From 949a53e327fa2d4ca2099cd4ca6fa2e3fd9e789a Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Sun, 5 Dec 2021 17:46:56 -0500 Subject: [PATCH 01/10] Log Ecto queries > 500ms --- lib/pleroma/telemetry/logger.ex | 45 +++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/telemetry/logger.ex b/lib/pleroma/telemetry/logger.ex index 44d2f48dc..1dea13acd 100644 --- a/lib/pleroma/telemetry/logger.ex +++ b/lib/pleroma/telemetry/logger.ex @@ -12,10 +12,16 @@ defmodule Pleroma.Telemetry.Logger do [:pleroma, :connection_pool, :reclaim, :stop], [:pleroma, :connection_pool, :provision_failure], [:pleroma, :connection_pool, :client, :dead], - [:pleroma, :connection_pool, :client, :add] + [:pleroma, :connection_pool, :client, :add], + [:pleroma, :repo, :query] ] def attach do - :telemetry.attach_many("pleroma-logger", @events, &handle_event/4, []) + :telemetry.attach_many( + "pleroma-logger", + @events, + &Pleroma.Telemetry.Logger.handle_event/4, + [] + ) end # Passing anonymous functions instead of strings to logger is intentional, @@ -91,4 +97,39 @@ def handle_event( end def handle_event([:pleroma, :connection_pool, :client, :add], _, _, _), do: :ok + + def handle_event( + [:pleroma, :repo, :query] = _name, + %{query_time: query_time} = _measurements, + %{source: source, query: query} = _metadata, + _config + ) + when query_time > 500_000 and source not in [nil, "oban_jobs"] do + {:current_stacktrace, stacktrace} = Process.info(self(), :current_stacktrace) + + stacktrace = + Enum.filter(stacktrace, fn + {__MODULE__, _, _, _} -> + false + + {mod, _, _, _} -> + mod + |> to_string() + |> String.starts_with?("Elixir.Pleroma.") + end) + + Logger.warn(fn -> + """ + Query took longer than 500ms! + + Total time: #{query_time / 1_000}ms + + #{inspect(query)} + + #{inspect(stacktrace, pretty: true)} + """ + end) + end + + def handle_event([:pleroma, :repo, :query], _measurements, _metadata, _config), do: :ok end From e009950845c6d1e7864bb68ea1258c58438ee3aa Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sun, 19 Dec 2021 20:35:00 +0300 Subject: [PATCH 02/10] Slow queries logging improvements: added EXPLAIN results, listed params, improved stacktrace. --- lib/pleroma/telemetry/logger.ex | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/telemetry/logger.ex b/lib/pleroma/telemetry/logger.ex index 1dea13acd..c079f34f2 100644 --- a/lib/pleroma/telemetry/logger.ex +++ b/lib/pleroma/telemetry/logger.ex @@ -101,13 +101,19 @@ def handle_event([:pleroma, :connection_pool, :client, :add], _, _, _), do: :ok def handle_event( [:pleroma, :repo, :query] = _name, %{query_time: query_time} = _measurements, - %{source: source, query: query} = _metadata, + %{source: source, query: query, params: query_params, repo: repo} = _metadata, _config ) when query_time > 500_000 and source not in [nil, "oban_jobs"] do {:current_stacktrace, stacktrace} = Process.info(self(), :current_stacktrace) - stacktrace = + sql_explain = + with {:ok, %{rows: explain_result_rows}} <- + repo.query("EXPLAIN " <> query, query_params, log: false) do + Enum.map_join(explain_result_rows, "\n", & &1) + end + + pleroma_stacktrace = Enum.filter(stacktrace, fn {__MODULE__, _, _, _} -> false @@ -120,13 +126,17 @@ def handle_event( Logger.warn(fn -> """ - Query took longer than 500ms! + Slow query! Total time: #{query_time / 1_000}ms - #{inspect(query)} + #{query} - #{inspect(stacktrace, pretty: true)} + #{inspect(query_params)} + + #{sql_explain} + + #{Exception.format_stacktrace(pleroma_stacktrace)} """ end) end From e8e8d2262ec55acabb7f7749f915e24d06df601a Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Sun, 26 Dec 2021 16:14:56 +0100 Subject: [PATCH 03/10] CI: Start testing erratic test again Erratic tests are now ran in their own task, so we don't block normal testing. The runtime is under a minute, so even if this one has to be retried, it shouldn't take forever. --- .gitlab-ci.