mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-08 16:25:25 +00:00
Add privilige :emoji_management
This commit is contained in:
parent
0ee8f33250
commit
ecd42a2ce1
6 changed files with 138 additions and 7 deletions
|
@ -265,7 +265,8 @@ config :pleroma, :instance,
|
||||||
:user_invite,
|
:user_invite,
|
||||||
:report_handle,
|
:report_handle,
|
||||||
:user_read,
|
:user_read,
|
||||||
:status_delete
|
:status_delete,
|
||||||
|
:emoji_management
|
||||||
],
|
],
|
||||||
moderator_privileges: [],
|
moderator_privileges: [],
|
||||||
max_endorsed_users: 20,
|
max_endorsed_users: 20,
|
||||||
|
|
|
@ -972,7 +972,8 @@ config :pleroma, :config_description, [
|
||||||
:user_invite,
|
:user_invite,
|
||||||
:report_handle,
|
:report_handle,
|
||||||
:user_read,
|
:user_read,
|
||||||
:status_delete
|
:status_delete,
|
||||||
|
:emoji_management
|
||||||
],
|
],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
|
@ -989,7 +990,8 @@ config :pleroma, :config_description, [
|
||||||
:user_invite,
|
:user_invite,
|
||||||
:report_handle,
|
:report_handle,
|
||||||
:user_read,
|
:user_read,
|
||||||
:status_delete
|
:status_delete,
|
||||||
|
:emoji_management
|
||||||
],
|
],
|
||||||
description:
|
description:
|
||||||
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
|
||||||
|
|
|
@ -150,6 +150,11 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete)
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :require_privileged_role_emoji_management do
|
||||||
|
plug(:admin_api)
|
||||||
|
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_management)
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :pleroma_html do
|
pipeline :pleroma_html do
|
||||||
plug(:browser)
|
plug(:browser)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
@ -360,6 +365,13 @@ defmodule Pleroma.Web.Router do
|
||||||
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
|
delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
|
pipe_through(:require_privileged_role_emoji_management)
|
||||||
|
|
||||||
|
post("/reload_emoji", AdminAPIController, :reload_emoji)
|
||||||
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions
|
# AdminAPI: admins and mods (staff) can perform these actions
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:admin_api)
|
||||||
|
@ -368,13 +380,12 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
get("/moderation_log", AdminAPIController, :list_log)
|
get("/moderation_log", AdminAPIController, :list_log)
|
||||||
|
|
||||||
post("/reload_emoji", AdminAPIController, :reload_emoji)
|
|
||||||
get("/stats", AdminAPIController, :stats)
|
get("/stats", AdminAPIController, :stats)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
||||||
scope "/pack" do
|
scope "/pack" do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:require_privileged_role_emoji_management)
|
||||||
|
|
||||||
post("/", EmojiPackController, :create)
|
post("/", EmojiPackController, :create)
|
||||||
patch("/", EmojiPackController, :update)
|
patch("/", EmojiPackController, :update)
|
||||||
|
@ -389,7 +400,7 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
# Modifying packs
|
# Modifying packs
|
||||||
scope "/packs" do
|
scope "/packs" do
|
||||||
pipe_through(:admin_api)
|
pipe_through(:require_privileged_role_emoji_management)
|
||||||
|
|
||||||
get("/import", EmojiPackController, :import_from_filesystem)
|
get("/import", EmojiPackController, :import_from_filesystem)
|
||||||
get("/remote", EmojiPackController, :remote)
|
get("/remote", EmojiPackController, :remote)
|
||||||
|
|
|
@ -1060,6 +1060,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
assert Repo.aggregate(Pleroma.User.Backup, :count) == 2
|
assert Repo.aggregate(Pleroma.User.Backup, :count) == 2
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "POST /api/v1/pleroma/admin/reload_emoji" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
|
|
||||||
|
admin = insert(:user, is_admin: true)
|
||||||
|
token = insert(:oauth_admin_token, user: admin)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> assign(:user, admin)
|
||||||
|
|> assign(:token, token)
|
||||||
|
|
||||||
|
{:ok, %{conn: conn, admin: admin}}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{conn: conn} do
|
||||||
|
assert conn
|
||||||
|
|> post("/api/v1/pleroma/admin/reload_emoji")
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> post("/api/v1/pleroma/admin/reload_emoji")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Needed for testing
|
# Needed for testing
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
|
defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase, async: false
|
||||||
|
|
||||||
import Mock
|
import Mock
|
||||||
import Tesla.Mock
|
import Tesla.Mock
|
||||||
|
@ -30,6 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
|
||||||
|
|
||||||
describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do
|
describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do
|
||||||
setup do
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
pack_file = "#{@emoji_path}/test_pack/pack.json"
|
pack_file = "#{@emoji_path}/test_pack/pack.json"
|
||||||
original_content = File.read!(pack_file)
|
original_content = File.read!(pack_file)
|
||||||
|
|
||||||
|
@ -377,5 +378,32 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
|
||||||
})
|
})
|
||||||
|> json_response_and_validate_schema(:bad_request)
|
|> json_response_and_validate_schema(:bad_request)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> post("/api/pleroma/emoji/packs/files?name=test_pack", %{
|
||||||
|
file: %Plug.Upload{
|
||||||
|
filename: "shortcode.png",
|
||||||
|
path: "#{Pleroma.Config.get([:instance, :static_dir])}/add/shortcode.png"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> patch("/api/pleroma/emoji/packs/files?name=test_pack", %{
|
||||||
|
shortcode: "blank",
|
||||||
|
new_filename: "dir_2/blank_3.png"
|
||||||
|
})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> delete("/api/pleroma/emoji/packs/files?name=test_pack&shortcode=blank3")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -99,6 +99,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/emoji/packs/remote" do
|
describe "GET /api/pleroma/emoji/packs/remote" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
|
end
|
||||||
|
|
||||||
test "shareable instance", %{admin_conn: admin_conn, conn: conn} do
|
test "shareable instance", %{admin_conn: admin_conn, conn: conn} do
|
||||||
resp =
|
resp =
|
||||||
conn
|
conn
|
||||||
|
@ -136,6 +140,14 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
"error" => "The requested instance does not support sharing emoji packs"
|
"error" => "The requested instance does not support sharing emoji packs"
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> get("/api/pleroma/emoji/packs/remote?url=https://example.com")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/emoji/packs/archive?name=:name" do
|
describe "GET /api/pleroma/emoji/packs/archive?name=:name" do
|
||||||
|
@ -170,6 +182,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "POST /api/pleroma/emoji/packs/download" do
|
describe "POST /api/pleroma/emoji/packs/download" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
|
end
|
||||||
|
|
||||||
test "shared pack from remote and non shared from fallback-src", %{
|
test "shared pack from remote and non shared from fallback-src", %{
|
||||||
admin_conn: admin_conn,
|
admin_conn: admin_conn,
|
||||||
conn: conn
|
conn: conn
|
||||||
|
@ -344,10 +360,24 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
"The pack was not set as shared and there is no fallback src to download from"
|
"The pack was not set as shared and there is no fallback src to download from"
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{admin_conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> post("/api/pleroma/emoji/packs/download", %{
|
||||||
|
url: "https://example.com",
|
||||||
|
name: "test_pack",
|
||||||
|
as: "test_pack2"
|
||||||
|
})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do
|
describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do
|
||||||
setup do
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
pack_file = "#{@emoji_path}/test_pack/pack.json"
|
pack_file = "#{@emoji_path}/test_pack/pack.json"
|
||||||
original_content = File.read!(pack_file)
|
original_content = File.read!(pack_file)
|
||||||
|
|
||||||
|
@ -435,9 +465,22 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
"error" => "The fallback archive does not have all files specified in pack.json"
|
"error" => "The fallback archive does not have all files specified in pack.json"
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> patch("/api/pleroma/emoji/pack?name=test_pack", %{metadata: new_data})
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do
|
describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do
|
||||||
|
setup do
|
||||||
|
clear_config([:instance, :admin_privileges], [:emoji_management])
|
||||||
|
end
|
||||||
|
|
||||||
test "returns an error on creates pack when file system not writable", %{
|
test "returns an error on creates pack when file system not writable", %{
|
||||||
admin_conn: admin_conn
|
admin_conn: admin_conn
|
||||||
} do
|
} do
|
||||||
|
@ -520,6 +563,18 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
"error" => "pack name cannot be empty"
|
"error" => "pack name cannot be empty"
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> post("/api/pleroma/emoji/pack?name= ")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> delete("/api/pleroma/emoji/pack?name= ")
|
||||||
|
|> json_response(:forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test "deleting nonexisting pack", %{admin_conn: admin_conn} do
|
test "deleting nonexisting pack", %{admin_conn: admin_conn} do
|
||||||
|
@ -578,6 +633,12 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
|
||||||
"blank2" => "blank.png",
|
"blank2" => "blank.png",
|
||||||
"foo" => "blank.png"
|
"foo" => "blank.png"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
assert admin_conn
|
||||||
|
|> get("/api/pleroma/emoji/packs/import")
|
||||||
|
|> json_response(:forbidden)
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/emoji/pack?name=:name" do
|
describe "GET /api/pleroma/emoji/pack?name=:name" do
|
||||||
|
|
Loading…
Reference in a new issue