diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index 102a00fbd..1d5b80ed1 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -304,6 +304,15 @@ definitions:
x-go-name: Note
role:
$ref: '#/definitions/accountRole'
+ roles:
+ description: |-
+ Roles lists the public roles of the account on this instance.
+ Unlike Role, this is always available, but never includes permissions details.
+ Key/value omitted for remote accounts.
+ items:
+ $ref: '#/definitions/accountDisplayRole'
+ type: array
+ x-go-name: Roles
source:
$ref: '#/definitions/Source'
statuses_count:
@@ -333,6 +342,29 @@ definitions:
type: object
x-go-name: Account
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
+ accountDisplayRole:
+ description: This is a subset of AccountRole.
+ properties:
+ color:
+ description: |-
+ Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
+ Since GotoSocial doesn't use role colors, we leave this empty.
+ type: string
+ x-go-name: Color
+ id:
+ description: |-
+ ID of the role.
+ Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
+ type: string
+ x-go-name: ID
+ name:
+ description: Name of the role.
+ type: string
+ x-go-name: Name
+ title: AccountDisplayRole models a public, displayable role of an account.
+ type: object
+ x-go-name: AccountDisplayRole
+ x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
accountExportStats:
description: |-
AccountExportStats models an account's stats
@@ -448,9 +480,32 @@ definitions:
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
accountRole:
properties:
+ color:
+ description: |-
+ Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
+ Since GotoSocial doesn't use role colors, we leave this empty.
+ type: string
+ x-go-name: Color
+ highlighted:
+ description: |-
+ Highlighted indicates whether the role is publicly visible on the user profile.
+ This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
+ type: boolean
+ x-go-name: Highlighted
+ id:
+ description: |-
+ ID of the role.
+ Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
+ type: string
+ x-go-name: ID
name:
+ description: Name of the role.
type: string
x-go-name: Name
+ permissions:
+ description: Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
+ type: string
+ x-go-name: Permissions
title: AccountRole models the role of an account.
type: object
x-go-name: AccountRole
@@ -2209,6 +2264,15 @@ definitions:
x-go-name: Note
role:
$ref: '#/definitions/accountRole'
+ roles:
+ description: |-
+ Roles lists the public roles of the account on this instance.
+ Unlike Role, this is always available, but never includes permissions details.
+ Key/value omitted for remote accounts.
+ items:
+ $ref: '#/definitions/accountDisplayRole'
+ type: array
+ x-go-name: Roles
source:
$ref: '#/definitions/Source'
statuses_count:
diff --git a/internal/api/client/accounts/accountget_test.go b/internal/api/client/accounts/accountget_test.go
new file mode 100644
index 000000000..421de0d64
--- /dev/null
+++ b/internal/api/client/accounts/accountget_test.go
@@ -0,0 +1,118 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package accounts_test
+
+import (
+ "encoding/json"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/gin-gonic/gin"
+ "github.com/stretchr/testify/suite"
+ "github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+)
+
+type AccountGetTestSuite struct {
+ AccountStandardTestSuite
+}
+
+// accountVerifyGet calls the get account API method for a given account fixture name.
+func (suite *AccountGetTestSuite) getAccount(id string) *apimodel.Account {
+ recorder := httptest.NewRecorder()
+ ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.BasePath+"/"+id, "")
+ ctx.Params = gin.Params{
+ gin.Param{
+ Key: accounts.IDKey,
+ Value: id,
+ },
+ }
+
+ // call the handler
+ suite.accountsModule.AccountGETHandler(ctx)
+
+ // 1. we should have OK because our request was valid
+ suite.Equal(http.StatusOK, recorder.Code)
+
+ // 2. we should have no error message in the result body
+ result := recorder.Result()
+ defer result.Body.Close()
+
+ // check the response
+ b, err := io.ReadAll(result.Body)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ // unmarshal the returned account
+ apimodelAccount := &apimodel.Account{}
+ err = json.Unmarshal(b, apimodelAccount)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ return apimodelAccount
+}
+
+// Fetching the currently logged-in account shows extra info,
+// so we should see permissions, but this account is a regular user and should have no display role.
+func (suite *AccountGetTestSuite) TestGetDisplayRoleForSelf() {
+ apimodelAccount := suite.getAccount(suite.testAccounts["local_account_1"].ID)
+
+ // Role should be set, but permissions should be empty.