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f296f7bd9..3860f1db9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -93,6 +93,27 @@ unit-testing: - mix ecto.migrate - mix coveralls --preload-modules +unit-testing-erratic: + stage: test + retry: 2 + only: + changes: + - "**/*.ex" + - "**/*.exs" + - "mix.lock" + cache: &testing_cache_policy + <<: *global_cache_policy + policy: pull + + services: + - name: postgres:13 + alias: postgres + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + script: + - mix ecto.create + - mix ecto.migrate + - mix test --only=erratic + # Removed to fix CI issue. In this early state it wasn't adding much value anyway. # TODO Fix and reinstate federated testing # federated-testing: From 3e9e7178bc90754ad6f5414417079f6484b421e9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sun, 26 Dec 2021 22:49:00 +0300 Subject: [PATCH 04/10] Configurability of slow queries logging ([:pleroma, :telemetry, :slow_queries_logging]). Adjusted log messages truncation to 65 kb (was default: 8 kb). Non-truncated logging of slow query params. --- config/config.exs | 5 +++++ lib/pleroma/telemetry/logger.ex | 33 +++++++++++++++++++++++---------- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/config/config.exs b/config/config.exs index b50c910b1..656778007 100644 --- a/config/config.exs +++ b/config/config.exs @@ -148,6 +148,8 @@ ] # Configures Elixir's Logger +config :logger, truncate: 65536 + config :logger, :console, level: :debug, format: "\n$time $metadata[$level] $message\n", @@ -852,6 +854,9 @@ {Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy, [max_running: 5, max_waiting: 5]} ] +config :pleroma, :telemetry, + slow_queries_logging: [exclude_sources: [nil, "oban_jobs"], min_duration: 500_000] + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" diff --git a/lib/pleroma/telemetry/logger.ex b/lib/pleroma/telemetry/logger.ex index c079f34f2..0f73ecc02 100644 --- a/lib/pleroma/telemetry/logger.ex +++ b/lib/pleroma/telemetry/logger.ex @@ -100,19 +100,34 @@ def handle_event([:pleroma, :connection_pool, :client, :add], _, _, _), do: :ok def handle_event( [:pleroma, :repo, :query] = _name, - %{query_time: query_time} = _measurements, - %{source: source, query: query, params: query_params, repo: repo} = _metadata, - _config - ) - when query_time > 500_000 and source not in [nil, "oban_jobs"] do - {:current_stacktrace, stacktrace} = Process.info(self(), :current_stacktrace) + %{query_time: query_time} = measurements, + %{source: source} = metadata, + config + ) do + logging_config = Pleroma.Config.get([:telemetry, :slow_queries_logging], []) + if logging_config[:min_duration] && query_time > logging_config[:min_duration] and + (is_nil(logging_config[:exclude_sources]) or + source not in logging_config[:exclude_sources]) do + log_slow_query(measurements, metadata, config) + else + :ok + end + end + + defp log_slow_query( + %{query_time: query_time} = _measurements, + %{source: _source, query: query, params: query_params, repo: repo} = _metadata, + _config + ) do sql_explain = with {:ok, %{rows: explain_result_rows}} <- repo.query("EXPLAIN " <> query, query_params, log: false) do Enum.map_join(explain_result_rows, "\n", & &1) end + {:current_stacktrace, stacktrace} = Process.info(self(), :current_stacktrace) + pleroma_stacktrace = Enum.filter(stacktrace, fn {__MODULE__, _, _, _} -> @@ -128,11 +143,11 @@ def handle_event( """ Slow query! - Total time: #{query_time / 1_000}ms + Total time: #{round(query_time / 1_000)} ms #{query} - #{inspect(query_params)} + #{inspect(query_params, limit: :infinity)} #{sql_explain} @@ -140,6 +155,4 @@ def handle_event( """ end) end - - def handle_event([:pleroma, :repo, :query], _measurements, _metadata, _config), do: :ok end From cd1041c3a413b9b3ba4c763308b5fd77a53d7c3c Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 27 Dec 2021 02:27:48 +0300 Subject: [PATCH 05/10] API: optionally restrict moderators from accessing sensitive data --- CHANGELOG.md | 3 +- config/config.exs | 3 +- config/description.exs | 5 +++ .../web/plugs/ensure_staff_privileged.ex | 31 +++++++++++++++++++ lib/pleroma/web/router.ex | 31 +++++++++++++------ 5 files changed, 62 insertions(+), 11 deletions(-) create mode 100644 lib/pleroma/web/plugs/ensure_staff_privileged.ex diff --git a/CHANGELOG.md b/CHANGELOG.md index ee9e04568..79fe674a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object +- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis +- AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies @@ -67,7 +69,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Attachment dimensions and