From 3f26f1b30fe605635e3faf610f813f3ae3ad43ec Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 28 May 2022 09:43:57 +0200 Subject: Add privileges for :report_handle --- lib/pleroma/web/router.ex | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 87e564488..dbcd6f399 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -135,6 +135,11 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_invite) end + pipeline :require_privileged_role_report_handle do + plug(:admin_api) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) + end + pipeline :pleroma_html do plug(:browser) plug(:authenticate) @@ -312,6 +317,17 @@ defmodule Pleroma.Web.Router do post("/users/email_invite", InviteController, :email) end + # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through(:require_privileged_role_report_handle) + + get("/reports", ReportController, :index) + get("/reports/:id", ReportController, :show) + patch("/reports", ReportController, :update) + post("/reports/:id/notes", ReportController, :notes_create) + delete("/reports/:report_id/notes/:id", ReportController, :notes_delete) + end + # AdminAPI: admins and mods (staff) can perform these actions scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do pipe_through(:admin_api) @@ -322,12 +338,6 @@ defmodule Pleroma.Web.Router do get("/instances/:instance/statuses", InstanceController, :list_statuses) delete("/instances/:instance", InstanceController, :delete) - get("/reports", ReportController, :index) - get("/reports/:id", ReportController, :show) - patch("/reports", ReportController, :update) - post("/reports/:id/notes", ReportController, :notes_create) - delete("/reports/:report_id/notes/:id", ReportController, :notes_delete) - get("/statuses/:id", StatusController, :show) put("/statuses/:id", StatusController, :update) delete("/statuses/:id", StatusController, :delete) -- cgit v1.2.3