Merge pull request #2197 from bookwyrm-social/admin-perms

Admin perms
This commit is contained in:
Mouse Reeve 2022-07-07 14:15:38 -07:00 committed by GitHub
commit 16a76dba72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 76 additions and 45 deletions

View file

@ -132,7 +132,7 @@ class BookWyrmModel(models.Model):
return
# but generally moderators can delete other people's stuff
if self.user == viewer or viewer.has_perm("moderate_post"):
if self.user == viewer or viewer.has_perm("bookwyrm.moderate_post"):
return
raise PermissionDenied()

View file

@ -84,7 +84,7 @@ class LinkDomain(BookWyrmModel):
)
def raise_not_editable(self, viewer):
if viewer.has_perm("moderate_post"):
if viewer.has_perm("bookwyrm.moderate_post"):
return
raise PermissionDenied()

View file

@ -222,8 +222,12 @@ def notify_user_on_import_complete(
@receiver(models.signals.post_save, sender=Report)
@transaction.atomic
# pylint: disable=unused-argument
def notify_admins_on_report(sender, instance, *args, **kwargs):
def notify_admins_on_report(sender, instance, created, *args, **kwargs):
"""something is up, make sure the admins know"""
if not created:
# otherwise you'll get a notification when you resolve a report
return
# moderators and superusers should be notified
admins = User.objects.filter(
models.Q(user_permissions__name__in=["moderate_user", "moderate_post"])

View file

@ -1,12 +1,14 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from django_celery_beat.models import PeriodicTask, IntervalSchedule
from bookwyrm import forms, models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -26,6 +28,10 @@ class AutomodViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
def test_automod_rules_get(self):
@ -40,7 +46,6 @@ class AutomodViews(TestCase):
view = views.AutoMod.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
@ -58,7 +63,6 @@ class AutomodViews(TestCase):
view = views.AutoMod.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
@ -70,7 +74,6 @@ class AutomodViews(TestCase):
view = views.AutoMod.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
@ -88,7 +91,6 @@ class AutomodViews(TestCase):
view = views.AutoMod.as_view()
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -109,7 +111,6 @@ class AutomodViews(TestCase):
form.data["period"] = "days"
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
response = views.schedule_automod_task(request)
self.assertEqual(response.status_code, 302)

View file

@ -1,10 +1,13 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -24,6 +27,10 @@ class DashboardViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
@ -32,7 +39,7 @@ class DashboardViews(TestCase):
view = views.Dashboard.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
validate_html(result.render())

View file

@ -1,11 +1,13 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -25,6 +27,10 @@ class EmailBlocklistViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
@ -33,7 +39,6 @@ class EmailBlocklistViews(TestCase):
view = views.EmailBlocklist.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -46,7 +51,6 @@ class EmailBlocklistViews(TestCase):
view = views.EmailBlocklist.as_view()
request = self.factory.post("", {"domain": "gmail.com"})
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -65,7 +69,6 @@ class EmailBlocklistViews(TestCase):
view = views.EmailBlocklist.as_view()
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request, domain_id=domain.id)
self.assertEqual(result.status_code, 302)

View file

@ -3,12 +3,14 @@ import os
import json
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.core.files.uploadedfile import SimpleUploadedFile
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import forms, models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -38,6 +40,10 @@ class FederationViews(TestCase):
inbox="https://example.com/users/rat/inbox",
outbox="https://example.com/users/rat/outbox",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
@ -46,7 +52,7 @@ class FederationViews(TestCase):
view = views.Federation.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
validate_html(result.render())
@ -58,7 +64,6 @@ class FederationViews(TestCase):
view = views.FederatedServer.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request, server.id)
self.assertIsInstance(result, TemplateResponse)
@ -81,7 +86,6 @@ class FederationViews(TestCase):
view = views.block_server
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
with patch("bookwyrm.suggested_users.bulk_remove_instance_task.delay") as mock:
view(request, server.id)
@ -121,7 +125,6 @@ class FederationViews(TestCase):
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
with patch("bookwyrm.suggested_users.bulk_add_instance_task.delay") as mock:
views.unblock_server(request, server.id)
@ -147,7 +150,6 @@ class FederationViews(TestCase):
view = views.AddFederatedServer.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
@ -164,7 +166,6 @@ class FederationViews(TestCase):
view = views.AddFederatedServer.as_view()
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
view(request)
server = models.FederatedServer.objects.get()
@ -196,7 +197,6 @@ class FederationViews(TestCase):
},
)
request.user = self.local_user
request.user.is_superuser = True
view(request)
server.refresh_from_db()

