Deprecate POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group instead of deleting it
This commit is contained in:
Maxim Filippov
parent
f5104f36bb
commit
aaa4252f41
5 changed files with 137 additions and 8 deletions
|
|
@ -17,11 +17,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Authentication: Added rate limit for password-authorized actions / login existence checks
|
- Authentication: Added rate limit for password-authorized actions / login existence checks
|
||||||
- Metadata Link: Atom syndication Feed
|
- Metadata Link: Atom syndication Feed
|
||||||
- Admin API: `/users/:nickname/toggle_activation` endpoint is now deprecated in favor of: `/users/activate`, `/users/deactivate`, both accept `nicknames` array
|
- Admin API: `/users/:nickname/toggle_activation` endpoint is now deprecated in favor of: `/users/activate`, `/users/deactivate`, both accept `nicknames` array
|
||||||
|
- Admin API: `POST /api/pleroma/admin/users/:nickname/permission_group/:permission_group` / `DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group` are deprecated in favor of: `POST /api/pleroma/admin/users/permission_group/:permission_group` / `DELETE /api/pleroma/admin/users/permission_group/:permission_group` (both accept `nicknames` array)
|
||||||
|
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- **Breaking:** Elixir >=1.8 is now required (was >= 1.7)
|
- **Breaking:** Elixir >=1.8 is now required (was >= 1.7)
|
||||||
- **Breaking:** Admin API: Return link alongside with token on password reset
|
- **Breaking:** Admin API: Return link alongside with token on password reset
|
||||||
- **Breaking:** Admin API: `POST /users/permission_group/:permission_group` / `DELETE /users/permission_group/:permission_group` now accept `nicknames` array
|
|
||||||
- Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) and `Pleroma.Web.Federator.RetryQueue` with [Oban](https://github.com/sorentwo/oban) (see [`docs/config.md`](docs/config.md) on migrating customized worker / retry settings)
|
- Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) and `Pleroma.Web.Federator.RetryQueue` with [Oban](https://github.com/sorentwo/oban) (see [`docs/config.md`](docs/config.md) on migrating customized worker / retry settings)
|
||||||
- Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler
|
- Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler
|
||||||
- Admin API: Return `total` when querying for reports
|
- Admin API: Return `total` when querying for reports
|
||||||
|
|
|
||||||
|
|
@ -154,9 +154,18 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## DEPRECATED `POST /api/pleroma/admin/users/:nickname/permission_group/:permission_group`
|
||||||
|
|
||||||
|
### Add user to permission group
|
||||||
|
|
||||||
|
- Params: none
|
||||||
|
- Response:
|
||||||
|
- On failure: `{"error": "…"}`
|
||||||
|
- On success: JSON of the `user.info`
|
||||||
|
|
||||||
## `POST /api/pleroma/admin/users/permission_group/:permission_group`
|
## `POST /api/pleroma/admin/users/permission_group/:permission_group`
|
||||||
|
|
||||||
### Add user in permission group
|
### Add users to permission group
|
||||||
|
|
||||||
- Params:
|
- Params:
|
||||||
- `nicknames`: nicknames array
|
- `nicknames`: nicknames array
|
||||||
|
|
@ -164,10 +173,20 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||||
- On failure: `{"error": "…"}`
|
- On failure: `{"error": "…"}`
|
||||||
- On success: JSON of the `user.info`
|
- On success: JSON of the `user.info`
|
||||||
|
|
||||||
## `DELETE /api/pleroma/admin/users/permission_group/:permission_group`
|
## DEPRECATED `DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group`
|
||||||
|
|
||||||
### Remove user from permission group
|
### Remove user from permission group
|
||||||
|
|
||||||
|
- Params: none
|
||||||
|
- Response:
|
||||||
|
- On failure: `{"error": "…"}`
|
||||||
|
- On success: JSON of the `user.info`
|
||||||
|
- Note: An admin cannot revoke their own admin status.
