From 5b19543f0afaaad7f8fc302946547ae5c18e8bb3 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 21 May 2022 18:48:21 +0200 Subject: Add new setting and Plug to allow for privilege settings for staff --- .../web/plugs/ensure_privileged_plug_test.exs | 96 ++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 test/pleroma/web/plugs/ensure_privileged_plug_test.exs (limited to 'test') diff --git a/test/pleroma/web/plugs/ensure_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs new file mode 100644 index 000000000..423413946 --- /dev/null +++ b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs @@ -0,0 +1,96 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Web.Plugs.EnsurePrivilegedPlug + import Pleroma.Factory + + test "denies a user that isn't moderator or admin" do + clear_config([:instance, :admin_privileges], []) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + |> EnsurePrivilegedPlug.call(:cofe) + + assert conn.status == 403 + end + + test "accepts an admin that is privileged" do + clear_config([:instance, :admin_privileges], [:cofe]) + user = insert(:user, is_admin: true) + conn = assign(build_conn(), :user, user) + + ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) + + assert conn == ret_conn + end + + test "denies an admin that isn't privileged" do + clear_config([:instance, :admin_privileges], [:suya]) + user = insert(:user, is_admin: true) + + conn = + build_conn() + |> assign(:user, user) + |> EnsurePrivilegedPlug.call(:cofe) + + assert conn.status == 403 + end + + test "accepts a moderator that is privileged" do + clear_config([:instance, :moderator_privileges], [:cofe]) + user = insert(:user, is_moderator: true) + conn = assign(build_conn(), :user, user) + + ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) + + assert conn == ret_conn + end + + test "denies a moderator that isn't privileged" do + clear_config([:instance, :moderator_privileges], [:suya]) + user = insert(:user, is_moderator: true) + + conn = + build_conn() + |> assign(:user, user) + |> EnsurePrivilegedPlug.call(:cofe) + + assert conn.status == 403 + end + + test "accepts for a priviledged role even if other role isn't priviledged" do + clear_config([:instance, :admin_privileges], [:cofe]) + clear_config([:instance, :moderator_privileges], []) + user = insert(:user, is_admin: true, is_moderator: true) + conn = assign(build_conn(), :user, user) + + ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) + + # priviledged through admin role + assert conn == ret_conn + + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], [:cofe]) + user = insert(:user, is_admin: true, is_moderator: true) + conn = assign(build_conn(), :user, user) + + ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) + + # priviledged through moderator role + assert conn == ret_conn + end + + test "denies when no user is set" do + conn = + build_conn() + |> EnsurePrivilegedPlug.call(:cofe) + + assert conn.status == 403 + end +end -- cgit v1.2.3 From 9f6c36475914bfd1b8c02035341765b4d1bd4395 Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 12:49:09 +0200 Subject: Add privilege :user_deletion --- .../web/admin_api/controllers/user_controller_test.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index 79971be06..54a9619e8 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -94,6 +94,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) + clear_config([:instance, :admin_privileges], [:user_deletion]) user = insert(:user, @@ -149,6 +150,8 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "multiple users", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_deletion]) + user_one = insert(:user) user_two = insert(:user) @@ -168,6 +171,17 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do assert response -- [user_one.nickname, user_two.nickname] == [] end + + test "Needs privileged role", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/users?nickname=nickname") + + assert json_response(response, :forbidden) + end end describe "/api/pleroma/admin/users" do -- cgit v1.2.3 From 8a9144ca8b8e17df509dc8ac3934656b7dac8d77 Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 13:27:06 +0200 Subject: Add priviledges for :user_credentials I only moved the ones from the :require_privileged_staff block for now --- .../controllers/admin_api_controller_test.exs | 46 ++++++++++++++++++---- 1 file changed, 38 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index d83f7f011..b9b3aed3b 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -271,17 +271,32 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end end - test "/api/pleroma/admin/users/:nickname/password_reset", %{conn: conn} do - user = insert(:user) + describe "/api/pleroma/admin/users/:nickname/password_reset" do + test "it returns a password reset link", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:user_credentials]) - conn = - conn - |> put_req_header("accept", "application/json") - |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset") + user = insert(:user) + + conn = + conn + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset") + + resp = json_response(conn, 200) + + assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) + end - resp = json_response(conn, 200) + test "it requires privileged role :user_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/users/nickname/password_reset") - assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) + assert json_response(response, :forbidden) + end end describe "PUT disable_mfa" do @@ -714,6 +729,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end test "changes password and email", %{conn: conn, admin: admin, user: user} do + clear_config([:instance, :admin_privileges], [:user_credentials]) + assert user.password_reset_pending == false conn = @@ -756,6 +773,19 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert json_response(conn, :forbidden) end + test "returns 403 if not privileged with :user_credentials", %{conn: conn, user: user} do + clear_config([:instance, :admin_privileges], []) + + conn = + patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{ + "password" => "new_password", + "email" => "new_email@example.com", + "name" => "new_name" + }) + + assert json_response(conn, :forbidden) + end + test "changes actor type from permitted list", %{conn: conn, user: user} do assert user.actor_type == "Person" -- cgit v1.2.3 From b1ff5241c21dac58ec1f9171de26772debfdb283 Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 14:21:14 +0200 Subject: Add priviledges for :statuses_read This was the last in :require_privileged_staff. I'll remove that in the next commit --- .../controllers/admin_api_controller_test.exs | 27 +++++++++++++++++++--- .../admin_api/controllers/chat_controller_test.exs | 26 +++++++++++++++++++-- .../controllers/status_controller_test.exs | 12 ++++++++++ 3 files changed, 60 insertions(+), 5 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index b9b3aed3b..c630ee31b 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -359,6 +359,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /api/pleroma/admin/users/:nickname/statuses" do setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + user = insert(:user) insert(:note_activity, user: user) @@ -375,6 +377,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert length(activities) == 3 end + test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses") + + assert json_response(conn, :forbidden) + end + test "renders user's statuses with pagination", %{conn: conn, user: user} do %{"total" => 3, "activities" => [activity1]} = conn @@ -436,20 +446,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /api/pleroma/admin/users/:nickname/chats" do setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + user = insert(:user) + + %{user: user} + end + + test "renders user's chats", %{conn: conn, user: user} do recipients = insert_list(3, :user) Enum.each(recipients, fn recipient -> CommonAPI.post_chat_message(user, recipient, "yo") end) - %{user: user} + conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") + + assert json_response(conn, 200) |> length() == 3 end - test "renders user's chats", %{conn: conn, user: user} do + test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + clear_config([:instance, :admin_privileges], []) + conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") - assert json_response(conn, 200) |> length() == 3 + assert json_response(conn, :forbidden) end end diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs index ccf25a244..4d093ff57 100644 --- a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs @@ -63,7 +63,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "GET /api/pleroma/admin/chats/:id/messages" do - setup do: admin_setup() + setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + admin_setup() + end test "it paginates", %{conn: conn} do user = insert(:user) @@ -114,10 +117,21 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do assert length(result) == 3 end + + test "it requires privileged role :statuses_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/chats/some_id/messages") + + assert json_response(conn, :forbidden) + end end describe "GET /api/pleroma/admin/chats/:id" do - setup do: admin_setup() + setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + admin_setup() + end test "it returns a chat", %{conn: conn} do user = insert(:user) @@ -135,6 +149,14 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do assert %{} = result["receiver"] refute result["account"] end + + test "it requires privileged role :statuses_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/chats/some_id") + + assert json_response(conn, :forbidden) + end end describe "unauthorized chat moderation" do diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index 8bb96ca87..238cb9aff 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -152,6 +152,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do end describe "GET /api/pleroma/admin/statuses" do + setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + end + test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do blocked = insert(:user) user = insert(:user) @@ -197,5 +201,13 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do conn = get(conn, "/api/pleroma/admin/statuses?godmode=true") assert json_response_and_validate_schema(conn, 200) |> length() == 3 end + + test "it requires privileged role :statuses_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/statuses") + + assert json_response(conn, :forbidden) + end end end -- cgit v1.2.3 From 5a65e2dac5e689b8067e37817bbfe4a6fe1a0426 Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 14:51:53 +0200 Subject: Remove privileged_staff Everything that was done through this setting, can now be set by giving the proper privileges to the roles. --- .../plugs/ensure_staff_privileged_plug_test.exs | 60 ---------------------- 1 file changed, 60 deletions(-) delete mode 100644 test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs (limited to 'test') diff --git a/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs deleted file mode 100644 index c684714b8..000000000 --- a/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs +++ /dev/null @@ -1,60 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2022 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlugTest do - use Pleroma.Web.ConnCase, async: true - - alias Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug - import Pleroma.Factory - - test "accepts a user that is an admin" do - user = insert(:user, is_admin: true) - - conn = assign(build_conn(), :user, user) - - ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) - - assert conn == ret_conn - end - - test "accepts a user that is a moderator when :privileged_staff is enabled" do - clear_config([:instance, :privileged_staff], true) - user = insert(:user, is_moderator: true) - - conn = assign(build_conn(), :user, user) - - ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) - - assert conn == ret_conn - end - - test "denies a user that is a moderator when :privileged_staff is disabled" do - clear_config([:instance, :privileged_staff], false) - user = insert(:user, is_moderator: true) - - conn = - build_conn() - |> assign(:user, user) - |> EnsureStaffPrivilegedPlug.call(%{}) - - assert conn.status == 403 - end - - test "denies a user that isn't a staff member" do - user = insert(:user) - - conn = - build_conn() - |> assign(:user, user) - |> EnsureStaffPrivilegedPlug.call(%{}) - - assert conn.status == 403 - end - - test "denies when a user isn't set" do - conn = EnsureStaffPrivilegedPlug.call(build_conn(), %{}) - - assert conn.status == 403 - end -end -- cgit v1.2.3 From cb60cc4e02af270fcccdcd552df4fa3ff858d67f Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 16:25:28 +0200 Subject: Add privileges for :user_tag --- .../controllers/admin_api_controller_test.exs | 87 +++++++++++++++++----- 1 file changed, 69 insertions(+), 18 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index c630ee31b..178e0e88a 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -92,18 +92,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "PUT /api/pleroma/admin/users/tag" do setup %{conn: conn} do + clear_config([:instance, :admin_privileges], [:user_tag]) + user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y"]}) user3 = insert(:user, %{tags: ["unchanged"]}) - conn = - conn - |> put_req_header("accept", "application/json") - |> put( - "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> - "#{user2.nickname}&tags[]=foo&tags[]=bar" - ) - %{conn: conn, user1: user1, user2: user2, user3: user3} end @@ -113,6 +107,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do user1: user1, user2: user2 } do + conn = + conn + |> put_req_header("accept", "application/json") + |> put( + "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> + "#{user2.nickname}&tags[]=foo&tags[]=bar" + ) + assert empty_json_response(conn) assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"] assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"] @@ -130,26 +132,43 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do "@#{admin.nickname} added tags: #{tags} to users: #{users}" end - test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do + test "it does not modify tags of not specified users", %{ + conn: conn, + user1: user1, + user2: user2, + user3: user3 + } do + conn = + conn + |> put_req_header("accept", "application/json") + |> put( + "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> + "#{user2.nickname}&tags[]=foo&tags[]=bar" + ) + assert empty_json_response(conn) assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end + + test "it requires privileged role :user_tag", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put_req_header("accept", "application/json") + |> put("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar") + + assert json_response(response, :forbidden) + end end describe "DELETE /api/pleroma/admin/users/tag" do setup %{conn: conn} do + clear_config([:instance, :admin_privileges], [:user_tag]) user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y", "z"]}) user3 = insert(:user, %{tags: ["unchanged"]}) - conn = - conn - |> put_req_header("accept", "application/json") - |> delete( - "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> - "#{user2.nickname}&tags[]=x&tags[]=z" - ) - %{conn: conn, user1: user1, user2: user2, user3: user3} end @@ -159,6 +178,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do user1: user1, user2: user2 } do + conn = + conn + |> put_req_header("accept", "application/json") + |> delete( + "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> + "#{user2.nickname}&tags[]=x&tags[]=z" + ) + assert empty_json_response(conn) assert User.get_cached_by_id(user1.id).tags == [] assert User.get_cached_by_id(user2.id).tags == ["y"] @@ -176,10 +203,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do "@#{admin.nickname} removed tags: #{tags} from users: #{users}" end - test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do + test "it does not modify tags of not specified users", %{ + conn: conn, + user1: user1, + user2: user2, + user3: user3 + } do + conn = + conn + |> put_req_header("accept", "application/json") + |> delete( + "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <> + "#{user2.nickname}&tags[]=x&tags[]=z" + ) + assert empty_json_response(conn) assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end + + test "it requires privileged role :user_tag", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar") + + assert json_response(response, :forbidden) + end end describe "/api/pleroma/admin/users/:nickname/permission_group" do -- cgit v1.2.3 From e102d25d2385761077c08e0b280359392f0592cb Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 26 May 2022 16:41:48 +0200 Subject: Add privileges for :user_activation --- .../admin_api/controllers/user_controller_test.exs | 159 +++++++++++++-------- 1 file changed, 103 insertions(+), 56 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index 54a9619e8..ea28863f3 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -824,48 +824,6 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end end - test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do - user_one = insert(:user, is_active: false) - user_two = insert(:user, is_active: false) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> patch( - "/api/pleroma/admin/users/activate", - %{nicknames: [user_one.nickname, user_two.nickname]} - ) - - response = json_response_and_validate_schema(conn, 200) - assert Enum.map(response["users"], & &1["is_active"]) == [true, true] - - log_entry = Repo.one(ModerationLog) - - assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}" - end - - test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do - user_one = insert(:user, is_active: true) - user_two = insert(:user, is_active: true) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> patch( - "/api/pleroma/admin/users/deactivate", - %{nicknames: [user_one.nickname, user_two.nickname]} - ) - - response = json_response_and_validate_schema(conn, 200) - assert Enum.map(response["users"], & &1["is_active"]) == [false, false] - - log_entry = Repo.one(ModerationLog) - - assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}" - end - test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do user_one = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false) @@ -937,24 +895,113 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do "@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}" end - test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do - user = insert(:user) + describe "user activation" do + test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_activation]) - conn = - conn - |> put_req_header("content-type", "application/json") - |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation") + user_one = insert(:user, is_active: false) + user_two = insert(:user, is_active: false) - assert json_response_and_validate_schema(conn, 200) == - user_response( - user, - %{"is_active" => !user.is_active} - ) + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch( + "/api/pleroma/admin/users/activate", + %{nicknames: [user_one.nickname, user_two.nickname]} + ) - log_entry = Repo.one(ModerationLog) + response = json_response_and_validate_schema(conn, 200) + assert Enum.map(response["users"], & &1["is_active"]) == [true, true] - assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} deactivated users: @#{user.nickname}" + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}" + end + + test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_activation]) + + user_one = insert(:user, is_active: true) + user_two = insert(:user, is_active: true) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch( + "/api/pleroma/admin/users/deactivate", + %{nicknames: [user_one.nickname, user_two.nickname]} + ) + + response = json_response_and_validate_schema(conn, 200) + assert Enum.map(response["users"], & &1["is_active"]) == [false, false] + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}" + end + + test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_activation]) + + user = insert(:user) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation") + + assert json_response_and_validate_schema(conn, 200) == + user_response( + user, + %{"is_active" => !user.is_active} + ) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deactivated users: @#{user.nickname}" + end + + test "it requires privileged role :statuses_activation to activate", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch( + "/api/pleroma/admin/users/activate", + %{nicknames: ["user_one.nickname", "user_two.nickname"]} + ) + + assert json_response(conn, :forbidden) + end + + test "it requires privileged role :statuses_activation to deactivate", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch( + "/api/pleroma/admin/users/deactivate", + %{nicknames: ["user_one.nickname", "user_two.nickname"]} + ) + + assert json_response(conn, :forbidden) + end + + test "it requires privileged role :statuses_activation to toggle activation", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch("/api/pleroma/admin/users/user.nickname/toggle_activation") + + assert json_response(conn, :forbidden) + end end defp user_response(user, attrs \\ %{}) do -- cgit v1.2.3 From 14e697a64fe2613649634d46a71acf4d9a7d7bd6 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 28 May 2022 08:51:49 +0200 Subject: Add privileges for :user_invite --- .../controllers/invite_controller_test.exs | 70 ++++++++++++++++++++-- .../admin_api/controllers/user_controller_test.exs | 17 ++++++ 2 files changed, 83 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs index b9d48a4b6..17c2aa104 100644 --- a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs @@ -23,8 +23,25 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do end describe "POST /api/pleroma/admin/users/email_invite, with valid config" do - setup do: clear_config([:instance, :registrations_open], false) - setup do: clear_config([:instance, :invites_enabled], true) + setup do + clear_config([:instance, :registrations_open], false) + clear_config([:instance, :invites_enabled], true) + clear_config([:instance, :admin_privileges], [:user_invite]) + end + + test "returns 403 if not privileged with :user_invite", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json;charset=utf-8") + |> post("/api/pleroma/admin/users/email_invite", %{ + email: "foo@bar.com", + name: "J. D." + }) + + assert json_response(conn, :forbidden) + end test "sends invitation and returns 204", %{admin: admin, conn: conn} do recipient_email = "foo@bar.com" @@ -114,8 +131,11 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do end describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do - setup do: clear_config([:instance, :registrations_open]) - setup do: clear_config([:instance, :invites_enabled]) + setup do + clear_config([:instance, :registrations_open]) + clear_config([:instance, :invites_enabled]) + clear_config([:instance, :admin_privileges], [:user_invite]) + end test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do clear_config([:instance, :registrations_open], false) @@ -157,6 +177,21 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do end describe "POST /api/pleroma/admin/users/invite_token" do + setup do + clear_config([:instance, :admin_privileges], [:user_invite]) + end + + test "returns 403 if not privileged with :user_invite", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/admin/users/invite_token") + + assert json_response(conn, :forbidden) + end + test "without options", %{conn: conn} do conn = conn @@ -221,6 +256,18 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do end describe "GET /api/pleroma/admin/users/invites" do + setup do + clear_config([:instance, :admin_privileges], [:user_invite]) + end + + test "returns 403 if not privileged with :user_invite", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users/invites") + + assert json_response(conn, :forbidden) + end + test "no invites", %{conn: conn} do conn = get(conn, "/api/pleroma/admin/users/invites") @@ -249,6 +296,21 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do end describe "POST /api/pleroma/admin/users/revoke_invite" do + setup do + clear_config([:instance, :admin_privileges], [:user_invite]) + end + + test "returns 403 if not privileged with :user_invite", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"}) + + assert json_response(conn, :forbidden) + end + test "with token", %{conn: conn} do {:ok, invite} = UserInviteToken.create_invite() diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index ea28863f3..f221b9c51 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -825,6 +825,8 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do + clear_config([:instance, :admin_privileges], [:user_invite]) + user_one = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false) @@ -845,6 +847,21 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" end + test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :user_invite", + %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> patch( + "/api/pleroma/admin/users/approve", + %{nicknames: ["user_one.nickname", "user_two.nickname"]} + ) + + assert json_response(conn, :forbidden) + end + test "PATCH /api/pleroma/admin/users/suggest", %{admin: admin, conn: conn} do user1 = insert(:user, is_suggested: false) user2 = insert(:user, is_suggested: false) -- cgit v1.2.3 From 3f26f1b30fe605635e3faf610f813f3ae3ad43ec Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 28 May 2022 09:43:57 +0200 Subject: Add privileges for :report_handle --- .../controllers/report_controller_test.exs | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index 30dcb87e2..c39cf978b 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -26,6 +26,20 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do end describe "GET /api/pleroma/admin/reports/:id" do + setup do + clear_config([:instance, :admin_privileges], [:report_handle]) + end + + test "returns 403 if not privileged with :report_handle", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> get("/api/pleroma/admin/reports/report_id") + + assert json_response(conn, :forbidden) + end + test "returns report by its id", %{conn: conn} do [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -63,6 +77,8 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "PATCH /api/pleroma/admin/reports" do setup do + clear_config([:instance, :admin_privileges], [:report_handle]) + [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -86,6 +102,20 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do } end + test "returns 403 if not privileged with :report_handle", %{conn: conn, id: id, admin: admin} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> assign(:token, insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])) + |> put_req_header("content-type", "application/json") + |> patch("/api/pleroma/admin/reports", %{ + "reports" => [%{"state" => "resolved", "id" => id}] + }) + + assert json_response(conn, :forbidden) + end + test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"]) write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"]) @@ -209,6 +239,20 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do end describe "GET /api/pleroma/admin/reports" do + setup do + clear_config([:instance, :admin_privileges], [:report_handle]) + end + + test "returns 403 if not privileged with :report_handle", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = + conn + |> get(report_path(conn, :index)) + + assert json_response(conn, :forbidden) + end + test "returns empty response when no reports created", %{conn: conn} do response = conn @@ -317,6 +361,8 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "POST /api/pleroma/admin/reports/:id/notes" do setup %{conn: conn, admin: admin} do + clear_config([:instance, :admin_privileges], [:report_handle]) + [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -345,6 +391,22 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do } end + test "returns 403 if not privileged with :report_handle", %{conn: conn, report_id: report_id} do + clear_config([:instance, :admin_privileges], []) + + post_conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{ + content: "this is disgusting2!" + }) + + delete_conn = delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/note.id") + + assert json_response(post_conn, :forbidden) + assert json_response(delete_conn, :forbidden) + end + test "it creates report note", %{admin_id: admin_id, report_id: report_id} do assert [note, _] = Repo.all(ReportNote) -- cgit v1.2.3 From cbb26262a5957d3a72bef383a394bb3b2ad0215d Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 28 May 2022 12:15:36 +0200 Subject: Add privileges for :user_read --- .../admin_api/controllers/user_controller_test.exs | 115 +++++++++++++-------- 1 file changed, 70 insertions(+), 45 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index f221b9c51..a6e41c761 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "with valid `admin_token` query parameter, skips OAuth scopes check" do + clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:admin_token], "password123") user = insert(:user) @@ -47,50 +48,6 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do assert json_response_and_validate_schema(conn, 200) end - test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope", - %{admin: admin} do - user = insert(:user) - url = "/api/pleroma/admin/users/#{user.nickname}" - - good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"]) - good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"]) - good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"]) - - bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"]) - bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"]) - bad_token3 = nil - - for good_token <- [good_token1, good_token2, good_token3] do - conn = - build_conn() - |> assign(:user, admin) - |> assign(:token, good_token) - |> get(url) - - assert json_response_and_validate_schema(conn, 200) - end - - for good_token <- [good_token1, good_token2, good_token3] do - conn = - build_conn() - |> assign(:user, nil) - |> assign(:token, good_token) - |> get(url) - - assert json_response(conn, :forbidden) - end - - for bad_token <- [bad_token1, bad_token2, bad_token3] do - conn = - build_conn() - |> assign(:user, admin) - |> assign(:token, bad_token) - |> get(url) - - assert json_response_and_validate_schema(conn, :forbidden) - end - end - describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) @@ -321,7 +278,19 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end end - describe "/api/pleroma/admin/users/:nickname" do + describe "GET /api/pleroma/admin/users/:nickname" do + setup do + clear_config([:instance, :admin_privileges], [:user_read]) + end + + test "returns 403 if not privileged with :user_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users/user.nickname") + + assert json_response(conn, :forbidden) + end + test "Show", %{conn: conn} do user = insert(:user) @@ -337,6 +306,50 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404) end + + test "requires admin:read:accounts or broader scope", + %{admin: admin} do + user = insert(:user) + url = "/api/pleroma/admin/users/#{user.nickname}" + + good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"]) + good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"]) + good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"]) + + bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"]) + bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"]) + bad_token3 = nil + + for good_token <- [good_token1, good_token2, good_token3] do + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, good_token) + |> get(url) + + assert json_response_and_validate_schema(conn, 200) + end + + for good_token <- [good_token1, good_token2, good_token3] do + conn = + build_conn() + |> assign(:user, nil) + |> assign(:token, good_token) + |> get(url) + + assert json_response(conn, :forbidden) + end + + for bad_token <- [bad_token1, bad_token2, bad_token3] do + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, bad_token) + |> get(url) + + assert json_response_and_validate_schema(conn, :forbidden) + end + end end describe "/api/pleroma/admin/users/follow" do @@ -392,6 +405,18 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end describe "GET /api/pleroma/admin/users" do + setup do + clear_config([:instance, :admin_privileges], [:user_read]) + end + + test "returns 403 if not privileged with :user_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users?page=1") + + assert json_response(conn, :forbidden) + end + test "renders users array for the first page", %{conn: conn, admin: admin} do user = insert(:user, local: false, tags: ["foo", "bar"]) user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude") -- cgit v1.2.3 From 4cb0dbb5dce93ebc6c638c99eab13d0d2c02667c Mon Sep 17 00:00:00 2001 From: Ilja Date: Sun, 5 Jun 2022 12:50:19 +0200 Subject: Mark relevant tests synchronous One of the things we do during the tests is change the config. But that's global state and different tests were interfering. E.g. one test would set `clear_config([:instance, :admin_privileges], [:statuses_read])`, but while that runs, another test may do `clear_config([:instance, :admin_privileges], [:user_invite])`. Now the code for the first test checks the setting, and it finds `:user_invite` instead of `:statuses_read`. Now the modules where this happens are marked to run synchronously, so they don't interfere with each other. --- test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/chat_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/invite_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/report_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/status_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/user_controller_test.exs | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 178e0e88a..1df28f147 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false use Oban.Testing, repo: Pleroma.Repo import ExUnit.CaptureLog diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs index 4d093ff57..3798083aa 100644 --- a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.ChatControllerTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory diff --git a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs index 17c2aa104..b8c812acc 100644 --- a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.InviteControllerTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index c39cf978b..42b5000fc 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.ReportControllerTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index 238cb9aff..4228dbcbb 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.StatusControllerTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index a6e41c761..01bee08d1 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.UserControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false use Oban.Testing, repo: Pleroma.Repo import Mock -- cgit v1.2.3 From 34a98990dba1e021a75a23b225cff22af23f5ca2 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 11 Jun 2022 09:38:43 +0200 Subject: last off :statuses_read From the endpoints left to do, I believe these should be under :statuses_read. These should be the last for that privilege for this MR --- .../web/admin_api/controllers/instance_controller_test.exs | 7 ++++++- .../web/admin_api/controllers/status_controller_test.exs | 10 ++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index 72436cd83..2ab32fed8 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false use Oban.Testing, repo: Pleroma.Repo import Pleroma.Factory @@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do end test "GET /instances/:instance/statuses", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:statuses_read]) user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") insert_pair(:note_activity, user: user) @@ -60,6 +61,10 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do |> json_response(200) assert length(activities) == 3 + + clear_config([:instance, :admin_privileges], []) + + conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden) end test "DELETE /instances/:instance", %{conn: conn} do diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index 4228dbcbb..d18577961 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do end describe "GET /api/pleroma/admin/statuses/:id" do + setup do + clear_config([:instance, :admin_privileges], [:statuses_read]) + end + test "not found", %{conn: conn} do assert conn |> get("/api/pleroma/admin/statuses/not_found") @@ -50,6 +54,12 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do assert account["is_active"] == actor.is_active assert account["is_confirmed"] == actor.is_confirmed end + + test "denies reading activity when not privileged", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden) + end end describe "PUT /api/pleroma/admin/statuses/:id" do -- cgit v1.2.3 From 0ee8f33250f649c7807fd161b9d6588757f5dc94 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 11 Jun 2022 13:08:40 +0200 Subject: Add privilige :status_delete It also allows to update a message, so it's not just deleting. I need a better name... --- .../admin_api/controllers/chat_controller_test.exs | 14 +++++++++++++- .../admin_api/controllers/status_controller_test.exs | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs index 3798083aa..e080cd225 100644 --- a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs @@ -27,7 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do - setup do: admin_setup() + setup do + clear_config([:instance, :admin_privileges], [:status_delete]) + admin_setup() + end test "it deletes a message from the chat", %{conn: conn, admin: admin} do user = insert(:user) @@ -60,6 +63,15 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do refute MessageReference.get_by_id(recipient_cm_ref.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end + + test "it requires privileged role :status_delete", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/some_id/messages/some_ref_id") + |> json_response(:forbidden) + end end describe "GET /api/pleroma/admin/chats/:id/messages" do diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index d18577961..2daf6a50d 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -64,6 +64,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "PUT /api/pleroma/admin/statuses/:id" do setup do + clear_config([:instance, :admin_privileges], [:status_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -132,10 +133,20 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do assert %{"error" => "test - Invalid value for enum."} = json_response_and_validate_schema(conn, :bad_request) end + + test "it requires privileged role :status_delete", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "application/json") + |> put("/api/pleroma/admin/statuses/some_id", %{}) + |> json_response(:forbidden) + end end describe "DELETE /api/pleroma/admin/statuses/:id" do setup do + clear_config([:instance, :admin_privileges], [:status_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -159,6 +170,15 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} end + + test "it requires privileged role :status_delete", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/statuses/some_id") + |> json_response(:forbidden) + end end describe "GET /api/pleroma/admin/statuses" do -- cgit v1.2.3 From ecd42a2ce112489bb09cadcffc3661314a37a7fa Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 11 Jun 2022 22:18:21 +0200 Subject: Add privilige :emoji_management --- .../controllers/admin_api_controller_test.exs | 28 ++++++++++ .../controllers/emoji_file_controller_test.exs | 30 ++++++++++- .../controllers/emoji_pack_controller_test.exs | 61 ++++++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 1df28f147..23c26d7db 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -1060,6 +1060,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert Repo.aggregate(Pleroma.User.Backup, :count) == 2 end end + + describe "POST /api/v1/pleroma/admin/reload_emoji" do + setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) + + admin = insert(:user, is_admin: true) + token = insert(:oauth_admin_token, user: admin) + + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, token) + + {:ok, %{conn: conn, admin: admin}} + end + + test "it requires privileged role :emoji_management", %{conn: conn} do + assert conn + |> post("/api/v1/pleroma/admin/reload_emoji") + |> json_response(200) + + clear_config([:instance, :admin_privileges], []) + + assert conn + |> post("/api/v1/pleroma/admin/reload_emoji") + |> json_response(:forbidden) + end + end end # Needed for testing diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs index 200ce3b68..e46a363a4 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false import Mock import Tesla.Mock @@ -30,6 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -377,5 +378,32 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do }) |> json_response_and_validate_schema(:bad_request) end + + test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + clear_config([:instance, :admin_privileges], []) + + assert admin_conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/emoji/packs/files?name=test_pack", %{ + file: %Plug.Upload{ + filename: "shortcode.png", + path: "#{Pleroma.Config.get([:instance, :static_dir])}/add/shortcode.png" + } + }) + |> json_response(:forbidden) + + assert admin_conn + |> put_req_header("content-type", "multipart/form-data") + |> patch("/api/pleroma/emoji/packs/files?name=test_pack", %{ + shortcode: "blank", + new_filename: "dir_2/blank_3.png" + }) + |> json_response(:forbidden) + + assert admin_conn + |> put_req_header("content-type", "multipart/form-data") + |> delete("/api/pleroma/emoji/packs/files?name=test_pack&shortcode=blank3") + |> json_response(:forbidden) + end end end diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs index d1fd1cbb0..6558767d2 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs @@ -99,6 +99,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do end describe "GET /api/pleroma/emoji/packs/remote" do + setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) + end + test "shareable instance", %{admin_conn: admin_conn, conn: conn} do resp = conn @@ -136,6 +140,14 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do "error" => "The requested instance does not support sharing emoji packs" } end + + test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + clear_config([:instance, :admin_privileges], []) + + assert admin_conn + |> get("/api/pleroma/emoji/packs/remote?url=https://example.com") + |> json_response(:forbidden) + end end describe "GET /api/pleroma/emoji/packs/archive?name=:name" do @@ -170,6 +182,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do end describe "POST /api/pleroma/emoji/packs/download" do + setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) + end + test "shared pack from remote and non shared from fallback-src", %{ admin_conn: admin_conn, conn: conn @@ -344,10 +360,24 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do "The pack was not set as shared and there is no fallback src to download from" } end + + test "it requires privileged role :emoji_management", %{admin_conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/emoji/packs/download", %{ + url: "https://example.com", + name: "test_pack", + as: "test_pack2" + }) + |> json_response(:forbidden) + end end describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -435,9 +465,22 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do "error" => "The fallback archive does not have all files specified in pack.json" } end + + test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "multipart/form-data") + |> patch("/api/pleroma/emoji/pack?name=test_pack", %{metadata: new_data}) + |> json_response(:forbidden) + end end describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do + setup do + clear_config([:instance, :admin_privileges], [:emoji_management]) + end + test "returns an error on creates pack when file system not writable", %{ admin_conn: admin_conn } do @@ -520,6 +563,18 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do "error" => "pack name cannot be empty" } end + + test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + clear_config([:instance, :admin_privileges], []) + + assert admin_conn + |> post("/api/pleroma/emoji/pack?name= ") + |> json_response(:forbidden) + + assert admin_conn + |> delete("/api/pleroma/emoji/pack?name= ") + |> json_response(:forbidden) + end end test "deleting nonexisting pack", %{admin_conn: admin_conn} do @@ -578,6 +633,12 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do "blank2" => "blank.png", "foo" => "blank.png" } + + clear_config([:instance, :admin_privileges], []) + + assert admin_conn + |> get("/api/pleroma/emoji/packs/import") + |> json_response(:forbidden) end describe "GET /api/pleroma/emoji/pack?name=:name" do -- cgit v1.2.3 From c842e6267545dfa88cf97cef69337296c3cb77d5 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sun, 12 Jun 2022 10:07:33 +0200 Subject: Add last priviliges I still had three endpoints I didn't really know what to do with them. I added them under separate tags * :instance_delete * :moderation_log_read * :stats_read I also checked and these are the last changes done by MR https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3480/diffs this is trying to fix --- .../controllers/admin_api_controller_test.exs | 22 ++++++++++++++++++++++ .../controllers/instance_controller_test.exs | 8 ++++++++ 2 files changed, 30 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 23c26d7db..180f6c83f 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -558,6 +558,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /api/pleroma/admin/moderation_log" do setup do + clear_config([:instance, :admin_privileges], [:moderation_log_read]) moderator = insert(:user, is_moderator: true) %{moderator: moderator} @@ -762,6 +763,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert get_in(first_entry, ["data", "message"]) == "@#{moderator.nickname} unfollowed relay: https://example.org/relay" end + + test "it requires privileged role :moderation_log_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> put_req_header("content-type", "multipart/form-data") + |> get("/api/pleroma/admin/moderation_log") + |> json_response(:forbidden) + end end test "gets a remote users when [:instance, :limit_to_local_content] is set to :unauthenticated", @@ -960,6 +970,10 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end describe "/api/pleroma/admin/stats" do + setup do + clear_config([:instance, :admin_privileges], [:stats_read]) + end + test "status visibility count", %{conn: conn} do user = insert(:user) CommonAPI.post(user, %{visibility: "public", status: "hey"}) @@ -992,6 +1006,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert %{"direct" => 0, "private" => 1, "public" => 0, "unlisted" => 1} = response["status_visibility"] end + + test "it requires privileged role :stats_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + assert conn + |> get("/api/pleroma/admin/stats", instance: "lain.wired") + |> json_response(:forbidden) + end end describe "/api/pleroma/backups" do diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index 2ab32fed8..b757ce469 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -68,6 +68,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do end test "DELETE /instances/:instance", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:instance_delete]) user = insert(:user, nickname: "lain@lain.com") post = insert(:note_activity, user: user) @@ -81,5 +82,12 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do assert response == "lain.com" refute Repo.reload(user).is_active refute Repo.reload(post) + + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> delete("/api/pleroma/admin/instances/lain.com") + |> json_response(:forbidden) end end -- cgit v1.2.3 From 9da81f41c6e2084973095eefebbda3b1abde587c Mon Sep 17 00:00:00 2001 From: Ilja Date: Fri, 17 Jun 2022 17:35:03 +0200 Subject: Fix warning during test user_test.exs Fixed the warning [warning] Please change `clear_config([section], key: value)` to `clear_config([section, key], value)` --- test/pleroma/user_test.exs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'test') diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 884b846ae..ea1e45e63 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -473,12 +473,7 @@ defmodule Pleroma.UserTest do reject_deletes: [] ) - setup do: - clear_config(:mrf, - policies: [ - Pleroma.Web.ActivityPub.MRF.SimplePolicy - ] - ) + setup do: clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.SimplePolicy]) test "it sends a welcome chat message when Simple policy applied to local instance" do clear_config([:mrf_simple, :media_nsfw], [{"localhost", ""}]) -- cgit v1.2.3 From 7adfc2e0f429f84eb7eb2712529e9a3486354d01 Mon Sep 17 00:00:00 2001 From: Ilja Date: Mon, 13 Jun 2022 09:58:50 +0200 Subject: Add Pleroma.User.privileged?/2 This should eventually replace Pleroma.User.superuser?/1 --- test/pleroma/user_test.exs | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index ea1e45e63..192bffaa9 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -13,7 +13,7 @@ defmodule Pleroma.UserTest do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.CommonAPI - use Pleroma.DataCase + use Pleroma.DataCase, async: false use Oban.Testing, repo: Pleroma.Repo import Pleroma.Factory @@ -1878,6 +1878,47 @@ defmodule Pleroma.UserTest do end end + describe "privileged?/1" do + setup do + clear_config([:instance, :admin_privileges], [:cofe, :suya]) + clear_config([:instance, :moderator_privileges], [:cofe, :suya]) + end + + test "returns false for unprivileged users" do + user = insert(:user, local: true) + + refute User.privileged?(user, :cofe) + end + + test "returns false for remote users" do + user = insert(:user, local: false) + remote_admin_user = insert(:user, local: false, is_admin: true) + + refute User.privileged?(user, :cofe) + refute User.privileged?(remote_admin_user, :cofe) + end + + test "returns true for local moderators if, and only if, they are privileged" do + user = insert(:user, local: true, is_moderator: true) + + assert User.privileged?(user, :cofe) + + clear_config([:instance, :moderator_privileges], []) + + refute User.privileged?(user, :cofe) + end + + test "returns true for local admins if, and only if, they are privileged" do + user = insert(:user, local: true, is_admin: true) + + assert User.privileged?(user, :cofe) + + clear_config([:instance, :admin_privileges], []) + + refute User.privileged?(user, :cofe) + end + end + describe "superuser?/1" do test "returns false for unprivileged users" do user = insert(:user, local: true) -- cgit v1.2.3 From 7cf473c50076f31bb01bad92501a8c2353874b96 Mon Sep 17 00:00:00 2001 From: Ilja Date: Mon, 13 Jun 2022 11:00:49 +0200 Subject: delete statusses is now privileged by :status_delete Instead of superusers, you now need a role with privilige :status_delete to delete other users statusses I also cleaned up some other stuff I saw --- .../controllers/instance_controller_test.exs | 7 +++--- test/pleroma/web/common_api_test.exs | 26 ++++++++++++---------- .../controllers/status_controller_test.exs | 22 +++++------------- 3 files changed, 23 insertions(+), 32 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index b757ce469..e75222f99 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -85,9 +85,8 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do clear_config([:instance, :admin_privileges], []) - response = - conn - |> delete("/api/pleroma/admin/instances/lain.com") - |> json_response(:forbidden) + conn + |> delete("/api/pleroma/admin/instances/lain.com") + |> json_response(:forbidden) end end diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index b502aaa03..4d960e945 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Web.CommonAPITest do use Oban.Testing, repo: Pleroma.Repo - use Pleroma.DataCase + use Pleroma.DataCase, async: false alias Pleroma.Activity alias Pleroma.Chat @@ -321,7 +321,7 @@ defmodule Pleroma.Web.CommonAPITest do refute Activity.get_by_id(post.id) end - test "it does not allow a user to delete their posts" do + test "it does not allow a user to delete posts from another user" do user = insert(:user) other_user = insert(:user) @@ -331,7 +331,8 @@ defmodule Pleroma.Web.CommonAPITest do assert Activity.get_by_id(post.id) end - test "it allows moderators to delete other user's posts" do + test "it allows privileged users to delete other user's posts" do + clear_config([:instance, :moderator_privileges], [:status_delete]) user = insert(:user) moderator = insert(:user, is_moderator: true) @@ -343,19 +344,20 @@ defmodule Pleroma.Web.CommonAPITest do refute Activity.get_by_id(post.id) end - test "it allows admins to delete other user's posts" do + test "it doesn't allow unprivileged mods or admins to delete other user's posts" do + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], []) user = insert(:user) - moderator = insert(:user, is_admin: true) + moderator = insert(:user, is_moderator: true, is_admin: true) {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"}) - assert {:ok, delete} = CommonAPI.delete(post.id, moderator) - assert delete.local - - refute Activity.get_by_id(post.id) + assert {:error, "Could not delete"} = CommonAPI.delete(post.id, moderator) + assert Activity.get_by_id(post.id) end - test "superusers deleting non-local posts won't federate the delete" do + test "privileged users deleting non-local posts won't federate the delete" do + clear_config([:instance, :admin_privileges], [:status_delete]) # This is the user of the ingested activity _user = insert(:user, @@ -364,7 +366,7 @@ defmodule Pleroma.Web.CommonAPITest do last_refreshed_at: NaiveDateTime.utc_now() ) - moderator = insert(:user, is_admin: true) + admin = insert(:user, is_admin: true) data = File.read!("test/fixtures/mastodon-post-activity.json") @@ -374,7 +376,7 @@ defmodule Pleroma.Web.CommonAPITest do with_mock Pleroma.Web.Federator, publish: fn _ -> nil end do - assert {:ok, delete} = CommonAPI.delete(post.id, moderator) + assert {:ok, delete} = CommonAPI.delete(post.id, admin) assert delete.local refute called(Pleroma.Web.Federator.publish(:_)) end diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index dc6912b7b..4ea92e329 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false use Oban.Testing, repo: Pleroma.Repo alias Pleroma.Activity @@ -968,30 +968,20 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert Activity.get_by_id(activity.id) == activity end - test "when you're an admin or moderator", %{conn: conn} do - activity1 = insert(:note_activity) - activity2 = insert(:note_activity) - admin = insert(:user, is_admin: true) + test "when you're privileged to", %{conn: conn} do + clear_config([:instance, :moderator_privileges], [:status_delete]) + activity = insert(:note_activity) moderator = insert(:user, is_moderator: true) - res_conn = - conn - |> assign(:user, admin) - |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"])) - |> delete("/api/v1/statuses/#{activity1.id}") - - assert %{} = json_response_and_validate_schema(res_conn, 200) - res_conn = conn |> assign(:user, moderator) |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"])) - |> delete("/api/v1/statuses/#{activity2.id}") + |> delete("/api/v1/statuses/#{activity.id}") assert %{} = json_response_and_validate_schema(res_conn, 200) - refute Activity.get_by_id(activity1.id) - refute Activity.get_by_id(activity2.id) + refute Activity.get_by_id(activity.id) end end -- cgit v1.2.3 From bb61cfee8dc27c658215f05cce3ea58fca5b3db3 Mon Sep 17 00:00:00 2001 From: Ilja Date: Mon, 13 Jun 2022 13:58:26 +0200 Subject: Validator for deleting statusses is now done with priviledge instead of superuser --- .../object_validators/delete_validation_test.exs | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs index ea4664859..ba137604b 100644 --- a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs +++ b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do - use Pleroma.DataCase, async: true + use Pleroma.DataCase, async: false alias Pleroma.Object alias Pleroma.Web.ActivityPub.Builder @@ -90,17 +90,26 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do assert {:actor, {"is not allowed to modify object", []}} in cng.errors end - test "it's valid if the actor of the object is a local superuser", + test "it's only valid if the actor of the object is a privileged local user", %{valid_post_delete: valid_post_delete} do + clear_config([:instance, :moderator_privileges], [:status_delete]) + user = insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo") - valid_other_actor = + post_delete_with_moderator_actor = valid_post_delete |> Map.put("actor", user.ap_id) - {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, []) + {:ok, _, meta} = ObjectValidator.validate(post_delete_with_moderator_actor, []) + assert meta[:do_not_federate] + + clear_config([:instance, :moderator_privileges], []) + + {:error, cng} = ObjectValidator.validate(post_delete_with_moderator_actor, []) + + assert {:actor, {"is not allowed to modify object", []}} in cng.errors end end end -- cgit v1.2.3 From edf0013ff38ae2d7bc84431d1d1384e5fc45bc0e Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 18 Jun 2022 08:32:05 +0200 Subject: User.visible_for/2 According to the tests, this was only used for unconfirmed accounts. So this just needed to be restricted to users with privilege :user_activation --- test/pleroma/user_test.exs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 192bffaa9..22d55cd53 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1986,13 +1986,18 @@ defmodule Pleroma.UserTest do assert User.visible_for(user, other_user) == :visible end - test "returns true when the account is unconfirmed and being viewed by a privileged account (confirmation required)" do + test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do clear_config([:instance, :account_activation_required], true) + clear_config([:instance, :admin_privileges], [:user_activation]) user = insert(:user, local: true, is_confirmed: false) other_user = insert(:user, local: true, is_admin: true) assert User.visible_for(user, other_user) == :visible + + clear_config([:instance, :admin_privileges], []) + + refute User.visible_for(user, other_user) == :visible end end -- cgit v1.2.3 From e45faddb38311c799b2276cb952ac7715e2cbfab Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 18 Jun 2022 08:38:00 +0200 Subject: Revert "Delete report notifs when demoting from superuser" This reverts commit 89667189b840fc79d85336739e6b2512684d7be0 and cdc5bbe8369d4fc66d642bb3e845a237d11e34d7. This is a side effect when changing user role. The goal was to not have report notifications when someone isn't admin or moderator any more. But this won't be triggered when we change the privilege tags for a role, so we can't use this sollution any more. There was another solution to filter out report notifications during fetch. It wasn't merged because this seemed 'cleaner' at the time, but now it seems the better sollution. I'll add it in the next commit. --- test/pleroma/notification_test.exs | 19 ------------------- test/pleroma/user_test.exs | 21 --------------------- 2 files changed, 40 deletions(-) (limited to 'test') diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index 805764ea4..340a5f841 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -520,25 +520,6 @@ defmodule Pleroma.NotificationTest do end end - describe "destroy_multiple_from_types/2" do - test "clears all notifications of a certain type for a given user" do - report_activity = insert(:report_activity) - user1 = insert(:user, is_moderator: true, is_admin: true) - user2 = insert(:user, is_moderator: true, is_admin: true) - {:ok, _} = Notification.create_notifications(report_activity) - - {:ok, _} = - CommonAPI.post(user2, %{ - status: "hey @#{user1.nickname} !" - }) - - Notification.destroy_multiple_from_types(user1, ["pleroma:report"]) - - assert [%Pleroma.Notification{type: "mention"}] = Notification.for_user(user1) - assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user2) - end - end - describe "set_read_up_to()" do test "it sets all notifications as read up to a specified notification ID" do user = insert(:user) diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 22d55cd53..d110d71da 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -5,7 +5,6 @@ defmodule Pleroma.UserTest do alias Pleroma.Activity alias Pleroma.Builders.UserBuilder - alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Repo alias Pleroma.Tests.ObanHelpers @@ -2252,26 +2251,6 @@ defmodule Pleroma.UserTest do assert {:ok, user} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}") assert %User{bio: "test-bio"} = User.get_cached_by_ap_id(user.ap_id) end - - test "removes report notifs when user isn't superuser any more" do - report_activity = insert(:report_activity) - user = insert(:user, is_moderator: true, is_admin: true) - {:ok, _} = Notification.create_notifications(report_activity) - - assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user) - - {:ok, user} = user |> User.admin_api_update(%{is_moderator: false}) - # is still superuser because still admin - assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user) - - {:ok, user} = user |> User.admin_api_update(%{is_moderator: true, is_admin: false}) - # is still superuser because still moderator - assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user) - - {:ok, user} = user |> User.admin_api_update(%{is_moderator: false}) - # is not a superuser any more - assert [] = Notification.for_user(user) - end end describe "following/followers synchronization" do -- cgit v1.2.3 From eab13fed3e6ba7edd7847fd00581b45dc4292af0 Mon Sep 17 00:00:00 2001 From: Ilja Date: Wed, 2 Mar 2022 18:05:50 +0100 Subject: Hide pleroma:report for non-privileged users Before we deleted the notifications, but that was a side effect and didn't always trigger any more. Now we just hide them when an unprivileged user asks them. --- .../controllers/notification_controller_test.exs | 44 ++++++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs index 2b7a95635..e0f1d2ac1 100644 --- a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false alias Pleroma.Notification alias Pleroma.Repo @@ -74,12 +74,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do end test "by default, does not contain pleroma:report" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) + clear_config([:instance, :moderator_privileges], [:report_handle]) + + user = insert(:user) other_user = insert(:user) third_user = insert(:user) - user - |> User.admin_api_update(%{is_moderator: true}) + {:ok, user} = user |> User.admin_api_update(%{is_moderator: true}) + + %{conn: conn} = oauth_access(["read:notifications"], user: user) {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) @@ -101,6 +104,39 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do assert [_] = result end + test "Pleroma:report is hidden for non-privileged users" do + clear_config([:instance, :moderator_privileges], [:report_handle]) + + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + + {:ok, user} = user |> User.admin_api_update(%{is_moderator: true}) + + %{conn: conn} = oauth_access(["read:notifications"], user: user) + + {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) + + {:ok, _report} = + CommonAPI.report(third_user, %{account_id: other_user.id, status_ids: [activity.id]}) + + result = + conn + |> get("/api/v1/notifications?include_types[]=pleroma:report") + |> json_response_and_validate_schema(200) + + assert [_] = result + + clear_config([:instance, :moderator_privileges], []) + + result = + conn + |> get("/api/v1/notifications?include_types[]=pleroma:report") + |> json_response_and_validate_schema(200) + + assert [] == result + end + test "excludes mentions from blockers when blockers_visible is false" do clear_config([:activitypub, :blockers_visible], false) -- cgit v1.2.3 From a1c8aa4721de8f5edd7d69dcd745586df23f5a31 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 18 Jun 2022 10:55:45 +0200 Subject: Remove function superuser? Everything now happens with privileged?/2 --- test/pleroma/user_test.exs | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'test') diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index d110d71da..9f8be7fa2 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1918,34 +1918,6 @@ defmodule Pleroma.UserTest do end end - describe "superuser?/1" do - test "returns false for unprivileged users" do - user = insert(:user, local: true) - - refute User.superuser?(user) - end - - test "returns false for remote users" do - user = insert(:user, local: false) - remote_admin_user = insert(:user, local: false, is_admin: true) - - refute User.superuser?(user) - refute User.superuser?(remote_admin_user) - end - - test "returns true for local moderators" do - user = insert(:user, local: true, is_moderator: true) - - assert User.superuser?(user) - end - - test "returns true for local admins" do - user = insert(:user, local: true, is_admin: true) - - assert User.superuser?(user) - end - end - describe "invisible?/1" do test "returns true for an invisible user" do user = insert(:user, local: true, invisible: true) -- cgit v1.2.3 From 34adea8d28cec91f03047989cbbaaf0b402c3a55 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sun, 19 Jun 2022 11:05:09 +0200 Subject: Add Pleroma.User.all_users_with_privilege/1 This should eventually replace the Pleroma.User.all_superusers/0 function * I added a new param `is_privileged` in User.query * Now we can fetch all users with a specified privilege --- test/pleroma/user/query_test.exs | 92 +++++++++++++++++++++++++++++++++++++++- test/pleroma/user_test.exs | 90 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 181 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/user/query_test.exs b/test/pleroma/user/query_test.exs index bd45d1bca..7e443536b 100644 --- a/test/pleroma/user/query_test.exs +++ b/test/pleroma/user/query_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.User.QueryTest do - use Pleroma.DataCase, async: true + use Pleroma.DataCase, async: false alias Pleroma.Repo alias Pleroma.User @@ -44,4 +44,94 @@ defmodule Pleroma.User.QueryTest do |> User.Query.build() |> Repo.all() end + + describe "is_privileged param" do + setup do + %{ + user: insert(:user, local: true, is_admin: false, is_moderator: false), + moderator_user: insert(:user, local: true, is_admin: false, is_moderator: true), + admin_user: insert(:user, local: true, is_admin: true, is_moderator: false), + admin_moderator_user: insert(:user, local: true, is_admin: true, is_moderator: true), + remote_user: insert(:user, local: false, is_admin: true, is_moderator: true), + non_active_user: + insert(:user, local: true, is_admin: true, is_moderator: true, is_active: false) + } + end + + test "doesn't return any users when there are no privileged roles", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], []) + + refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + end + + test "returns moderator users if they are privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], [:cofe]) + + refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + end + + test "returns admin users if they are privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], [:cofe]) + clear_config([:instance, :moderator_privileges], []) + + refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + end + + test "returns admin and moderator users if they are both privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], [:cofe]) + clear_config([:instance, :moderator_privileges], [:cofe]) + + refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + end + end end diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 9f8be7fa2..0262470b2 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1972,6 +1972,96 @@ defmodule Pleroma.UserTest do end end + describe "all_users_with_privilege/1" do + setup do + %{ + user: insert(:user, local: true, is_admin: false, is_moderator: false), + moderator_user: insert(:user, local: true, is_admin: false, is_moderator: true), + admin_user: insert(:user, local: true, is_admin: true, is_moderator: false), + admin_moderator_user: insert(:user, local: true, is_admin: true, is_moderator: true), + remote_user: insert(:user, local: false, is_admin: true, is_moderator: true), + non_active_user: + insert(:user, local: true, is_admin: true, is_moderator: true, is_active: false) + } + end + + test "doesn't return any users when there are no privileged roles", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], []) + + refute user in User.all_users_with_privilege(:cofe) + refute admin_user in User.all_users_with_privilege(:cofe) + refute moderator_user in User.all_users_with_privilege(:cofe) + refute admin_moderator_user in User.all_users_with_privilege(:cofe) + refute remote_user in User.all_users_with_privilege(:cofe) + refute non_active_user in User.all_users_with_privilege(:cofe) + end + + test "returns moderator users if they are privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], []) + clear_config([:instance, :moderator_privileges], [:cofe]) + + refute user in User.all_users_with_privilege(:cofe) + refute admin_user in User.all_users_with_privilege(:cofe) + assert moderator_user in User.all_users_with_privilege(:cofe) + assert admin_moderator_user in User.all_users_with_privilege(:cofe) + refute remote_user in User.all_users_with_privilege(:cofe) + refute non_active_user in User.all_users_with_privilege(:cofe) + end + + test "returns admin users if they are privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], [:cofe]) + clear_config([:instance, :moderator_privileges], []) + + refute user in User.all_users_with_privilege(:cofe) + assert admin_user in User.all_users_with_privilege(:cofe) + refute moderator_user in User.all_users_with_privilege(:cofe) + assert admin_moderator_user in User.all_users_with_privilege(:cofe) + refute remote_user in User.all_users_with_privilege(:cofe) + refute non_active_user in User.all_users_with_privilege(:cofe) + end + + test "returns admin and moderator users if they are both privileged", %{ + user: user, + moderator_user: moderator_user, + admin_user: admin_user, + admin_moderator_user: admin_moderator_user, + remote_user: remote_user, + non_active_user: non_active_user + } do + clear_config([:instance, :admin_privileges], [:cofe]) + clear_config([:instance, :moderator_privileges], [:cofe]) + + refute user in User.all_users_with_privilege(:cofe) + assert admin_user in User.all_users_with_privilege(:cofe) + assert moderator_user in User.all_users_with_privilege(:cofe) + assert admin_moderator_user in User.all_users_with_privilege(:cofe) + refute remote_user in User.all_users_with_privilege(:cofe) + refute non_active_user in User.all_users_with_privilege(:cofe) + end + end + describe "parse_bio/2" do test "preserves hosts in user links text" do remote_user = insert(:user, local: false, nickname: "nick@domain.com") -- cgit v1.2.3 From e21ef5aef389f7cef9ba53525d2d38bb29f5e257 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sun, 19 Jun 2022 16:26:56 +0200 Subject: report notifications for privileged users Instead of `Pleroma.User.all_superusers()` we now use `Pleroma.User.all_superusers(:report_handle)` I also changed it for sending emails, but there were no tests. --- test/pleroma/notification_test.exs | 18 ++++++++++++------ .../web/mastodon_api/views/notification_view_test.exs | 6 ++++-- 2 files changed, 16 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index 340a5f841..e1f4b1771 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.NotificationTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: false import Pleroma.Factory import Mock @@ -32,20 +32,26 @@ defmodule Pleroma.NotificationTest do refute {:ok, [nil]} == Notification.create_notifications(activity) end - test "creates a notification for a report" do + test "creates a report notification only for privileged users" do reporting_user = insert(:user) reported_user = insert(:user) - {:ok, moderator_user} = insert(:user) |> User.admin_api_update(%{is_moderator: true}) + moderator_user = insert(:user, is_moderator: true) - {:ok, activity} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) + clear_config([:instance, :moderator_privileges], []) + {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) + {:ok, []} = Notification.create_notifications(activity1) - {:ok, [notification]} = Notification.create_notifications(activity) + clear_config([:instance, :moderator_privileges], [:report_handle]) + {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) + {:ok, [notification]} = Notification.create_notifications(activity2) assert notification.user_id == moderator_user.id assert notification.type == "pleroma:report" end - test "suppresses notification to reporter if reporter is an admin" do + test "suppresses notifications for own reports" do + clear_config([:instance, :admin_privileges], [:report_handle]) + reporting_admin = insert(:user, is_admin: true) reported_user = insert(:user) other_admin = insert(:user, is_admin: true) diff --git a/test/pleroma/web/mastodon_api/views/notification_view_test.exs b/test/pleroma/web/mastodon_api/views/notification_view_test.exs index 8e4c9136a..76338877e 100644 --- a/test/pleroma/web/mastodon_api/views/notification_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/notification_view_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: false alias Pleroma.Activity alias Pleroma.Chat @@ -218,9 +218,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do end test "Report notification" do + clear_config([:instance, :moderator_privileges], [:report_handle]) + reporting_user = insert(:user) reported_user = insert(:user) - {:ok, moderator_user} = insert(:user) |> User.admin_api_update(%{is_moderator: true}) + moderator_user = insert(:user, is_moderator: true) {:ok, activity} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, [notification]} = Notification.create_notifications(activity) -- cgit v1.2.3 From 143ea7b80a228d9bd23a77354fe214553ca2b8cc Mon Sep 17 00:00:00 2001 From: Ilja Date: Tue, 21 Jun 2022 09:21:45 +0200 Subject: Add deactivated status for privileged users Deactivated users are only visible to users privileged with :user_activation since fc317f3b17 Here we also make sure the users who are deactivated get the status deactivated for users who are allowed to see these users --- test/pleroma/web/mastodon_api/views/account_view_test.exs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs index 8ed37fe58..d9d3866e7 100644 --- a/test/pleroma/web/mastodon_api/views/account_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.AccountViewTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: false alias Pleroma.User alias Pleroma.UserRelationship @@ -214,8 +214,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions" end - test "Represent a deactivated user for an admin" do - admin = insert(:user, is_admin: true) + test "Represent a deactivated user for a privileged user" do + clear_config([:instance, :moderator_privileges], [:user_activation]) + + admin = insert(:user, is_moderator: true) deactivated_user = insert(:user, is_active: false) represented = AccountView.render("show.json", %{user: deactivated_user, for: admin}) assert represented[:pleroma][:deactivated] == true -- cgit v1.2.3 From 211e561e2ad862c75a1b34f783d3210523dc211e Mon Sep 17 00:00:00 2001 From: Ilja Date: Tue, 21 Jun 2022 11:13:32 +0200 Subject: Show privileges to FE I added an extra key We already had is_admin and is_moderator, now we have an extra privileges key --- test/pleroma/user_test.exs | 38 ++++++ .../web/mastodon_api/views/account_view_test.exs | 143 +++++++++++++++++++++ 2 files changed, 181 insertions(+) (limited to 'test') diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 0262470b2..477553fe5 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1918,6 +1918,44 @@ defmodule Pleroma.UserTest do end end + describe "privileges/1" do + setup do + clear_config([:instance, :moderator_privileges], [:cofe, :only_moderator]) + clear_config([:instance, :admin_privileges], [:cofe, :only_admin]) + end + + test "returns empty list for users without roles" do + user = insert(:user, local: true) + + assert [] == User.privileges(user) + end + + test "returns list of privileges for moderators" do + moderator = insert(:user, is_moderator: true, local: true) + + assert [:cofe, :only_moderator] == User.privileges(moderator) |> Enum.sort() + end + + test "returns list of privileges for admins" do + admin = insert(:user, is_admin: true, local: true) + + assert [:cofe, :only_admin] == User.privileges(admin) |> Enum.sort() + end + + test "returns list of unique privileges for users who are both moderator and admin" do + moderator_admin = insert(:user, is_moderator: true, is_admin: true, local: true) + + assert [:cofe, :only_admin, :only_moderator] == + User.privileges(moderator_admin) |> Enum.sort() + end + + test "returns empty list for remote users" do + remote_moderator_admin = insert(:user, is_moderator: true, is_admin: true, local: false) + + assert [] == User.privileges(remote_moderator_admin) + end + end + describe "invisible?/1" do test "returns true for an invisible user" do user = insert(:user, local: true, invisible: true) diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs index d9d3866e7..ce94ec7e4 100644 --- a/test/pleroma/web/mastodon_api/views/account_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs @@ -84,6 +84,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do tags: [], is_admin: false, is_moderator: false, + privileges: [], is_suggested: false, hide_favorites: true, hide_followers: false, @@ -99,6 +100,147 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true}) end + describe "roles and privileges" do + setup do + clear_config([:instance, :moderator_privileges], [:cofe, :only_moderator]) + clear_config([:instance, :admin_privileges], [:cofe, :only_admin]) + + %{ + user: insert(:user), + moderator: insert(:user, is_moderator: true), + admin: insert(:user, is_admin: true), + moderator_admin: insert(:user, is_moderator: true, is_admin: true), + user_no_show_roles: insert(:user, show_role: false), + moderator_admin_no_show_roles: + insert(:user, is_moderator: true, is_admin: true, show_role: false) + } + end + + test "shows roles and privileges when show_role: true", %{ + user: user, + moderator: moderator, + admin: admin, + moderator_admin: moderator_admin, + user_no_show_roles: user_no_show_roles, + moderator_admin_no_show_roles: moderator_admin_no_show_roles + } do + assert %{pleroma: %{is_moderator: false, is_admin: false}} = + AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + + assert [] == + AccountView.render("show.json", %{user: user, skip_visibility_check: true})[ + :pleroma + ][:privileges] + |> Enum.sort() + + assert %{pleroma: %{is_moderator: true, is_admin: false}} = + AccountView.render("show.json", %{user: moderator, skip_visibility_check: true}) + + assert [:cofe, :only_moderator] == + AccountView.render("show.json", %{user: moderator, skip_visibility_check: true})[ + :pleroma + ][:privileges] + |> Enum.sort() + + assert %{pleroma: %{is_moderator: false, is_admin: true}} = + AccountView.render("show.json", %{user: admin, skip_visibility_check: true}) + + assert [:cofe, :only_admin] == + AccountView.render("show.json", %{user: admin, skip_visibility_check: true})[ + :pleroma + ][:privileges] + |> Enum.sort() + + assert %{pleroma: %{is_moderator: true, is_admin: true}} = + AccountView.render("show.json", %{ + user: moderator_admin, + skip_visibility_check: true + }) + + assert [:cofe, :only_admin, :only_moderator] == + AccountView.render("show.json", %{ + user: moderator_admin, + skip_visibility_check: true + })[:pleroma][:privileges] + |> Enum.sort() + + refute match?( + %{pleroma: %{is_moderator: _}}, + AccountView.render("show.json", %{ + user: user_no_show_roles, + skip_visibility_check: true + }) + ) + + refute match?( + %{pleroma: %{is_admin: _}}, + AccountView.render("show.json", %{ + user: user_no_show_roles, + skip_visibility_check: true + }) + ) + + refute match?( + %{pleroma: %{privileges: _}}, + AccountView.render("show.json", %{ + user: user_no_show_roles, + skip_visibility_check: true + }) + ) + + refute match?( + %{pleroma: %{is_moderator: _}}, + AccountView.render("show.json", %{ + user: moderator_admin_no_show_roles, + skip_visibility_check: true + }) + ) + + refute match?( + %{pleroma: %{is_admin: _}}, + AccountView.render("show.json", %{ + user: moderator_admin_no_show_roles, + skip_visibility_check: true + }) + ) + + refute match?( + %{pleroma: %{privileges: _}}, + AccountView.render("show.json", %{ + user: moderator_admin_no_show_roles, + skip_visibility_check: true + }) + ) + end + + test "shows roles and privileges when viewing own account, even when show_role: false", %{ + user_no_show_roles: user_no_show_roles, + moderator_admin_no_show_roles: moderator_admin_no_show_roles + } do + assert %{pleroma: %{is_moderator: false, is_admin: false, privileges: []}} = + AccountView.render("show.json", %{ + user: user_no_show_roles, + skip_visibility_check: true, + for: user_no_show_roles + }) + + assert %{ + pleroma: %{ + is_moderator: true, + is_admin: true, + privileges: privileges + } + } = + AccountView.render("show.json", %{ + user: moderator_admin_no_show_roles, + skip_visibility_check: true, + for: moderator_admin_no_show_roles + }) + + assert [:cofe, :only_admin, :only_moderator] == privileges |> Enum.sort() + end + end + describe "favicon" do setup do [user: insert(:user)] @@ -186,6 +328,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do tags: [], is_admin: false, is_moderator: false, + privileges: [], is_suggested: false, hide_favorites: true, hide_followers: false, -- cgit v1.2.3 From 4e4eb81749076ada5692b92061c77a72832a9cc8 Mon Sep 17 00:00:00 2001 From: Ilja Date: Tue, 21 Jun 2022 12:03:35 +0200 Subject: Add nodes and privileges to nodeinfo I didn't add it to /api/v1/instance I was wondering if I should, but since it e.g. also didn't show staff, it felt better not to --- test/pleroma/web/node_info_test.exs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/node_info_test.exs b/test/pleroma/web/node_info_test.exs index 247ad7501..f474220be 100644 --- a/test/pleroma/web/node_info_test.exs +++ b/test/pleroma/web/node_info_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.NodeInfoTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory @@ -40,6 +40,19 @@ defmodule Pleroma.Web.NodeInfoTest do assert admin.ap_id in result["metadata"]["staffAccounts"] end + test "nodeinfo shows roles and privileges", %{conn: conn} do + clear_config([:instance, :moderator_privileges], [:cofe]) + clear_config([:instance, :admin_privileges], [:suya, :cofe]) + + conn = + conn + |> get("/nodeinfo/2.1.json") + + assert result = json_response(conn, 200) + + assert %{"admin" => ["suya", "cofe"], "moderator" => ["cofe"]} == result["metadata"]["roles"] + end + test "nodeinfo shows restricted nicknames", %{conn: conn} do conn = conn -- cgit v1.2.3 From 37fdf148b0963b62ab746a8ece2aacf893ba8934 Mon Sep 17 00:00:00 2001 From: Ilja Date: Fri, 1 Jul 2022 09:54:05 +0200 Subject: Rename privilege tags I first focussed on getting things working Now that they do and we know what tags there are, I put some thought in providing better names I use the form _ :statuses_read => :messages_read :status_delete => :messages_delete :user_read => :users_read :user_deletion => :users_delete :user_activation => :users_manage_activation_state :user_invite => :users_manage_invites :user_tag => :users_manage_tags :user_credentials => :users_manage_credentials :report_handle => :reports_manage_reports :emoji_management => :emoji_manage_emoji --- test/pleroma/notification_test.exs | 4 ++-- test/pleroma/user_test.exs | 4 ++-- .../object_validators/delete_validation_test.exs | 2 +- .../controllers/admin_api_controller_test.exs | 28 +++++++++++----------- .../admin_api/controllers/chat_controller_test.exs | 12 +++++----- .../controllers/instance_controller_test.exs | 2 +- .../controllers/invite_controller_test.exs | 18 +++++++------- .../controllers/report_controller_test.exs | 23 +++++++++++------- .../controllers/status_controller_test.exs | 14 +++++------ .../admin_api/controllers/user_controller_test.exs | 24 +++++++++---------- test/pleroma/web/common_api_test.exs | 4 ++-- .../controllers/notification_controller_test.exs | 4 ++-- .../controllers/status_controller_test.exs | 2 +- .../web/mastodon_api/views/account_view_test.exs | 2 +- .../mastodon_api/views/notification_view_test.exs | 2 +- .../controllers/emoji_file_controller_test.exs | 4 ++-- .../controllers/emoji_pack_controller_test.exs | 19 ++++++++------- 17 files changed, 89 insertions(+), 79 deletions(-) (limited to 'test') diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index e1f4b1771..d0f34113b 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -41,7 +41,7 @@ defmodule Pleroma.NotificationTest do {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, []} = Notification.create_notifications(activity1) - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, [notification]} = Notification.create_notifications(activity2) @@ -50,7 +50,7 @@ defmodule Pleroma.NotificationTest do end test "suppresses notifications for own reports" do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) reporting_admin = insert(:user, is_admin: true) reported_user = insert(:user) diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 477553fe5..98e00cecb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1995,9 +1995,9 @@ defmodule Pleroma.UserTest do assert User.visible_for(user, other_user) == :visible end - test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do + test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :users_manage_activation_state, confirmation required)" do clear_config([:instance, :account_activation_required], true) - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user = insert(:user, local: true, is_confirmed: false) other_user = insert(:user, local: true, is_admin: true) diff --git a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs index ba137604b..bbb31516c 100644 --- a/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs +++ b/test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs @@ -92,7 +92,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do test "it's only valid if the actor of the object is a privileged local user", %{valid_post_delete: valid_post_delete} do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) user = insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo") diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 180f6c83f..34ec28012 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -92,7 +92,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "PUT /api/pleroma/admin/users/tag" do setup %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_tag]) + clear_config([:instance, :admin_privileges], [:users_manage_tags]) user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y"]}) @@ -150,7 +150,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end - test "it requires privileged role :user_tag", %{conn: conn} do + test "it requires privileged role :users_manage_tags", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -164,7 +164,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "DELETE /api/pleroma/admin/users/tag" do setup %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_tag]) + clear_config([:instance, :admin_privileges], [:users_manage_tags]) user1 = insert(:user, %{tags: ["x"]}) user2 = insert(:user, %{tags: ["y", "z"]}) user3 = insert(:user, %{tags: ["unchanged"]}) @@ -221,7 +221,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert User.get_cached_by_id(user3.id).tags == ["unchanged"] end - test "it requires privileged role :user_tag", %{conn: conn} do + test "it requires privileged role :users_manage_tags", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -324,7 +324,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "/api/pleroma/admin/users/:nickname/password_reset" do test "it returns a password reset link", %{conn: conn} do - clear_config([:instance, :admin_privileges], [:user_credentials]) + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) user = insert(:user) @@ -338,7 +338,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) end - test "it requires privileged role :user_credentials", %{conn: conn} do + test "it requires privileged role :users_manage_credentials", %{conn: conn} do clear_config([:instance, :admin_privileges], []) response = @@ -410,7 +410,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /api/pleroma/admin/users/:nickname/statuses" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user) @@ -428,7 +428,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert length(activities) == 3 end - test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + test "it requires privileged role :messages_read", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses") @@ -497,7 +497,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /api/pleroma/admin/users/:nickname/chats" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user) @@ -516,7 +516,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert json_response(conn, 200) |> length() == 3 end - test "it requires privileged role :statuses_read", %{conn: conn, user: user} do + test "it requires privileged role :messages_read", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") @@ -811,7 +811,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end test "changes password and email", %{conn: conn, admin: admin, user: user} do - clear_config([:instance, :admin_privileges], [:user_credentials]) + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) assert user.password_reset_pending == false @@ -855,7 +855,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert json_response(conn, :forbidden) end - test "returns 403 if not privileged with :user_credentials", %{conn: conn, user: user} do + test "returns 403 if not privileged with :users_manage_credentials", %{conn: conn, user: user} do clear_config([:instance, :admin_privileges], []) conn = @@ -1085,7 +1085,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "POST /api/v1/pleroma/admin/reload_emoji" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) admin = insert(:user, is_admin: true) token = insert(:oauth_admin_token, user: admin) @@ -1098,7 +1098,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do {:ok, %{conn: conn, admin: admin}} end - test "it requires privileged role :emoji_management", %{conn: conn} do + test "it requires privileged role :emoji_manage_emoji", %{conn: conn} do assert conn |> post("/api/v1/pleroma/admin/reload_emoji") |> json_response(200) diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs index e080cd225..aa47b74e8 100644 --- a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs @@ -28,7 +28,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) admin_setup() end @@ -64,7 +64,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do describe "GET /api/pleroma/admin/chats/:id/messages" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) admin_setup() end @@ -130,7 +130,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do assert length(result) == 3 end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/chats/some_id/messages") @@ -141,7 +141,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do describe "GET /api/pleroma/admin/chats/:id" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) admin_setup() end @@ -162,7 +162,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do refute result["account"] end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/chats/some_id") diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index e75222f99..47af8e7d9 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -31,7 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do end test "GET /instances/:instance/statuses", %{conn: conn} do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") insert_pair(:note_activity, user: user) diff --git a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs index b8c812acc..8051cb2e9 100644 --- a/test/pleroma/web/admin_api/controllers/invite_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/invite_controller_test.exs @@ -26,10 +26,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do setup do clear_config([:instance, :registrations_open], false) clear_config([:instance, :invites_enabled], true) - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -134,7 +134,7 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do setup do clear_config([:instance, :registrations_open]) clear_config([:instance, :invites_enabled]) - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do @@ -178,10 +178,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do describe "POST /api/pleroma/admin/users/invite_token" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -257,10 +257,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do describe "GET /api/pleroma/admin/users/invites" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/invites") @@ -297,10 +297,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do describe "POST /api/pleroma/admin/users/revoke_invite" do setup do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) end - test "returns 403 if not privileged with :user_invite", %{conn: conn} do + test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index 42b5000fc..b155cf01a 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -27,10 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "GET /api/pleroma/admin/reports/:id" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) end - test "returns 403 if not privileged with :report_handle", %{conn: conn} do + test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -77,7 +77,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "PATCH /api/pleroma/admin/reports" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -102,7 +102,11 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do } end - test "returns 403 if not privileged with :report_handle", %{conn: conn, id: id, admin: admin} do + test "returns 403 if not privileged with :reports_manage_reports", %{ + conn: conn, + id: id, + admin: admin + } do clear_config([:instance, :admin_privileges], []) conn = @@ -240,10 +244,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "GET /api/pleroma/admin/reports" do setup do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) end - test "returns 403 if not privileged with :report_handle", %{conn: conn} do + test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = @@ -361,7 +365,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do describe "POST /api/pleroma/admin/reports/:id/notes" do setup %{conn: conn, admin: admin} do - clear_config([:instance, :admin_privileges], [:report_handle]) + clear_config([:instance, :admin_privileges], [:reports_manage_reports]) [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -391,7 +395,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do } end - test "returns 403 if not privileged with :report_handle", %{conn: conn, report_id: report_id} do + test "returns 403 if not privileged with :reports_manage_reports", %{ + conn: conn, + report_id: report_id + } do clear_config([:instance, :admin_privileges], []) post_conn = diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs index 2daf6a50d..8908a2812 100644 --- a/test/pleroma/web/admin_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/status_controller_test.exs @@ -27,7 +27,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "GET /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) end test "not found", %{conn: conn} do @@ -64,7 +64,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "PUT /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -134,7 +134,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do json_response_and_validate_schema(conn, :bad_request) end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -146,7 +146,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "DELETE /api/pleroma/admin/statuses/:id" do setup do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) activity = insert(:note_activity) %{id: activity.id} @@ -171,7 +171,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} end - test "it requires privileged role :status_delete", %{conn: conn} do + test "it requires privileged role :messages_delete", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -183,7 +183,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do describe "GET /api/pleroma/admin/statuses" do setup do - clear_config([:instance, :admin_privileges], [:statuses_read]) + clear_config([:instance, :admin_privileges], [:messages_read]) end test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do @@ -232,7 +232,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do assert json_response_and_validate_schema(conn, 200) |> length() == 3 end - test "it requires privileged role :statuses_read", %{conn: conn} do + test "it requires privileged role :messages_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/statuses") diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index 01bee08d1..bb9dcb4aa 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -38,7 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "with valid `admin_token` query parameter, skips OAuth scopes check" do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) clear_config([:admin_token], "password123") user = insert(:user) @@ -51,7 +51,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) - clear_config([:instance, :admin_privileges], [:user_deletion]) + clear_config([:instance, :admin_privileges], [:users_delete]) user = insert(:user, @@ -107,7 +107,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "multiple users", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_deletion]) + clear_config([:instance, :admin_privileges], [:users_delete]) user_one = insert(:user) user_two = insert(:user) @@ -280,10 +280,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "GET /api/pleroma/admin/users/:nickname" do setup do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) end - test "returns 403 if not privileged with :user_read", %{conn: conn} do + test "returns 403 if not privileged with :users_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users/user.nickname") @@ -406,10 +406,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "GET /api/pleroma/admin/users" do setup do - clear_config([:instance, :admin_privileges], [:user_read]) + clear_config([:instance, :admin_privileges], [:users_read]) end - test "returns 403 if not privileged with :user_read", %{conn: conn} do + test "returns 403 if not privileged with :users_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) conn = get(conn, "/api/pleroma/admin/users?page=1") @@ -850,7 +850,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_invite]) + clear_config([:instance, :admin_privileges], [:users_manage_invites]) user_one = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false) @@ -872,7 +872,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" end - test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :user_invite", + test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites", %{conn: conn} do clear_config([:instance, :admin_privileges], []) @@ -939,7 +939,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do describe "user activation" do test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user_one = insert(:user, is_active: false) user_two = insert(:user, is_active: false) @@ -962,7 +962,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user_one = insert(:user, is_active: true) user_two = insert(:user, is_active: true) @@ -985,7 +985,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do - clear_config([:instance, :admin_privileges], [:user_activation]) + clear_config([:instance, :admin_privileges], [:users_manage_activation_state]) user = insert(:user) diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 4d960e945..25743daae 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -332,7 +332,7 @@ defmodule Pleroma.Web.CommonAPITest do end test "it allows privileged users to delete other user's posts" do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) user = insert(:user) moderator = insert(:user, is_moderator: true) @@ -357,7 +357,7 @@ defmodule Pleroma.Web.CommonAPITest do end test "privileged users deleting non-local posts won't federate the delete" do - clear_config([:instance, :admin_privileges], [:status_delete]) + clear_config([:instance, :admin_privileges], [:messages_delete]) # This is the user of the ingested activity _user = insert(:user, diff --git a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs index e0f1d2ac1..696ac8bd9 100644 --- a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs @@ -74,7 +74,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do end test "by default, does not contain pleroma:report" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) user = insert(:user) other_user = insert(:user) @@ -105,7 +105,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do end test "Pleroma:report is hidden for non-privileged users" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) user = insert(:user) other_user = insert(:user) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 4ea92e329..1d2bb3333 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -969,7 +969,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do end test "when you're privileged to", %{conn: conn} do - clear_config([:instance, :moderator_privileges], [:status_delete]) + clear_config([:instance, :moderator_privileges], [:messages_delete]) activity = insert(:note_activity) moderator = insert(:user, is_moderator: true) diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs index ce94ec7e4..675c8409a 100644 --- a/test/pleroma/web/mastodon_api/views/account_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs @@ -358,7 +358,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do end test "Represent a deactivated user for a privileged user" do - clear_config([:instance, :moderator_privileges], [:user_activation]) + clear_config([:instance, :moderator_privileges], [:users_manage_activation_state]) admin = insert(:user, is_moderator: true) deactivated_user = insert(:user, is_active: false) diff --git a/test/pleroma/web/mastodon_api/views/notification_view_test.exs b/test/pleroma/web/mastodon_api/views/notification_view_test.exs index 76338877e..594378be1 100644 --- a/test/pleroma/web/mastodon_api/views/notification_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/notification_view_test.exs @@ -218,7 +218,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do end test "Report notification" do - clear_config([:instance, :moderator_privileges], [:report_handle]) + clear_config([:instance, :moderator_privileges], [:reports_manage_reports]) reporting_user = insert(:user) reported_user = insert(:user) diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs index e46a363a4..540b452c7 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_file_controller_test.exs @@ -30,7 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -379,7 +379,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do |> json_response_and_validate_schema(:bad_request) end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs index 6558767d2..1d5240639 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_pack_controller_test.exs @@ -100,7 +100,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do describe "GET /api/pleroma/emoji/packs/remote" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "shareable instance", %{admin_conn: admin_conn, conn: conn} do @@ -141,7 +141,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do } end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn @@ -183,7 +183,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do describe "POST /api/pleroma/emoji/packs/download" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "shared pack from remote and non shared from fallback-src", %{ @@ -361,7 +361,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do } end - test "it requires privileged role :emoji_management", %{admin_conn: conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn @@ -377,7 +377,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) pack_file = "#{@emoji_path}/test_pack/pack.json" original_content = File.read!(pack_file) @@ -466,7 +466,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do } end - test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do + test "it requires privileged role :emoji_manage_emoji", %{ + admin_conn: conn, + new_data: new_data + } do clear_config([:instance, :admin_privileges], []) assert conn @@ -478,7 +481,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do setup do - clear_config([:instance, :admin_privileges], [:emoji_management]) + clear_config([:instance, :admin_privileges], [:emoji_manage_emoji]) end test "returns an error on creates pack when file system not writable", %{ @@ -564,7 +567,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do } end - test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do + test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do clear_config([:instance, :admin_privileges], []) assert admin_conn -- cgit v1.2.3 From c0e4b1b3e27a4a8f8f02ea6a33b76c6f2a386d95 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 2 Jul 2022 07:52:39 +0200 Subject: Fix typo's priviledge |-> privilege --- test/pleroma/web/plugs/ensure_privileged_plug_test.exs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/plugs/ensure_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs index 423413946..4b6679b66 100644 --- a/test/pleroma/web/plugs/ensure_privileged_plug_test.exs +++ b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs @@ -64,7 +64,7 @@ defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do assert conn.status == 403 end - test "accepts for a priviledged role even if other role isn't priviledged" do + test "accepts for a privileged role even if other role isn't privileged" do clear_config([:instance, :admin_privileges], [:cofe]) clear_config([:instance, :moderator_privileges], []) user = insert(:user, is_admin: true, is_moderator: true) @@ -72,7 +72,7 @@ defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) - # priviledged through admin role + # privileged through admin role assert conn == ret_conn clear_config([:instance, :admin_privileges], []) @@ -82,7 +82,7 @@ defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do ret_conn = EnsurePrivilegedPlug.call(conn, :cofe) - # priviledged through moderator role + # privileged through moderator role assert conn == ret_conn end -- cgit v1.2.3 From 42d4bd3a5d49a472b8fcb85e6cd413eb0d6dab3f Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 2 Jul 2022 08:55:14 +0200 Subject: Rename pipelines and add forgotten tags I renamed some tags before, but forgot to rename the pipelines I also had some tags which I forgot to add to the config, description, etc. These have now been done/added --- test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs | 4 ++-- test/pleroma/web/admin_api/controllers/instance_controller_test.exs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 34ec28012..372f4fe63 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -971,7 +971,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "/api/pleroma/admin/stats" do setup do - clear_config([:instance, :admin_privileges], [:stats_read]) + clear_config([:instance, :admin_privileges], [:statistics_read]) end test "status visibility count", %{conn: conn} do @@ -1007,7 +1007,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do response["status_visibility"] end - test "it requires privileged role :stats_read", %{conn: conn} do + test "it requires privileged role :statistics_read", %{conn: conn} do clear_config([:instance, :admin_privileges], []) assert conn diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs index 47af8e7d9..6cca623f3 100644 --- a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs @@ -68,7 +68,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do end test "DELETE /instances/:instance", %{conn: conn} do - clear_config([:instance, :admin_privileges], [:instance_delete]) + clear_config([:instance, :admin_privileges], [:instances_delete]) user = insert(:user, nickname: "lain@lain.com") post = insert(:note_activity, user: user) -- cgit v1.2.3 From 6ef38c6523fc8b7f28ef92d38b9ca829d8a7248e Mon Sep 17 00:00:00 2001 From: Ilja Date: Tue, 5 Jul 2022 08:57:50 +0200 Subject: Improve tests after code review --- test/pleroma/user/query_test.exs | 47 +++++++--------------------------------- test/pleroma/user_test.exs | 47 +++++++--------------------------------- 2 files changed, 16 insertions(+), 78 deletions(-) (limited to 'test') diff --git a/test/pleroma/user/query_test.exs b/test/pleroma/user/query_test.exs index 7e443536b..30a4637f2 100644 --- a/test/pleroma/user/query_test.exs +++ b/test/pleroma/user/query_test.exs @@ -58,80 +58,49 @@ defmodule Pleroma.User.QueryTest do } end - test "doesn't return any users when there are no privileged roles", %{ - user: user, - moderator_user: moderator_user, - admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user - } do + test "doesn't return any users when there are no privileged roles" do clear_config([:instance, :admin_privileges], []) clear_config([:instance, :moderator_privileges], []) - refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert [] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() end test "returns moderator users if they are privileged", %{ - user: user, moderator_user: moderator_user, - admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], []) clear_config([:instance, :moderator_privileges], [:cofe]) - refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) end test "returns admin users if they are privileged", %{ - user: user, - moderator_user: moderator_user, admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], [:cofe]) clear_config([:instance, :moderator_privileges], []) - refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) end test "returns admin and moderator users if they are both privileged", %{ - user: user, moderator_user: moderator_user, admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], [:cofe]) clear_config([:instance, :moderator_privileges], [:cofe]) - refute user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) + assert [_, _, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute remote_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) - refute non_active_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all()) end end end diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 98e00cecb..25ec44834 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -2023,80 +2023,49 @@ defmodule Pleroma.UserTest do } end - test "doesn't return any users when there are no privileged roles", %{ - user: user, - moderator_user: moderator_user, - admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user - } do + test "doesn't return any users when there are no privileged roles" do clear_config([:instance, :admin_privileges], []) clear_config([:instance, :moderator_privileges], []) - refute user in User.all_users_with_privilege(:cofe) - refute admin_user in User.all_users_with_privilege(:cofe) - refute moderator_user in User.all_users_with_privilege(:cofe) - refute admin_moderator_user in User.all_users_with_privilege(:cofe) - refute remote_user in User.all_users_with_privilege(:cofe) - refute non_active_user in User.all_users_with_privilege(:cofe) + assert [] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() end test "returns moderator users if they are privileged", %{ - user: user, moderator_user: moderator_user, - admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], []) clear_config([:instance, :moderator_privileges], [:cofe]) - refute user in User.all_users_with_privilege(:cofe) - refute admin_user in User.all_users_with_privilege(:cofe) + assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert moderator_user in User.all_users_with_privilege(:cofe) assert admin_moderator_user in User.all_users_with_privilege(:cofe) - refute remote_user in User.all_users_with_privilege(:cofe) - refute non_active_user in User.all_users_with_privilege(:cofe) end test "returns admin users if they are privileged", %{ - user: user, - moderator_user: moderator_user, admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], [:cofe]) clear_config([:instance, :moderator_privileges], []) - refute user in User.all_users_with_privilege(:cofe) + assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert admin_user in User.all_users_with_privilege(:cofe) - refute moderator_user in User.all_users_with_privilege(:cofe) assert admin_moderator_user in User.all_users_with_privilege(:cofe) - refute remote_user in User.all_users_with_privilege(:cofe) - refute non_active_user in User.all_users_with_privilege(:cofe) end test "returns admin and moderator users if they are both privileged", %{ - user: user, moderator_user: moderator_user, admin_user: admin_user, - admin_moderator_user: admin_moderator_user, - remote_user: remote_user, - non_active_user: non_active_user + admin_moderator_user: admin_moderator_user } do clear_config([:instance, :admin_privileges], [:cofe]) clear_config([:instance, :moderator_privileges], [:cofe]) - refute user in User.all_users_with_privilege(:cofe) + assert [_, _, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all() assert admin_user in User.all_users_with_privilege(:cofe) assert moderator_user in User.all_users_with_privilege(:cofe) assert admin_moderator_user in User.all_users_with_privilege(:cofe) - refute remote_user in User.all_users_with_privilege(:cofe) - refute non_active_user in User.all_users_with_privilege(:cofe) end end -- cgit v1.2.3 From c045a49909c2a1078864484d0327e03dac73687b Mon Sep 17 00:00:00 2001 From: Ilja Date: Thu, 14 Jul 2022 08:40:26 +0200 Subject: Add privilege for announcements --- .../controllers/announcement_controller_test.exs | 96 +++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/announcement_controller_test.exs b/test/pleroma/web/admin_api/controllers/announcement_controller_test.exs index 5b8148c05..cf60bcad5 100644 --- a/test/pleroma/web/admin_api/controllers/announcement_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/announcement_controller_test.exs @@ -3,11 +3,12 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do - use Pleroma.Web.ConnCase + use Pleroma.Web.ConnCase, async: false import Pleroma.Factory setup do + clear_config([:instance, :admin_privileges], [:announcements_manage_announcements]) admin = insert(:user, is_admin: true) token = insert(:oauth_admin_token, user: admin) @@ -31,6 +32,18 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do assert [%{"id" => ^id}] = response end + test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do + conn + |> get("/api/v1/pleroma/admin/announcements") + |> json_response_and_validate_schema(:ok) + + clear_config([:instance, :admin_privileges], []) + + conn + |> get("/api/v1/pleroma/admin/announcements") + |> json_response(:forbidden) + end + test "it paginates announcements", %{conn: conn} do _announcements = Enum.map(0..20, fn _ -> insert(:announcement) end) @@ -92,6 +105,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do assert %{"id" => ^id} = response end + test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do + %{id: id} = insert(:announcement) + + conn + |> get("/api/v1/pleroma/admin/announcements/#{id}") + |> json_response_and_validate_schema(:ok) + + clear_config([:instance, :admin_privileges], []) + + conn + |> get("/api/v1/pleroma/admin/announcements/#{id}") + |> json_response(:forbidden) + end + test "it returns not found for non-existent id", %{conn: conn} do %{id: id} = insert(:announcement) @@ -112,6 +139,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do |> json_response_and_validate_schema(:ok) end + test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do + %{id: id} = insert(:announcement) + + conn + |> delete("/api/v1/pleroma/admin/announcements/#{id}") + |> json_response_and_validate_schema(:ok) + + clear_config([:instance, :admin_privileges], []) + + conn + |> delete("/api/v1/pleroma/admin/announcements/#{id}") + |> json_response(:forbidden) + end + test "it returns not found for non-existent id", %{conn: conn} do %{id: id} = insert(:announcement) @@ -156,6 +197,29 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq end + test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do + %{id: id} = insert(:announcement) + + now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second) + starts_at = NaiveDateTime.add(now, -10, :second) + + conn + |> put_req_header("content-type", "application/json") + |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{ + starts_at: NaiveDateTime.to_iso8601(starts_at) + }) + |> json_response_and_validate_schema(:ok) + + clear_config([:instance, :admin_privileges], []) + + conn + |> put_req_header("content-type", "application/json") + |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{ + starts_at: NaiveDateTime.to_iso8601(starts_at) + }) + |> json_response(:forbidden) + end + test "it updates with time with utc timezone", %{conn: conn} do %{id: id} = insert(:announcement) @@ -250,6 +314,36 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq end + test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do + content = "test post announcement api" + + now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second) + starts_at = NaiveDateTime.add(now, -10, :second) + ends_at = NaiveDateTime.add(now, 10, :second) + + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/pleroma/admin/announcements", %{ + "content" => content, + "starts_at" => NaiveDateTime.to_iso8601(starts_at), + "ends_at" => NaiveDateTime.to_iso8601(ends_at), + "all_day" => true + }) + |> json_response_and_validate_schema(:ok) + + clear_config([:instance, :admin_privileges], []) + + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/pleroma/admin/announcements", %{ + "content" => content, + "starts_at" => NaiveDateTime.to_iso8601(starts_at), + "ends_at" => NaiveDateTime.to_iso8601(ends_at), + "all_day" => true + }) + |> json_response(:forbidden) + end + test "creating with time with utc timezones", %{conn: conn} do content = "test post announcement api" -- cgit v1.2.3 From 2d7ea263a1f7dba8e0a7667a95ea8af110e9be27 Mon Sep 17 00:00:00 2001 From: Ilja Date: Sat, 24 Sep 2022 13:52:28 +0200 Subject: Add extra routes to :users_manage_credentials privilege --- .../controllers/admin_api_controller_test.exs | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs index 372f4fe63..e1ab50542 100644 --- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs @@ -352,6 +352,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "PUT disable_mfa" do test "returns 200 and disable 2fa", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) + user = insert(:user, multi_factor_authentication_settings: %MFA.Settings{ @@ -373,6 +375,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end test "returns 404 if user not found", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) + response = conn |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"}) @@ -380,6 +384,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert response == %{"error" => "Not found"} end + + test "it requires privileged role :users_manage_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"}) + + assert json_response(response, :forbidden) + end end describe "GET /api/pleroma/admin/restart" do @@ -785,6 +799,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "GET /users/:nickname/credentials" do test "gets the user credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) user = insert(:user) conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials") @@ -793,6 +808,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do end test "returns 403 if requested by a non-admin" do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) user = insert(:user) conn = @@ -802,6 +818,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert json_response(conn, :forbidden) end + + test "it requires privileged role :users_manage_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> get("/api/pleroma/admin/users/nickname/credentials") + + assert json_response(response, :forbidden) + end end describe "PATCH /users/:nickname/credentials" do @@ -896,6 +922,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do describe "PATCH /users/:nickname/force_password_reset" do test "sets password_reset_pending to true", %{conn: conn} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) user = insert(:user) assert user.password_reset_pending == false @@ -908,10 +935,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert User.get_by_id(user.id).password_reset_pending == true end + + test "it requires privileged role :users_manage_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> patch("/api/pleroma/admin/users/force_password_reset", %{nickname: "nickname"}) + + assert json_response(response, :forbidden) + end end describe "PATCH /confirm_email" do test "it confirms emails of two users", %{conn: conn, admin: admin} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) [first_user, second_user] = insert_pair(:user, is_confirmed: false) refute first_user.is_confirmed @@ -938,10 +976,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do assert ModerationLog.get_log_entry_message(log_entry) == "@#{admin.nickname} confirmed email for users: @#{first_user.nickname}, @#{second_user.nickname}" end + + test "it requires privileged role :users_manage_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> patch("/api/pleroma/admin/users/confirm_email", %{nicknames: ["nickname"]}) + + assert json_response(response, :forbidden) + end end describe "PATCH /resend_confirmation_email" do test "it resend emails for two users", %{conn: conn, admin: admin} do + clear_config([:instance, :admin_privileges], [:users_manage_credentials]) [first_user, second_user] = insert_pair(:user, is_confirmed: false) ret_conn = @@ -967,6 +1016,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do |> Swoosh.Email.put_private(:hackney_options, ssl_options: [versions: [:"tlsv1.2"]]) |> assert_email_sent() end + + test "it requires privileged role :users_manage_credentials", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + response = + conn + |> patch("/api/pleroma/admin/users/resend_confirmation_email", %{nicknames: ["nickname"]}) + + assert json_response(response, :forbidden) + end end describe "/api/pleroma/admin/stats" do -- cgit v1.2.3