From 0ee8f33250f649c7807fd161b9d6588757f5dc94 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 11 Jun 2022 13:08:40 +0200 Subject: Add privilige :status_delete It also allows to update a message, so it's not just deleting. I need a better name... --- lib/pleroma/web/router.ex | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 13e8141e4..50a0ea7fc 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -145,6 +145,11 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) end + pipeline :require_privileged_role_status_delete do + plug(:admin_api) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete) + end + pipeline :pleroma_html do plug(:browser) plug(:authenticate) @@ -345,21 +350,26 @@ defmodule Pleroma.Web.Router do get("/users/:nickname", UserController, :show) end + # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through(:require_privileged_role_status_delete) + + put("/statuses/:id", StatusController, :update) + delete("/statuses/:id", StatusController, :delete) + + delete("/chats/:id/messages/:message_id", ChatController, :delete_message) + end + # AdminAPI: admins and mods (staff) can perform these actions scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do pipe_through(:admin_api) delete("/instances/:instance", InstanceController, :delete) - put("/statuses/:id", StatusController, :update) - delete("/statuses/:id", StatusController, :delete) - get("/moderation_log", AdminAPIController, :list_log) post("/reload_emoji", AdminAPIController, :reload_emoji) get("/stats", AdminAPIController, :stats) - - delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do -- cgit v1.2.3