+ if suite.NotNil(apimodelAccount.Role) {
+ role := apimodelAccount.Role
+ suite.Equal("user", string(role.Name))
+ suite.Zero(role.Permissions)
+ }
+
+ // Roles should not have anything in it.
+ suite.Empty(apimodelAccount.Roles)
+}
+
+// We should not see a display role for an ordinary local account.
+func (suite *AccountGetTestSuite) TestGetDisplayRoleForUserAccount() {
+ apimodelAccount := suite.getAccount(suite.testAccounts["local_account_2"].ID)
+
+ // Role should not be set.
+ suite.Nil(apimodelAccount.Role)
+
+ // Roles should not have anything in it.
+ suite.Empty(apimodelAccount.Roles)
+}
+
+// We should be able to get a display role for an admin account.
+func (suite *AccountGetTestSuite) TestGetDisplayRoleForAdminAccount() {
+ apimodelAccount := suite.getAccount(suite.testAccounts["admin_account"].ID)
+
+ // Role should not be set.
+ suite.Nil(apimodelAccount.Role)
+
+ // Roles should have exactly one display role.
+ if suite.Len(apimodelAccount.Roles, 1) {
+ role := apimodelAccount.Roles[0]
+ suite.Equal("admin", string(role.Name))
+ suite.NotEmpty(role.ID)
+ }
+}
+
+func TestAccountGetTestSuite(t *testing.T) {
+ suite.Run(t, new(AccountGetTestSuite))
+}
diff --git a/internal/api/client/accounts/accountverify_test.go b/internal/api/client/accounts/accountverify_test.go
index 9308cc92a..af8c2346c 100644
--- a/internal/api/client/accounts/accountverify_test.go
+++ b/internal/api/client/accounts/accountverify_test.go
@@ -19,30 +19,35 @@ package accounts_test
import (
"encoding/json"
- "io/ioutil"
+ "io"
"net/http"
"net/http/httptest"
"testing"
"time"
- "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
type AccountVerifyTestSuite struct {
AccountStandardTestSuite
}
-func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
- testAccount := suite.testAccounts["local_account_1"]
-
+// accountVerifyGet calls the verify_credentials API method for a given account fixture name.
+// Assumes token and user fixture names are the same as the account fixture name.
+func (suite *AccountVerifyTestSuite) accountVerifyGet(fixtureName string) *apimodel.Account {
// set up the request
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.VerifyPath, "")
+ // override the account that we're authenticated as
+ ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[fixtureName])
+ ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[fixtureName]))
+ ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[fixtureName])
+
// call the handler
suite.accountsModule.AccountVerifyGETHandler(ctx)
@@ -54,13 +59,27 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
defer result.Body.Close()
// check the response
- b, err := ioutil.ReadAll(result.Body)
- assert.NoError(suite.T(), err)
+ b, err := io.ReadAll(result.Body)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
- suite.NoError(err)
+ if err != nil {
+ suite.FailNow(err.Error())
+ }
+
+ return apimodelAccount
+}
+
+// We should see public account information and profile source for a normal user.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
+ fixtureName := "local_account_1"
+ testAccount := suite.testAccounts[fixtureName]
+
+ apimodelAccount := suite.accountVerifyGet(fixtureName)
createdAt, err := time.Parse(time.RFC3339, apimodelAccount.CreatedAt)
suite.NoError(err)
@@ -85,6 +104,43 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
suite.Equal(testAccount.NoteRaw, apimodelAccount.Source.Note)
}
+// testAccountVerifyGetRole calls the verify_credentials API method for a given account fixture name,
+// and checks the response for permissions appropriate to the role.
