
+ clear_config([:instance, :admin_privileges], [:cofe])
+ clear_config([:instance, :moderator_privileges], [])
+ user = insert(:user, is_admin: true, is_moderator: true)
+ conn = assign(build_conn(), :user, user)
+
+ ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+ # priviledged through admin role
+ assert conn == ret_conn
+
+ clear_config([:instance, :admin_privileges], [])
+ clear_config([:instance, :moderator_privileges], [:cofe])
+ user = insert(:user, is_admin: true, is_moderator: true)
+ conn = assign(build_conn(), :user, user)
+
+ ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+ # priviledged through moderator role
+ assert conn == ret_conn
+ end
+
+ test "denies when no user is set" do
+ conn =
+ build_conn()
+ |> EnsurePrivilegedPlug.call(:cofe)
+
+ assert conn.status == 403
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 21:51:49 +0000