Rename privilege tags

I first focussed on getting things working
Now that they do and we know what tags there are, I put some thought in providing better names

I use the form <what_it_controls>_<what_it_allows_you_to_do>

:statuses_read    => :messages_read
:status_delete    => :messages_delete

:user_read        => :users_read
:user_deletion    => :users_delete
:user_activation  => :users_manage_activation_state
:user_invite      => :users_manage_invites
:user_tag         => :users_manage_tags
:user_credentials => :users_manage_credentials

:report_handle    => :reports_manage_reports

:emoji_management => :emoji_manage_emoji
This commit is contained in:
Ilja 2022-07-01 09:54:05 +02:00
parent 4e4eb81749
commit 37fdf148b0
27 changed files with 138 additions and 126 deletions

View file

@ -257,16 +257,16 @@ config :pleroma, :instance,
password_reset_token_validity: 60 * 60 * 24, password_reset_token_validity: 60 * 60 * 24,
profile_directory: true, profile_directory: true,
admin_privileges: [ admin_privileges: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
moderator_privileges: [], moderator_privileges: [],
max_endorsed_users: 20, max_endorsed_users: 20,

View file

@ -964,16 +964,16 @@ config :pleroma, :config_description, [
key: :admin_privileges, key: :admin_privileges,
type: {:list, :atom}, type: {:list, :atom},
suggestions: [ suggestions: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
description: description:
"What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@ -982,16 +982,16 @@ config :pleroma, :config_description, [
key: :moderator_privileges, key: :moderator_privileges,
type: {:list, :atom}, type: {:list, :atom},
suggestions: [ suggestions: [
:user_deletion, :users_delete,
:user_credentials, :users_manage_credentials,
:statuses_read, :messages_read,
:user_tag, :users_manage_tags,
:user_activation, :users_manage_activation_state,
:user_invite, :users_manage_invites,
:report_handle, :reports_manage_reports,
:user_read, :users_read,
:status_delete, :messages_delete,
:emoji_management :emoji_manage_emoji
], ],
description: description:
"What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"

View file

@ -542,7 +542,8 @@ defmodule Pleroma.Notification do
end end
def get_potential_receiver_ap_ids(%{data: %{"type" => "Flag", "actor" => actor}}) do def get_potential_receiver_ap_ids(%{data: %{"type" => "Flag", "actor" => actor}}) do
(User.all_users_with_privilege(:report_handle) |> Enum.map(fn user -> user.ap_id end)) -- (User.all_users_with_privilege(:reports_manage_reports)
|> Enum.map(fn user -> user.ap_id end)) --
[actor] [actor]
end end

View file

@ -326,7 +326,7 @@ defmodule Pleroma.User do
end end
def visible_for(%User{} = user, for_user) do def visible_for(%User{} = user, for_user) do
if privileged?(for_user, :user_activation) do if privileged?(for_user, :users_manage_activation_state) do
:visible :visible
else else
visible_account_status(user) visible_account_status(user)

View file

@ -392,7 +392,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
_ <- notify_and_stream(activity), _ <- notify_and_stream(activity),
:ok <- :ok <-
maybe_federate(stripped_activity) do maybe_federate(stripped_activity) do
User.all_users_with_privilege(:report_handle) User.all_users_with_privilege(:reports_manage_reports)
|> Enum.filter(fn user -> user.ap_id != actor end) |> Enum.filter(fn user -> user.ap_id != actor end)
|> Enum.filter(fn user -> not is_nil(user.email) end) |> Enum.filter(fn user -> not is_nil(user.email) end)
|> Enum.each(fn privileged_user -> |> Enum.each(fn privileged_user ->

View file

@ -61,7 +61,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do
|> validate_required([:id, :type, :actor, :to, :cc, :object]) |> validate_required([:id, :type, :actor, :to, :cc, :object])
|> validate_inclusion(:type, ["Delete"]) |> validate_inclusion(:type, ["Delete"])
|> validate_delete_actor(:actor) |> validate_delete_actor(:actor)
|> validate_modification_rights(:status_delete) |> validate_modification_rights(:messages_delete)
|> validate_object_or_user_presence(allowed_types: @deletable_types) |> validate_object_or_user_presence(allowed_types: @deletable_types)
|> add_deleted_activity_id() |> add_deleted_activity_id()
end end