+func (suite *AccountVerifyTestSuite) testAccountVerifyGetRole(fixtureName string) {
+ testUser := suite.testUsers[fixtureName]
+
+ apimodelAccount := suite.accountVerifyGet(fixtureName)
+
+ if suite.NotNil(apimodelAccount.Role) {
+ switch {
+ case *testUser.Admin:
+ suite.Equal("admin", string(apimodelAccount.Role.Name))
+ suite.NotZero(apimodelAccount.Role.Permissions)
+ suite.True(apimodelAccount.Role.Highlighted)
+
+ case *testUser.Moderator:
+ suite.Equal("moderator", string(apimodelAccount.Role.Name))
+ suite.Zero(apimodelAccount.Role.Permissions)
+ suite.True(apimodelAccount.Role.Highlighted)
+
+ default:
+ suite.Equal("user", string(apimodelAccount.Role.Name))
+ suite.Zero(apimodelAccount.Role.Permissions)
+ suite.False(apimodelAccount.Role.Highlighted)
+ }
+ }
+}
+
+// We should see a role for a normal user, and that role should not have any permissions.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleUser() {
+ suite.testAccountVerifyGetRole("local_account_1")
+}
+
+// We should see a role for an admin user, and that role should have some permissions.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleAdmin() {
+ suite.testAccountVerifyGetRole("admin_account")
+}
+
func TestAccountVerifyTestSuite(t *testing.T) {
suite.Run(t, new(AccountVerifyTestSuite))
}
diff --git a/internal/api/client/admin/accountsgetv2_test.go b/internal/api/client/admin/accountsgetv2_test.go
index 15eb8534b..83f394803 100644
--- a/internal/api/client/admin/accountsgetv2_test.go
+++ b/internal/api/client/admin/accountsgetv2_test.go
@@ -70,7 +70,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -109,10 +113,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -127,7 +128,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -156,9 +161,13 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -173,7 +182,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -214,7 +227,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": "I wanna be on this damned webbed site so bad! Please! Wow",
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -244,10 +261,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -262,7 +276,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": "hi, please let me in! I'm looking for somewhere neato bombeato to hang out.",
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -289,10 +307,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"statuses_count": 0,
"last_status_at": null,
"emojis": [],
- "fields": [],
- "role": {
- "name": "user"
- }
+ "fields": []
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -307,7 +322,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -348,7 +367,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -389,7 +412,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -431,7 +458,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -511,7 +542,11 @@ func (suite *AccountsGetTestSuite) TestAccountsMinID() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
diff --git a/internal/api/client/admin/reportsget_test.go b/internal/api/client/admin/reportsget_test.go
index 5dead789a..5213dd574 100644
--- a/internal/api/client/admin/reportsget_test.go
+++ b/internal/api/client/admin/reportsget_test.go
@@ -157,7 +157,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -198,7 +202,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -237,10 +245,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -255,7 +260,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -284,9 +293,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -301,7 +314,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -330,9 +347,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -360,7 +381,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -399,10 +424,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -417,7 +439,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -605,7 +631,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -644,10 +674,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -662,7 +689,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -850,7 +881,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -889,10 +924,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -907,7 +939,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
diff --git a/internal/api/client/instance/instancepatch_test.go b/internal/api/client/instance/instancepatch_test.go
index 095e2e543..f12638f82 100644
--- a/internal/api/client/instance/instancepatch_test.go
+++ b/internal/api/client/instance/instancepatch_test.go
@@ -176,9 +176,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch1() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
@@ -312,9 +316,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch2() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
@@ -448,9 +456,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch3() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
@@ -635,9 +647,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch6() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
@@ -797,9 +813,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch8() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
@@ -970,9 +990,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch9() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [
diff --git a/internal/api/client/statuses/statushistory_test.go b/internal/api/client/statuses/statushistory_test.go
index cadf3cb72..bcbeeba7d 100644
--- a/internal/api/client/statuses/statushistory_test.go
+++ b/internal/api/client/statuses/statushistory_test.go
@@ -118,10 +118,7 @@ func (suite *StatusHistoryTestSuite) TestGetHistory() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"poll": null,
"media_attachments": [],
diff --git a/internal/api/client/statuses/statusmute_test.go b/internal/api/client/statuses/statusmute_test.go
index 62be671fa..e506f8717 100644
--- a/internal/api/client/statuses/statusmute_test.go
+++ b/internal/api/client/statuses/statusmute_test.go
@@ -136,10 +136,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"media_attachments": [],
"mentions": [],
@@ -224,10 +221,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"media_attachments": [],
"mentions": [],
diff --git a/internal/api/model/account.go b/internal/api/model/account.go
index c5b629db0..0eaf52734 100644
--- a/internal/api/model/account.go
+++ b/internal/api/model/account.go
@@ -18,8 +18,11 @@
package model
import (
+ "encoding/json"
+ "errors"
"mime/multipart"
"net"
+ "strconv"
)
// Account models a fediverse account.