|
||||||
|
|
||||||
|
## `DELETE /api/pleroma/admin/users/permission_group/:permission_group`
|
||||||
|
|
||||||
|
### Remove users from permission group
|
||||||
|
|
||||||
- Params:
|
- Params:
|
||||||
- `nicknames`: nicknames array
|
- `nicknames`: nicknames array
|
||||||
- Response:
|
- Response:
|
||||||
|
|
|
||||||
|
|
@ -345,7 +345,7 @@ defp maybe_parse_filters(filters) do
|
||||||
|> Enum.into(%{}, &{&1, true})
|
|> Enum.into(%{}, &{&1, true})
|
||||||
end
|
end
|
||||||
|
|
||||||
def right_add(%{assigns: %{user: admin}} = conn, %{
|
def right_add_multiple(%{assigns: %{user: admin}} = conn, %{
|
||||||
"permission_group" => permission_group,
|
"permission_group" => permission_group,
|
||||||
"nicknames" => nicknames
|
"nicknames" => nicknames
|
||||||
})
|
})
|
||||||
|
|
@ -366,6 +366,32 @@ def right_add(%{assigns: %{user: admin}} = conn, %{
|
||||||
json(conn, info)
|
json(conn, info)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def right_add_multiple(conn, _) do
|
||||||
|
render_error(conn, :not_found, "No such permission_group")
|
||||||
|
end
|
||||||
|
|
||||||
|
def right_add(%{assigns: %{user: admin}} = conn, %{
|
||||||
|
"permission_group" => permission_group,
|
||||||
|
"nickname" => nickname
|
||||||
|
})
|
||||||
|
when permission_group in ["moderator", "admin"] do
|
||||||
|
info = Map.put(%{}, "is_" <> permission_group, true)
|
||||||
|
|
||||||
|
{:ok, user} =
|
||||||
|
nickname
|
||||||
|
|> User.get_cached_by_nickname()
|
||||||
|
|> User.update_info(&User.Info.admin_api_update(&1, info))
|
||||||
|
|
||||||
|
ModerationLog.insert_log(%{
|
||||||
|
action: "grant",
|
||||||
|
actor: admin,
|
||||||
|
subject: [user],
|
||||||
|
permission: permission_group
|
||||||
|
})
|
||||||
|
|
||||||
|
json(conn, info)
|
||||||
|
end
|
||||||
|
|
||||||
def right_add(conn, _) do
|
def right_add(conn, _) do
|
||||||
render_error(conn, :not_found, "No such permission_group")
|
render_error(conn, :not_found, "No such permission_group")
|
||||||
end
|
end
|
||||||
|
|
@ -380,7 +406,7 @@ def right_get(conn, %{"nickname" => nickname}) do
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
def right_delete(
|
def right_delete_multiple(
|
||||||
%{assigns: %{user: %{nickname: admin_nickname} = admin}} = conn,
|
%{assigns: %{user: %{nickname: admin_nickname} = admin}} = conn,
|
||||||
%{
|
%{
|
||||||
"permission_group" => permission_group,
|
"permission_group" => permission_group,
|
||||||
|
|
@ -408,10 +434,39 @@ def right_delete(
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def right_delete(conn, _) do
|
def right_delete_multiple(conn, _) do
|
||||||
render_error(conn, :not_found, "No such permission_group")
|
render_error(conn, :not_found, "No such permission_group")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def right_delete(
|
||||||
|
%{assigns: %{user: admin}} = conn,
|
||||||
|
%{
|
||||||
|
"permission_group" => permission_group,
|
||||||
|
"nickname" => nickname
|
||||||
|
}
|
||||||
|
)
|
||||||
|
when permission_group in ["moderator", "admin"] do
|
||||||
|
info = Map.put(%{}, "is_" <> permission_group, false)
|
||||||
|
|
||||||
|
{:ok, user} =
|
||||||
|
nickname
|
||||||
|
|> User.get_cached_by_nickname()
|
||||||
|
|> User.update_info(&User.Info.admin_api_update(&1, info))
|
||||||
|
|
||||||
|
ModerationLog.insert_log(%{
|
||||||
|
action: "revoke",
|
||||||
|
actor: admin,
|
||||||
|
subject: [user],
|
||||||
|
permission: permission_group
|
||||||
|
})
|
||||||
|
|
||||||
|
json(conn, info)
|
||||||
|
end
|
||||||
|
|
||||||
|
def right_delete(%{assigns: %{user: %{nickname: nickname}}} = conn, %{"nickname" => nickname}) do
|
||||||
|
render_error(conn, :forbidden, "You can't revoke your own admin status.")