View file

@ -144,7 +144,7 @@ defmodule Pleroma.Web.CommonAPI do
{:find_activity, Activity.get_by_id(activity_id)}, {:find_activity, Activity.get_by_id(activity_id)},
{_, %Object{} = object, _} <- {_, %Object{} = object, _} <-
{:find_object, Object.normalize(activity, fetch: false), activity}, {:find_object, Object.normalize(activity, fetch: false), activity},
true <- User.privileged?(user, :status_delete) || user.ap_id == object.data["actor"], true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"],
{:ok, delete_data, _} <- Builder.delete(user, object.data["id"]), {:ok, delete_data, _} <- Builder.delete(user, object.data["id"]),
{:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do {:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do
{:ok, delete} {:ok, delete}

View file

@ -65,7 +65,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do
cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end) cast_params(params) |> Map.update(:include_types, [], fn include_types -> include_types end)
options = options =
if "pleroma:report" not in options.include_types or User.privileged?(user, :report_handle) do if "pleroma:report" not in options.include_types or
User.privileged?(user, :reports_manage_reports) do
options options
else else
options options

View file

@ -402,7 +402,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
defp maybe_put_allow_following_move(data, _, _), do: data defp maybe_put_allow_following_move(data, _, _), do: data
defp maybe_put_activation_status(data, user, user_for) do defp maybe_put_activation_status(data, user, user_for) do
if User.privileged?(user_for, :user_activation), if User.privileged?(user_for, :users_manage_activation_state),
do: Kernel.put_in(data, [:pleroma, :deactivated], !user.is_active), do: Kernel.put_in(data, [:pleroma, :deactivated], !user.is_active),
else: data else: data
end end

View file

@ -107,52 +107,52 @@ defmodule Pleroma.Web.Router do
pipeline :require_privileged_role_user_deletion do pipeline :require_privileged_role_user_deletion do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_deletion) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_delete)
end end
pipeline :require_privileged_role_user_credentials do pipeline :require_privileged_role_user_credentials do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_credentials)
end end
pipeline :require_privileged_role_statuses_read do pipeline :require_privileged_role_statuses_read do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_read)
end end
pipeline :require_privileged_role_user_tag do pipeline :require_privileged_role_user_tag do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_tag) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_tags)
end end
pipeline :require_privileged_role_user_activation do pipeline :require_privileged_role_user_activation do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_activation) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_activation_state)
end end
pipeline :require_privileged_role_user_invite do pipeline :require_privileged_role_user_invite do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_invite) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_invites)
end end
pipeline :require_privileged_role_report_handle do pipeline :require_privileged_role_report_handle do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :reports_manage_reports)
end end
pipeline :require_privileged_role_user_read do pipeline :require_privileged_role_user_read do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_read)
end end
pipeline :require_privileged_role_status_delete do pipeline :require_privileged_role_status_delete do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :status_delete) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_delete)
end end
pipeline :require_privileged_role_emoji_management do pipeline :require_privileged_role_emoji_management do
plug(:admin_api) plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_management) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_manage_emoji)
end end
pipeline :require_privileged_role_instance_delete do pipeline :require_privileged_role_instance_delete do

View file

@ -41,7 +41,7 @@ defmodule Pleroma.NotificationTest do
{:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
{:ok, []} = Notification.create_notifications(activity1) {:ok, []} = Notification.create_notifications(activity1)
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
{:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id}) {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
{:ok, [notification]} = Notification.create_notifications(activity2) {:ok, [notification]} = Notification.create_notifications(activity2)
@ -50,7 +50,7 @@ defmodule Pleroma.NotificationTest do
end end
test "suppresses notifications for own reports" do test "suppresses notifications for own reports" do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
reporting_admin = insert(:user, is_admin: true) reporting_admin = insert(:user, is_admin: true)
reported_user = insert(:user) reported_user = insert(:user)

View file

@ -1995,9 +1995,9 @@ defmodule Pleroma.UserTest do
assert User.visible_for(user, other_user) == :visible assert User.visible_for(user, other_user) == :visible
end end
test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :user_activation, confirmation required)" do test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :users_manage_activation_state, confirmation required)" do
clear_config([:instance, :account_activation_required], true) clear_config([:instance, :account_activation_required], true)
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user = insert(:user, local: true, is_confirmed: false) user = insert(:user, local: true, is_confirmed: false)
other_user = insert(:user, local: true, is_admin: true) other_user = insert(:user, local: true, is_admin: true)

View file

@ -92,7 +92,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do
test "it's only valid if the actor of the object is a privileged local user", test "it's only valid if the actor of the object is a privileged local user",
%{valid_post_delete: valid_post_delete} do %{valid_post_delete: valid_post_delete} do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
user = user =
insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo") insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")

View file

@ -92,7 +92,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "PUT /api/pleroma/admin/users/tag" do describe "PUT /api/pleroma/admin/users/tag" do
setup %{conn: conn} do setup %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_tag]) clear_config([:instance, :admin_privileges], [:users_manage_tags])
user1 = insert(:user, %{tags: ["x"]}) user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y"]}) user2 = insert(:user, %{tags: ["y"]})
@ -150,7 +150,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert User.get_cached_by_id(user3.id).tags == ["unchanged"] assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
end end
test "it requires privileged role :user_tag", %{conn: conn} do test "it requires privileged role :users_manage_tags", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -164,7 +164,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "DELETE /api/pleroma/admin/users/tag" do describe "DELETE /api/pleroma/admin/users/tag" do
setup %{conn: conn} do setup %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_tag]) clear_config([:instance, :admin_privileges], [:users_manage_tags])
user1 = insert(:user, %{tags: ["x"]}) user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y", "z"]}) user2 = insert(:user, %{tags: ["y", "z"]})
user3 = insert(:user, %{tags: ["unchanged"]}) user3 = insert(:user, %{tags: ["unchanged"]})
@ -221,7 +221,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert User.get_cached_by_id(user3.id).tags == ["unchanged"] assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
end end
test "it requires privileged role :user_tag", %{conn: conn} do test "it requires privileged role :users_manage_tags", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -324,7 +324,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "/api/pleroma/admin/users/:nickname/password_reset" do describe "/api/pleroma/admin/users/:nickname/password_reset" do
test "it returns a password reset link", %{conn: conn} do test "it returns a password reset link", %{conn: conn} do
clear_config([:instance, :admin_privileges], [:user_credentials]) clear_config([:instance, :admin_privileges], [:users_manage_credentials])
user = insert(:user) user = insert(:user)
@ -338,7 +338,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"]) assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"])
end end
test "it requires privileged role :user_credentials", %{conn: conn} do test "it requires privileged role :users_manage_credentials", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
response = response =
@ -410,7 +410,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "GET /api/pleroma/admin/users/:nickname/statuses" do describe "GET /api/pleroma/admin/users/:nickname/statuses" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user) user = insert(:user)
@ -428,7 +428,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert length(activities) == 3 assert length(activities) == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do test "it requires privileged role :messages_read", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses") conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
@ -497,7 +497,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "GET /api/pleroma/admin/users/:nickname/chats" do describe "GET /api/pleroma/admin/users/:nickname/chats" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user) user = insert(:user)
@ -516,7 +516,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert json_response(conn, 200) |> length() == 3 assert json_response(conn, 200) |> length() == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn, user: user} do test "it requires privileged role :messages_read", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
@ -811,7 +811,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end end
test "changes password and email", %{conn: conn, admin: admin, user: user} do test "changes password and email", %{conn: conn, admin: admin, user: user} do
clear_config([:instance, :admin_privileges], [:user_credentials]) clear_config([:instance, :admin_privileges], [:users_manage_credentials])
assert user.password_reset_pending == false assert user.password_reset_pending == false
@ -855,7 +855,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert json_response(conn, :forbidden) assert json_response(conn, :forbidden)
end end
test "returns 403 if not privileged with :user_credentials", %{conn: conn, user: user} do test "returns 403 if not privileged with :users_manage_credentials", %{conn: conn, user: user} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -1085,7 +1085,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
describe "POST /api/v1/pleroma/admin/reload_emoji" do describe "POST /api/v1/pleroma/admin/reload_emoji" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
admin = insert(:user, is_admin: true) admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin) token = insert(:oauth_admin_token, user: admin)
@ -1098,7 +1098,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
{:ok, %{conn: conn, admin: admin}} {:ok, %{conn: conn, admin: admin}}
end end
test "it requires privileged role :emoji_management", %{conn: conn} do test "it requires privileged role :emoji_manage_emoji", %{conn: conn} do
assert conn assert conn
|> post("/api/v1/pleroma/admin/reload_emoji") |> post("/api/v1/pleroma/admin/reload_emoji")
|> json_response(200) |> json_response(200)