@@ -105,8 +108,13 @@ type Account struct {
// Key/value omitted if false.
HideCollections bool `json:"hide_collections,omitempty"`
// Role of the account on this instance.
+ // Only available through the `verify_credentials` API method.
// Key/value omitted for remote accounts.
Role *AccountRole `json:"role,omitempty"`
+ // Roles lists the public roles of the account on this instance.
+ // Unlike Role, this is always available, but never includes permissions details.
+ // Key/value omitted for remote accounts.
+ Roles []AccountDisplayRole `json:"roles,omitempty"`
// If set, indicates that this account is currently inactive, and has migrated to the given account.
// Key/value omitted for accounts that haven't moved, and for suspended accounts.
Moved *Account `json:"moved,omitempty"`
@@ -286,11 +294,35 @@ type AccountAliasRequest struct {
AlsoKnownAsURIs []string `form:"also_known_as_uris" json:"also_known_as_uris" xml:"also_known_as_uris"`
}
+// AccountDisplayRole models a public, displayable role of an account.
+// This is a subset of AccountRole.
+//
+// swagger:model accountDisplayRole
+type AccountDisplayRole struct {
+ // ID of the role.
+ // Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
+ ID string `json:"id"`
+
+ // Name of the role.
+ Name AccountRoleName `json:"name"`
+
+ // Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
+ // Since GotoSocial doesn't use role colors, we leave this empty.
+ Color string `json:"color"`
+}
+
// AccountRole models the role of an account.
//
// swagger:model accountRole
type AccountRole struct {
- Name AccountRoleName `json:"name"`
+ AccountDisplayRole
+
+ // Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
+ Permissions AccountRolePermissions `json:"permissions"`
+
+ // Highlighted indicates whether the role is publicly visible on the user profile.
+ // This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
+ Highlighted bool `json:"highlighted"`
}
// AccountRoleName represent the name of the role of an account.
@@ -305,6 +337,103 @@ const (
AccountRoleUnknown AccountRoleName = "" // We don't know / remote account
)
+// AccountRolePermissions is a bitmap representing a set of user permissions.
+// It's used for Mastodon API compatibility: internally, GotoSocial only tracks admins and moderators.
+//
+// swagger:type string
+type AccountRolePermissions int
+
+// MarshalJSON serializes an AccountRolePermissions as a numeric string.
+func (a *AccountRolePermissions) MarshalJSON() ([]byte, error) {
+ return json.Marshal(strconv.Itoa(int(*a)))
+}
+
+// UnmarshalJSON deserializes an AccountRolePermissions from a number or numeric string.
+func (a *AccountRolePermissions) UnmarshalJSON(b []byte) error {
+ if string(b) == "null" {
+ return nil
+ }
+
+ i := 0
+ if err := json.Unmarshal(b, &i); err != nil {
+ s := ""
+ if err := json.Unmarshal(b, &s); err != nil {
+ return errors.New("not a number or string")
+ }
+
+ i, err = strconv.Atoi(s)
+ if err != nil {
+ return errors.New("not a numeric string")
+ }
+ }
+
+ *a = AccountRolePermissions(i)
+ return nil
+}
+
+const (
+ // AccountRolePermissionsNone represents an empty set of permissions.
+ AccountRolePermissionsNone AccountRolePermissions = 0
+ // AccountRolePermissionsAdministrator ignores all permission checks.
+ AccountRolePermissionsAdministrator AccountRolePermissions = 1 << (iota - 1)
+ // AccountRolePermissionsDevops is not used by GotoSocial.
+ AccountRolePermissionsDevops
+ // AccountRolePermissionsViewAuditLog is not used by GotoSocial.
+ AccountRolePermissionsViewAuditLog
+ // AccountRolePermissionsViewDashboard is not used by GotoSocial.
+ AccountRolePermissionsViewDashboard
+ // AccountRolePermissionsManageReports indicates that the user can view and resolve reports.
+ AccountRolePermissionsManageReports
+ // AccountRolePermissionsManageFederation indicates that the user can edit federation allows and blocks.