View file

@ -1,10 +1,13 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import forms, models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -24,6 +27,10 @@ class IPBlocklistViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
@ -32,7 +39,6 @@ class IPBlocklistViews(TestCase):
view = views.IPBlocklist.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -48,7 +54,6 @@ class IPBlocklistViews(TestCase):
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -67,7 +72,6 @@ class IPBlocklistViews(TestCase):
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
view(request, block.id)
self.assertFalse(models.IPBlocklist.objects.exists())

View file

@ -1,11 +1,13 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -25,6 +27,11 @@ class LinkDomainViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
self.book = models.Edition.objects.create(title="hello")
models.FileLink.objects.create(
book=self.book,
@ -39,7 +46,6 @@ class LinkDomainViews(TestCase):
view = views.LinkDomain.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request, "pending")
@ -55,7 +61,6 @@ class LinkDomainViews(TestCase):
view = views.LinkDomain.as_view()
request = self.factory.post("", {"name": "ugh"})
request.user = self.local_user
request.user.is_superuser = True
result = view(request, "pending", domain.id)
self.assertEqual(result.status_code, 302)
@ -71,7 +76,6 @@ class LinkDomainViews(TestCase):
view = views.update_domain_status
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request, domain.id, "approved")
self.assertEqual(result.status_code, 302)

View file

@ -2,11 +2,13 @@
import json
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -33,6 +35,10 @@ class ReportViews(TestCase):
local=True,
localname="rat",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
def test_reports_page(self):
@ -40,7 +46,6 @@ class ReportViews(TestCase):
view = views.ReportsAdmin.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
@ -52,7 +57,6 @@ class ReportViews(TestCase):
view = views.ReportsAdmin.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
models.Report.objects.create(reporter=self.local_user, user=self.rat)
result = view(request)
@ -65,7 +69,6 @@ class ReportViews(TestCase):
view = views.ReportAdmin.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
report = models.Report.objects.create(reporter=self.local_user, user=self.rat)
result = view(request, report.id)
@ -79,7 +82,6 @@ class ReportViews(TestCase):
view = views.ReportAdmin.as_view()
request = self.factory.post("", {"note": "hi"})
request.user = self.local_user
request.user.is_superuser = True
report = models.Report.objects.create(reporter=self.local_user, user=self.rat)
view(request, report.id)
@ -95,7 +97,6 @@ class ReportViews(TestCase):
self.assertFalse(report.resolved)
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
# resolve
views.resolve_report(request, report.id)
@ -115,7 +116,6 @@ class ReportViews(TestCase):
self.assertTrue(self.rat.is_active)
request = self.factory.post("")
request.user = self.local_user
request.user.is_superuser = True
# de-activate
views.suspend_user(request, self.rat.id)
@ -134,7 +134,6 @@ class ReportViews(TestCase):
self.assertTrue(self.rat.is_active)
request = self.factory.post("", {"password": "password"})
request.user = self.local_user
request.user.is_superuser = True
# de-activate
with patch(

View file

@ -1,10 +1,13 @@
""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import Group
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import forms, models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -24,6 +27,10 @@ class SiteSettingsViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="admin")
self.local_user.groups.set([group])
self.site = models.SiteSettings.objects.create()
@ -32,7 +39,7 @@ class SiteSettingsViews(TestCase):
view = views.Site.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
validate_html(result.render())
@ -51,7 +58,6 @@ class SiteSettingsViews(TestCase):
form.data["privacy_policy"] = "blah"
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
@ -68,7 +74,6 @@ class SiteSettingsViews(TestCase):
form = forms.SiteForm()
request = self.factory.post("", form.data)
request.user = self.local_user
request.user.is_superuser = True
result = view(request)

View file

@ -7,6 +7,7 @@ from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import models, views
from bookwyrm.management.commands import initdb
from bookwyrm.tests.validate_html import validate_html
@ -26,6 +27,10 @@ class UserAdminViews(TestCase):
local=True,
localname="mouse",
)
initdb.init_groups()
initdb.init_permissions()
group = Group.objects.get(name="moderator")
self.local_user.groups.set([group])
models.SiteSettings.objects.create()
def test_user_admin_list_page(self):
@ -33,7 +38,7 @@ class UserAdminViews(TestCase):
view = views.UserAdminList.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request)
self.assertIsInstance(result, TemplateResponse)
validate_html(result.render())
@ -44,7 +49,6 @@ class UserAdminViews(TestCase):
view = views.UserAdmin.as_view()
request = self.factory.get("")
request.user = self.local_user
request.user.is_superuser = True
result = view(request, self.local_user.id)
@ -57,15 +61,14 @@ class UserAdminViews(TestCase):
@patch("bookwyrm.suggested_users.remove_user_task.delay")
def test_user_admin_page_post(self, *_):
"""set the user's group"""
group = Group.objects.create(name="editor")
group = Group.objects.get(name="editor")
self.assertEqual(
list(self.local_user.groups.values_list("name", flat=True)), []
list(self.local_user.groups.values_list("name", flat=True)), ["moderator"]
)
view = views.UserAdmin.as_view()
request = self.factory.post("", {"groups": [group.id]})
request.user = self.local_user
request.user.is_superuser = True
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async"):
result = view(request, self.local_user.id)

View file

@ -45,6 +45,7 @@ class LinkDomain(View):
@require_POST
@login_required
@permission_required("bookwyrm.moderate_user")
def update_domain_status(request, domain_id, status):
"""This domain seems fine"""
domain = get_object_or_404(models.LinkDomain, id=domain_id)

View file

@ -83,7 +83,7 @@ class ReportAdmin(View):
@login_required
@permission_required("bookwyrm_moderate_user")
@permission_required("bookwyrm.moderate_user")
def suspend_user(_, user_id):
"""mark an account as inactive"""
user = get_object_or_404(models.User, id=user_id)
@ -95,7 +95,7 @@ def suspend_user(_, user_id):
@login_required
@permission_required("bookwyrm_moderate_user")
@permission_required("bookwyrm.moderate_user")
def unsuspend_user(_, user_id):
"""mark an account as inactive"""
user = get_object_or_404(models.User, id=user_id)
@ -107,7 +107,7 @@ def unsuspend_user(_, user_id):
@login_required
@permission_required("bookwyrm_moderate_user")
@permission_required("bookwyrm.moderate_user")
def moderator_delete_user(request, user_id):
"""permanently delete a user"""
user = get_object_or_404(models.User, id=user_id)
@ -132,7 +132,7 @@ def moderator_delete_user(request, user_id):
@login_required
@permission_required("bookwyrm_moderate_post")
@permission_required("bookwyrm.moderate_post")
def resolve_report(_, report_id):
"""mark a report as (un)resolved"""
report = get_object_or_404(models.Report, id=report_id)

View file

@ -62,7 +62,7 @@ class UserAdminList(View):
@method_decorator(login_required, name="dispatch")
@method_decorator(
permission_required("bookwyrm.moderate_users", raise_exception=True),
permission_required("bookwyrm.moderate_user", raise_exception=True),
name="dispatch",
)
class UserAdmin(View):