View file

@ -28,7 +28,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
admin_setup() admin_setup()
end end
@ -64,7 +64,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
describe "GET /api/pleroma/admin/chats/:id/messages" do describe "GET /api/pleroma/admin/chats/:id/messages" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
admin_setup() admin_setup()
end end
@ -130,7 +130,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
assert length(result) == 3 assert length(result) == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/chats/some_id/messages") conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")
@ -141,7 +141,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
describe "GET /api/pleroma/admin/chats/:id" do describe "GET /api/pleroma/admin/chats/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
admin_setup() admin_setup()
end end
@ -162,7 +162,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
refute result["account"] refute result["account"]
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/chats/some_id") conn = get(conn, "/api/pleroma/admin/chats/some_id")

View file

@ -31,7 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
end end
test "GET /instances/:instance/statuses", %{conn: conn} do test "GET /instances/:instance/statuses", %{conn: conn} do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme") user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test") user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
insert_pair(:note_activity, user: user) insert_pair(:note_activity, user: user)

View file

@ -26,10 +26,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
setup do setup do
clear_config([:instance, :registrations_open], false) clear_config([:instance, :registrations_open], false)
clear_config([:instance, :invites_enabled], true) clear_config([:instance, :invites_enabled], true)
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -134,7 +134,7 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
setup do setup do
clear_config([:instance, :registrations_open]) clear_config([:instance, :registrations_open])
clear_config([:instance, :invites_enabled]) clear_config([:instance, :invites_enabled])
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
@ -178,10 +178,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
describe "POST /api/pleroma/admin/users/invite_token" do describe "POST /api/pleroma/admin/users/invite_token" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -257,10 +257,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
describe "GET /api/pleroma/admin/users/invites" do describe "GET /api/pleroma/admin/users/invites" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/invites") conn = get(conn, "/api/pleroma/admin/users/invites")
@ -297,10 +297,10 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
describe "POST /api/pleroma/admin/users/revoke_invite" do describe "POST /api/pleroma/admin/users/revoke_invite" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
end end
test "returns 403 if not privileged with :user_invite", %{conn: conn} do test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =

View file

@ -27,10 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
describe "GET /api/pleroma/admin/reports/:id" do describe "GET /api/pleroma/admin/reports/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn} do test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -77,7 +77,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
describe "PATCH /api/pleroma/admin/reports" do describe "PATCH /api/pleroma/admin/reports" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
[reporter, target_user] = insert_pair(:user) [reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user) activity = insert(:note_activity, user: target_user)
@ -102,7 +102,11 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
} }
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn, id: id, admin: admin} do test "returns 403 if not privileged with :reports_manage_reports", %{
conn: conn,
id: id,
admin: admin
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -240,10 +244,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
describe "GET /api/pleroma/admin/reports" do describe "GET /api/pleroma/admin/reports" do
setup do setup do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn} do test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = conn =
@ -361,7 +365,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
describe "POST /api/pleroma/admin/reports/:id/notes" do describe "POST /api/pleroma/admin/reports/:id/notes" do
setup %{conn: conn, admin: admin} do setup %{conn: conn, admin: admin} do
clear_config([:instance, :admin_privileges], [:report_handle]) clear_config([:instance, :admin_privileges], [:reports_manage_reports])
[reporter, target_user] = insert_pair(:user) [reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user) activity = insert(:note_activity, user: target_user)
@ -391,7 +395,10 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
} }
end end
test "returns 403 if not privileged with :report_handle", %{conn: conn, report_id: report_id} do test "returns 403 if not privileged with :reports_manage_reports", %{
conn: conn,
report_id: report_id
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
post_conn = post_conn =

View file

@ -27,7 +27,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
describe "GET /api/pleroma/admin/statuses/:id" do describe "GET /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
end end
test "not found", %{conn: conn} do test "not found", %{conn: conn} do
@ -64,7 +64,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
describe "PUT /api/pleroma/admin/statuses/:id" do describe "PUT /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -134,7 +134,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
json_response_and_validate_schema(conn, :bad_request) json_response_and_validate_schema(conn, :bad_request)
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -146,7 +146,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
describe "DELETE /api/pleroma/admin/statuses/:id" do describe "DELETE /api/pleroma/admin/statuses/:id" do
setup do setup do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
%{id: activity.id} %{id: activity.id}
@ -171,7 +171,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
end end
test "it requires privileged role :status_delete", %{conn: conn} do test "it requires privileged role :messages_delete", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -183,7 +183,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
describe "GET /api/pleroma/admin/statuses" do describe "GET /api/pleroma/admin/statuses" do
setup do setup do
clear_config([:instance, :admin_privileges], [:statuses_read]) clear_config([:instance, :admin_privileges], [:messages_read])
end end
test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
@ -232,7 +232,7 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
assert json_response_and_validate_schema(conn, 200) |> length() == 3 assert json_response_and_validate_schema(conn, 200) |> length() == 3
end end
test "it requires privileged role :statuses_read", %{conn: conn} do test "it requires privileged role :messages_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/statuses") conn = get(conn, "/api/pleroma/admin/statuses")

View file

@ -38,7 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "with valid `admin_token` query parameter, skips OAuth scopes check" do test "with valid `admin_token` query parameter, skips OAuth scopes check" do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
clear_config([:admin_token], "password123") clear_config([:admin_token], "password123")
user = insert(:user) user = insert(:user)
@ -51,7 +51,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
describe "DELETE /api/pleroma/admin/users" do describe "DELETE /api/pleroma/admin/users" do
test "single user", %{admin: admin, conn: conn} do test "single user", %{admin: admin, conn: conn} do
clear_config([:instance, :federating], true) clear_config([:instance, :federating], true)
clear_config([:instance, :admin_privileges], [:user_deletion]) clear_config([:instance, :admin_privileges], [:users_delete])
user = user =
insert(:user, insert(:user,
@ -107,7 +107,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "multiple users", %{admin: admin, conn: conn} do test "multiple users", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_deletion]) clear_config([:instance, :admin_privileges], [:users_delete])
user_one = insert(:user) user_one = insert(:user)
user_two = insert(:user) user_two = insert(:user)
@ -280,10 +280,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
describe "GET /api/pleroma/admin/users/:nickname" do describe "GET /api/pleroma/admin/users/:nickname" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
end end
test "returns 403 if not privileged with :user_read", %{conn: conn} do test "returns 403 if not privileged with :users_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users/user.nickname") conn = get(conn, "/api/pleroma/admin/users/user.nickname")
@ -406,10 +406,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
describe "GET /api/pleroma/admin/users" do describe "GET /api/pleroma/admin/users" do
setup do setup do
clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:instance, :admin_privileges], [:users_read])
end end
test "returns 403 if not privileged with :user_read", %{conn: conn} do test "returns 403 if not privileged with :users_read", %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
conn = get(conn, "/api/pleroma/admin/users?page=1") conn = get(conn, "/api/pleroma/admin/users?page=1")
@ -850,7 +850,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_invite]) clear_config([:instance, :admin_privileges], [:users_manage_invites])
user_one = insert(:user, is_approved: false) user_one = insert(:user, is_approved: false)
user_two = insert(:user, is_approved: false) user_two = insert(:user, is_approved: false)
@ -872,7 +872,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
"@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}" "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
end end
test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :user_invite", test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites",
%{conn: conn} do %{conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
@ -939,7 +939,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
describe "user activation" do describe "user activation" do
test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user_one = insert(:user, is_active: false) user_one = insert(:user, is_active: false)
user_two = insert(:user, is_active: false) user_two = insert(:user, is_active: false)
@ -962,7 +962,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user_one = insert(:user, is_active: true) user_one = insert(:user, is_active: true)
user_two = insert(:user, is_active: true) user_two = insert(:user, is_active: true)
@ -985,7 +985,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end end
test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
clear_config([:instance, :admin_privileges], [:user_activation]) clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
user = insert(:user) user = insert(:user)