+ AccountRolePermissionsManageFederation
+ // AccountRolePermissionsManageSettings indicates that the user can edit instance metadata.
+ AccountRolePermissionsManageSettings
+ // AccountRolePermissionsManageBlocks indicates that the user can manage non-federation blocks, currently including HTTP header blocks.
+ AccountRolePermissionsManageBlocks
+ // AccountRolePermissionsManageTaxonomies is not used by GotoSocial.
+ AccountRolePermissionsManageTaxonomies
+ // AccountRolePermissionsManageAppeals is not used by GotoSocial.
+ AccountRolePermissionsManageAppeals
+ // AccountRolePermissionsManageUsers indicates that the user can view user details and perform user moderation actions.
+ AccountRolePermissionsManageUsers
+ // AccountRolePermissionsManageInvites is not used by GotoSocial.
+ AccountRolePermissionsManageInvites
+ // AccountRolePermissionsManageRules indicates that the user can edit instance rules.
+ AccountRolePermissionsManageRules
+ // AccountRolePermissionsManageAnnouncements is not used by GotoSocial.
+ AccountRolePermissionsManageAnnouncements
+ // AccountRolePermissionsManageCustomEmojis indicates that the user can edit custom emoji.
+ AccountRolePermissionsManageCustomEmojis
+ // AccountRolePermissionsManageWebhooks is not used by GotoSocial.
+ AccountRolePermissionsManageWebhooks
+ // AccountRolePermissionsInviteUsers is not used by GotoSocial.
+ AccountRolePermissionsInviteUsers
+ // AccountRolePermissionsManageRoles is not used by GotoSocial.
+ AccountRolePermissionsManageRoles
+ // AccountRolePermissionsManageUserAccess is not used by GotoSocial.
+ AccountRolePermissionsManageUserAccess
+ // AccountRolePermissionsDeleteUserData indicates that the user can permanently delete user data.
+ AccountRolePermissionsDeleteUserData
+
+ // FUTURE: If we decide to assign our own permissions bits,
+ // they should start at the other end of the int to avoid conflicts with future Mastodon permissions.
+
+ // AccountRolePermissionsForAdminRole includes all of the permissions assigned to GotoSocial's built-in administrator role.
+ AccountRolePermissionsForAdminRole = AccountRolePermissionsAdministrator |
+ AccountRolePermissionsManageReports |
+ AccountRolePermissionsManageFederation |
+ AccountRolePermissionsManageSettings |
+ AccountRolePermissionsManageBlocks |
+ AccountRolePermissionsManageUsers |
+ AccountRolePermissionsManageRules |
+ AccountRolePermissionsManageCustomEmojis |
+ AccountRolePermissionsDeleteUserData
+
+ // AccountRolePermissionsForModeratorRole includes all of the permissions assigned to GotoSocial's built-in moderator role.
+ // (Currently, there aren't any.)
+ AccountRolePermissionsForModeratorRole = AccountRolePermissionsNone
+)
+
// AccountNoteRequest models a request to update the private note for an account.
//
// swagger:ignore
diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go
index 70230cd89..b85d24eee 100644
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@@ -100,13 +100,13 @@ func (c *Converter) UserToAPIUser(ctx context.Context, u *gtsmodel.User) *apimod
return user
}
-// AppToAPIAppSensitive takes a db model application as a param, and returns a populated apitype application, or an error
+// AccountToAPIAccountSensitive takes a db model application as a param, and returns a populated apitype application, or an error
// if something goes wrong. The returned application should be ready to serialize on an API level, and may have sensitive fields
// (such as client id and client secret), so serve it only to an authorized user who should have permission to see it.
func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) {
// We can build this sensitive account model
// by first getting the public account, and
- // then adding the Source object to it.
+ // then adding the Source object and role permissions bitmap to it.
apiAccount, err := c.AccountToAPIAccountPublic(ctx, a)
if err != nil {
return nil, err
@@ -122,6 +122,13 @@ func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmode
}
}
+ // Populate the account's role permissions bitmap and highlightedness from its public role.
+ if len(apiAccount.Roles) > 0 {
+ apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(&apiAccount.Roles[0])
+ } else {
+ apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil)
+ }
+
statusContentType := string(apimodel.StatusContentTypeDefault)
if a.Settings.StatusContentType != "" {
statusContentType = a.Settings.StatusContentType
@@ -299,7 +306,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
var (
acct string
- role *apimodel.AccountRole
+ roles []apimodel.AccountDisplayRole
enableRSS bool
theme string
customCSS string
@@ -324,14 +331,8 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
if err != nil {
return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err)
}
-
- switch {
- case *user.Admin:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin}
- case *user.Moderator:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator}
- default:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser}
+ if role := c.UserToAPIAccountDisplayRole(user); role != nil {
+ roles = append(roles, *role)
}
enableRSS = *a.Settings.EnableRSS
@@ -380,7 +381,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
CustomCSS: customCSS,
EnableRSS: enableRSS,
HideCollections: hideCollections,
- Role: role,
+ Roles: roles,
}
// Bodge default avatar + header in,
@@ -391,6 +392,56 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
return accountFrontend, nil
}
+// UserToAPIAccountDisplayRole returns the API representation of a user's display role.
+// This will accept a nil user but does not always return a value:
+// the default "user" role is considered uninteresting and not returned.
+func (c *Converter) UserToAPIAccountDisplayRole(user *gtsmodel.User) *apimodel.AccountDisplayRole {
+ switch {
+ case user == nil:
+ return nil
+ case *user.Admin:
+ return &apimodel.AccountDisplayRole{
+ ID: string(apimodel.AccountRoleAdmin),
+ Name: apimodel.AccountRoleAdmin,
+ }
+ case *user.Moderator:
+ return &apimodel.AccountDisplayRole{
+ ID: string(apimodel.AccountRoleModerator),
+ Name: apimodel.AccountRoleModerator,
+ }
+ default:
+ return nil
+ }
+}
+
+// APIAccountDisplayRoleToAPIAccountRoleSensitive returns the API representation of a user's role,
+// with permission bitmap. This will accept a nil display role and always returns a value.
+func (c *Converter) APIAccountDisplayRoleToAPIAccountRoleSensitive(display *apimodel.AccountDisplayRole) *apimodel.AccountRole {
+ // Default to user role.
+ role := &apimodel.AccountRole{
+ AccountDisplayRole: apimodel.AccountDisplayRole{
+ ID: string(apimodel.AccountRoleUser),
+ Name: apimodel.AccountRoleUser,
+ },
+ Permissions: apimodel.AccountRolePermissionsNone,
+ Highlighted: false,
+ }
+
+ // If there's a display role, use that instead.
+ if display != nil {
+ role.AccountDisplayRole = *display
+ role.Highlighted = true
+ switch display.Name {
+ case apimodel.AccountRoleAdmin:
+ role.Permissions = apimodel.AccountRolePermissionsForAdminRole
+ case apimodel.AccountRoleModerator:
+ role.Permissions = apimodel.AccountRolePermissionsForModeratorRole
+ }
+ }
+
+ return role
+}
+
func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field {
fields := make([]apimodel.Field, len(f))
@@ -416,8 +467,8 @@ func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field {
// when someone wants to view an account they've blocked.
func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) {
var (
- acct string
- role *apimodel.AccountRole
+ acct string
+ roles []apimodel.AccountDisplayRole
)
if a.IsRemote() {
@@ -438,14 +489,8 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.
if err != nil {
return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err)
}
-
- switch {
- case *user.Admin:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin}
- case *user.Moderator:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator}
- default:
- role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser}
+ if role := c.UserToAPIAccountDisplayRole(user); role != nil {
+ roles = append(roles, *role)
}
}
@@ -464,7 +509,7 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.
// Empty array (not nillable).
