last off :statuses_read

From the endpoints left to do, I believe these should be under :statuses_read.
These should be the last for that privilege for this MR
This commit is contained in:
Ilja 2022-06-11 09:38:43 +02:00
parent 4cb0dbb5dc
commit 34a98990db
3 changed files with 20 additions and 3 deletions

View file

@ -292,6 +292,10 @@ defmodule Pleroma.Web.Router do
get("/chats/:id", ChatController, :show) get("/chats/:id", ChatController, :show)
get("/chats/:id/messages", ChatController, :messages) get("/chats/:id/messages", ChatController, :messages)
get("/instances/:instance/statuses", InstanceController, :list_statuses)
get("/statuses/:id", StatusController, :show)
end end
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
@ -345,10 +349,8 @@ defmodule Pleroma.Web.Router do
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through(:admin_api)
get("/instances/:instance/statuses", InstanceController, :list_statuses)
delete("/instances/:instance", InstanceController, :delete) delete("/instances/:instance", InstanceController, :delete)
get("/statuses/:id", StatusController, :show)
put("/statuses/:id", StatusController, :update) put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete) delete("/statuses/:id", StatusController, :delete)

View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
use Pleroma.Web.ConnCase use Pleroma.Web.ConnCase, async: false
use Oban.Testing, repo: Pleroma.Repo use Oban.Testing, repo: Pleroma.Repo
import Pleroma.Factory import Pleroma.Factory
@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
end end
test "GET /instances/:instance/statuses", %{conn: conn} do test "GET /instances/:instance/statuses", %{conn: conn} do
clear_config([:instance, :admin_privileges], [:statuses_read])
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
insert_pair(:note_activity, user: user) insert_pair(:note_activity, user: user)
@ -60,6 +61,10 @@ test "GET /instances/:instance/statuses", %{conn: conn} do
|> json_response(200) |> json_response(200)
assert length(activities) == 3 assert length(activities) == 3
clear_config([:instance, :admin_privileges], [])
conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden)
end end
test "DELETE /instances/:instance", %{conn: conn} do test "DELETE /instances/:instance", %{conn: conn} do

View file

@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
end end
describe "GET /api/pleroma/admin/statuses/:id" do describe "GET /api/pleroma/admin/statuses/:id" do
setup do
clear_config([:instance, :admin_privileges], [:statuses_read])
end
test "not found", %{conn: conn} do test "not found", %{conn: conn} do
assert conn assert conn
|> get("/api/pleroma/admin/statuses/not_found") |> get("/api/pleroma/admin/statuses/not_found")
@ -50,6 +54,12 @@ test "shows activity", %{conn: conn} do
assert account["is_active"] == actor.is_active assert account["is_active"] == actor.is_active
assert account["is_confirmed"] == actor.is_confirmed assert account["is_confirmed"] == actor.is_confirmed
end end
test "denies reading activity when not privileged", %{conn: conn} do
clear_config([:instance, :admin_privileges], [])
assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
end
end end
describe "PUT /api/pleroma/admin/statuses/:id" do describe "PUT /api/pleroma/admin/statuses/:id" do