|
||||||
|
end
|
||||||
|
|
||||||
def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do
|
def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do
|
||||||
with {:ok, _message} <- Relay.follow(target) do
|
with {:ok, _message} <- Relay.follow(target) do
|
||||||
ModerationLog.insert_log(%{
|
ModerationLog.insert_log(%{
|
||||||
|
|
|
||||||
|
|
@ -144,8 +144,22 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
get("/users/:nickname/permission_group", AdminAPIController, :right_get)
|
get("/users/:nickname/permission_group", AdminAPIController, :right_get)
|
||||||
get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
|
get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
|
||||||
post("/users/permission_group/:permission_group", AdminAPIController, :right_add)
|
|
||||||
delete("/users/permission_group/:permission_group", AdminAPIController, :right_delete)
|
post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)
|
||||||
|
|
||||||
|
delete(
|
||||||
|
"/users/:nickname/permission_group/:permission_group",
|
||||||
|
AdminAPIController,
|
||||||
|
:right_delete
|
||||||
|
)
|
||||||
|
|
||||||
|
post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)
|
||||||
|
|
||||||
|
delete(
|
||||||
|
"/users/permission_group/:permission_group",
|
||||||
|
AdminAPIController,
|
||||||
|
:right_delete_multiple
|
||||||
|
)
|
||||||
|
|
||||||
post("/relay", AdminAPIController, :relay_follow)
|
post("/relay", AdminAPIController, :relay_follow)
|
||||||
delete("/relay", AdminAPIController, :relay_unfollow)
|
delete("/relay", AdminAPIController, :relay_unfollow)
|
||||||
|
|
|
||||||
|
|
@ -385,6 +385,26 @@ test "GET is giving user_info" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "/:right POST, can add to a permission group" do
|
test "/:right POST, can add to a permission group" do
|
||||||
|
admin = insert(:user, info: %{is_admin: true})
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> assign(:user, admin)
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{
|
||||||
|
"is_admin" => true
|
||||||
|
}
|
||||||
|
|
||||||
|
log_entry = Repo.one(ModerationLog)
|
||||||
|
|
||||||
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||||
|
"@#{admin.nickname} made @#{user.nickname} admin"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "/:right POST, can add to a permission group (multiple)" do
|
||||||
admin = insert(:user, info: %{is_admin: true})
|
admin = insert(:user, info: %{is_admin: true})
|
||||||
user_one = insert(:user)
|
user_one = insert(:user)
|
||||||
user_two = insert(:user)
|
user_two = insert(:user)
|
||||||
|
|
@ -408,6 +428,26 @@ test "/:right POST, can add to a permission group" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "/:right DELETE, can remove from a permission group" do
|
test "/:right DELETE, can remove from a permission group" do
|
||||||
|
admin = insert(:user, info: %{is_admin: true})
|
||||||
|
user = insert(:user, info: %{is_admin: true})
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> assign(:user, admin)
|
||||||
|
|> put_req_header("accept", "application/json")
|
||||||
|
|> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{
|
||||||
|
"is_admin" => false
|
||||||
|
}
|
||||||
|
|
||||||
|
log_entry = Repo.one(ModerationLog)
|
||||||
|
|
||||||
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||||
|
"@#{admin.nickname} revoked admin role from @#{user.nickname}"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "/:right DELETE, can remove from a permission group (multiple)" do
|
||||||
admin = insert(:user, info: %{is_admin: true})
|
admin = insert(:user, info: %{is_admin: true})
|
||||||
user_one = insert(:user, info: %{is_admin: true})
|
user_one = insert(:user, info: %{is_admin: true})
|
||||||
user_two = insert(:user, info: %{is_admin: true})
|
user_two = insert(:user, info: %{is_admin: true})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue