lib/pleroma/web/plugs/ensure_privileged_plug.ex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

# Pleroma: A lightweight social networking server
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlug do
  @moduledoc """
  Ensures staff are privileged enough to do certain tasks.
  """
  import Pleroma.Web.TranslationHelpers
  import Plug.Conn

  alias Pleroma.Config
  alias Pleroma.User

  def init(options) do
    options
  end

  def call(%{assigns: %{user: %User{is_admin: false, is_moderator: false}}} = conn, _) do
    conn
    |> render_error(:forbidden, "User isn't privileged.")
    |> halt()
  end

  def call(
        %{assigns: %{user: %User{is_admin: is_admin, is_moderator: is_moderator}}} = conn,
        privilege
      ) do
    if (is_admin and privilege in Config.get([:instance, :admin_privileges])) or
         (is_moderator and privilege in Config.get([:instance, :moderator_privileges])) do
      conn
    else
      conn
      |> render_error(:forbidden, "User isn't privileged.")
      |> halt()
    end
  end

  def call(conn, _) do
    conn
    |> render_error(:forbidden, "User isn't privileged.")
    |> halt()
  end
end