View file

@ -332,7 +332,7 @@ defmodule Pleroma.Web.CommonAPITest do
end end
test "it allows privileged users to delete other user's posts" do test "it allows privileged users to delete other user's posts" do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
user = insert(:user) user = insert(:user)
moderator = insert(:user, is_moderator: true) moderator = insert(:user, is_moderator: true)
@ -357,7 +357,7 @@ defmodule Pleroma.Web.CommonAPITest do
end end
test "privileged users deleting non-local posts won't federate the delete" do test "privileged users deleting non-local posts won't federate the delete" do
clear_config([:instance, :admin_privileges], [:status_delete]) clear_config([:instance, :admin_privileges], [:messages_delete])
# This is the user of the ingested activity # This is the user of the ingested activity
_user = _user =
insert(:user, insert(:user,

View file

@ -74,7 +74,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
end end
test "by default, does not contain pleroma:report" do test "by default, does not contain pleroma:report" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)
@ -105,7 +105,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
end end
test "Pleroma:report is hidden for non-privileged users" do test "Pleroma:report is hidden for non-privileged users" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
user = insert(:user) user = insert(:user)
other_user = insert(:user) other_user = insert(:user)

View file

@ -969,7 +969,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
end end
test "when you're privileged to", %{conn: conn} do test "when you're privileged to", %{conn: conn} do
clear_config([:instance, :moderator_privileges], [:status_delete]) clear_config([:instance, :moderator_privileges], [:messages_delete])
activity = insert(:note_activity) activity = insert(:note_activity)
moderator = insert(:user, is_moderator: true) moderator = insert(:user, is_moderator: true)

View file

@ -358,7 +358,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
end end
test "Represent a deactivated user for a privileged user" do test "Represent a deactivated user for a privileged user" do
clear_config([:instance, :moderator_privileges], [:user_activation]) clear_config([:instance, :moderator_privileges], [:users_manage_activation_state])
admin = insert(:user, is_moderator: true) admin = insert(:user, is_moderator: true)
deactivated_user = insert(:user, is_active: false) deactivated_user = insert(:user, is_active: false)

View file

@ -218,7 +218,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
end end
test "Report notification" do test "Report notification" do
clear_config([:instance, :moderator_privileges], [:report_handle]) clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
reporting_user = insert(:user) reporting_user = insert(:user)
reported_user = insert(:user) reported_user = insert(:user)

View file

@ -30,7 +30,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do describe "POST/PATCH/DELETE /api/pleroma/emoji/packs/files?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -379,7 +379,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
|> json_response_and_validate_schema(:bad_request) |> json_response_and_validate_schema(:bad_request)
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn

View file

@ -100,7 +100,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
describe "GET /api/pleroma/emoji/packs/remote" do describe "GET /api/pleroma/emoji/packs/remote" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "shareable instance", %{admin_conn: admin_conn, conn: conn} do test "shareable instance", %{admin_conn: admin_conn, conn: conn} do
@ -141,7 +141,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn
@ -183,7 +183,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
describe "POST /api/pleroma/emoji/packs/download" do describe "POST /api/pleroma/emoji/packs/download" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "shared pack from remote and non shared from fallback-src", %{ test "shared pack from remote and non shared from fallback-src", %{
@ -361,7 +361,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -377,7 +377,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do describe "PATCH/update /api/pleroma/emoji/pack?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
pack_file = "#{@emoji_path}/test_pack/pack.json" pack_file = "#{@emoji_path}/test_pack/pack.json"
original_content = File.read!(pack_file) original_content = File.read!(pack_file)
@ -466,7 +466,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: conn, new_data: new_data} do test "it requires privileged role :emoji_manage_emoji", %{
admin_conn: conn,
new_data: new_data
} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert conn assert conn
@ -478,7 +481,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do describe "POST/DELETE /api/pleroma/emoji/pack?name=:name" do
setup do setup do
clear_config([:instance, :admin_privileges], [:emoji_management]) clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
end end
test "returns an error on creates pack when file system not writable", %{ test "returns an error on creates pack when file system not writable", %{
@ -564,7 +567,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
} }
end end
test "it requires privileged role :emoji_management", %{admin_conn: admin_conn} do test "it requires privileged role :emoji_manage_emoji", %{admin_conn: admin_conn} do
clear_config([:instance, :admin_privileges], []) clear_config([:instance, :admin_privileges], [])
assert admin_conn assert admin_conn