Fields: make([]apimodel.Field, 0),
Suspended: !a.SuspendedAt.IsZero(),
- Role: role,
+ Roles: roles,
}
// Don't show the account's actual
@@ -487,7 +532,7 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
inviteRequest *string
approved bool
disabled bool
- role = apimodel.AccountRole{Name: apimodel.AccountRoleUser} // assume user by default
+ role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil)
createdByApplicationID string
)
@@ -527,11 +572,9 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
inviteRequest = &user.Reason
}
- if *user.Admin {
- role.Name = apimodel.AccountRoleAdmin
- } else if *user.Moderator {
- role.Name = apimodel.AccountRoleModerator
- }
+ role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive(
+ c.UserToAPIAccountDisplayRole(user),
+ )
confirmed = !user.ConfirmedAt.IsZero()
approved = *user.Approved
diff --git a/internal/typeutils/internaltofrontend_test.go b/internal/typeutils/internaltofrontend_test.go
index 46f6c2455..307b5f163 100644
--- a/internal/typeutils/internaltofrontend_test.go
+++ b/internal/typeutils/internaltofrontend_test.go
@@ -68,10 +68,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontend() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
}`, string(b))
}
@@ -135,7 +132,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved()
},
"enable_rss": true,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"moved": {
"id": "01F8MH5NBDF2MV7CTC4Q5128HF",
@@ -169,10 +170,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved()
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
}
}`, string(b))
}
@@ -222,10 +220,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiStruct()
}
],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
}`, string(b))
}
@@ -272,10 +267,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiIDs() {
}
],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
}`, string(b))
}
@@ -321,7 +313,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendSensitive() {
},
"enable_rss": true,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
}
}`, string(b))
}
@@ -494,9 +490,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontend() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"media_attachments": [
{
@@ -667,9 +667,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredStatusToFrontend() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"media_attachments": [
{
@@ -849,10 +853,7 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"media_attachments": [
{
@@ -980,9 +981,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"media_attachments": [],
"mentions": [],
@@ -1518,9 +1523,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendUnknownLanguage()
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"media_attachments": [
{
@@ -1657,10 +1666,7 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendPartialInteraction
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
- "enable_rss": true,
- "role": {
- "name": "user"
- }
+ "enable_rss": true
},
"media_attachments": [],
"mentions": [],
@@ -1853,9 +1859,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV1ToFrontend() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"max_toot_chars": 5000,
"rules": [],
@@ -1989,9 +1999,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
}
},
"rules": [],
@@ -2158,10 +2172,7 @@ func (suite *InternalToFrontendTestSuite) TestReportToFrontend2() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
}
}`, string(b))
}
@@ -2194,7 +2205,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -2235,7 +2250,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -2274,10 +2293,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -2292,7 +2308,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -2321,9 +2341,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -2338,7 +2362,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -2367,9 +2395,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -2407,7 +2439,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
"locale": "en",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -2446,10 +2482,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
"verified_at": null
}
],
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@@ -2464,7 +2497,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -2665,7 +2702,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": false,
"approved": false,
@@ -2706,7 +2747,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"locale": "",
"invite_request": null,
"role": {
- "name": "user"
+ "id": "user",
+ "name": "user",
+ "color": "",
+ "permissions": "0",
+ "highlighted": false
},
"confirmed": true,
"approved": true,
@@ -2735,10 +2780,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"emojis": [],
"fields": [],
"suspended": true,
- "hide_collections": true,
- "role": {
- "name": "user"
- }
+ "hide_collections": true
}
},
"assigned_account": {
@@ -2752,7 +2794,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -2781,9 +2827,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@@ -2798,7 +2848,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"locale": "en",
"invite_request": null,
"role": {
- "name": "admin"
+ "id": "admin",
+ "name": "admin",
+ "color": "",
+ "permissions": "546033",
+ "highlighted": true
},
"confirmed": true,
"approved": true,
@@ -2827,9 +2881,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
"emojis": [],
"fields": [],
"enable_rss": true,
- "role": {
- "name": "admin"
- }
+ "roles": [
+ {
+ "id": "admin",
+ "name": "admin",
+ "color": ""
+ }
+ ]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
diff --git a/web/template/profile.tmpl b/web/template/profile.tmpl
index adeb83f3e..bf58d660b 100644
--- a/web/template/profile.tmpl
+++ b/web/template/profile.tmpl
@@ -173,9 +173,11 @@
Username
@{{- .account.Username -}}@{{- .instance.AccountDomain -}}
- {{- if and (.account.Role) (ne .account.Role.Name "user") }}
+ {{- if .account.Roles }}
Role
- {{- .account.Role.Name -}}
+ {{- range .account.Roles }}
+ {{- .Name -}}
+ {{- end }}
{{- end }}