blurhashes are federated when available. - Mastodon API: support `poll` notification. - Pinned posts federation -- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis ### Fixed - Don't crash so hard when email settings are invalid. diff --git a/config/config.exs b/config/config.exs index 23c41eddd..ec242cadc 100644 --- a/config/config.exs +++ b/config/config.exs @@ -255,7 +255,8 @@ ], show_reactions: true, password_reset_token_validity: 60 * 60 * 24, - profile_directory: true + profile_directory: true, + privileged_staff: false config :pleroma, :welcome, direct_message: [ diff --git a/config/description.exs b/config/description.exs index 517077acf..a8fbd4d73 100644 --- a/config/description.exs +++ b/config/description.exs @@ -941,6 +941,11 @@ key: :profile_directory, type: :boolean, description: "Enable profile directory." + }, + %{ + key: :privileged_staff, + type: :boolean, + description: "Let moderators access sensitive data (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" } ] }, diff --git a/lib/pleroma/web/plugs/ensure_staff_privileged.ex b/lib/pleroma/web/plugs/ensure_staff_privileged.ex new file mode 100644 index 000000000..b15ddfc56 --- /dev/null +++ b/lib/pleroma/web/plugs/ensure_staff_privileged.ex @@ -0,0 +1,31 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2021 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do + @moduledoc """ + Ensures if staff are privileged enough to do certain tasks + """ + + import Pleroma.Web.TranslationHelpers + import Plug.Conn + + alias Pleroma.User + alias Pleroma.Config + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn + + def call(conn, _) do + if Config.get!([:instance, :privileged_staff]) do + conn + else + conn + |> render_error(:forbidden, "User is not an admin.") + |> halt() + end + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b2ca09784..7ba72994b 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -101,6 +101,10 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.IdempotencyPlug) end + pipeline :require_privileged_staff do + plug(Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug) + end + pipeline :require_admin do plug(Pleroma.Web.Plugs.UserIsAdminPlug) end @@ -228,6 +232,24 @@ defmodule Pleroma.Web.Router do post("/backups", AdminAPIController, :create_backup) end + # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config) + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through([:admin_api, :require_privileged_staff]) + + delete("/users", UserController, :delete) + + get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) + patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) + + get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) + get("/users/:nickname/chats", AdminAPIController, :list_user_chats) + + get("/statuses", StatusController, :index) + + get("/chats/:id", ChatController, :show) + get("/chats/:id/messages", ChatController, :messages) + end + # AdminAPI: admins and mods (staff) can perform these actions scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do pipe_through(:admin_api) @@ -240,22 +262,16 @@ defmodule Pleroma.Web.Router do patch("/users/deactivate", UserController, :deactivate) patch("/users/approve", UserController, :approve) - delete("/users", UserController, :delete) - post("/users/invite_token", InviteController, :create) get("/users/invites", InviteController, :index) post("/users/revoke_invite", InviteController, :revoke) post("/users/email_invite", InviteController, :email) - get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) patch("/users/force_password_reset", AdminAPIController, :force_password_reset) get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials) - patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) get("/users", UserController, :index) get("/users/:nickname", UserController, :show) - get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) - get("/users/:nickname/chats", AdminAPIController, :list_user_chats) get("/instances/:instance/statuses", InstanceController, :list_statuses) delete("/instances/:instance", InstanceController, :delete) @@ -269,15 +285,12 @@ defmodule Pleroma.Web.Router do get("/statuses/:id", StatusController, :show) put("/statuses/:id", StatusController, :update) delete("/statuses/:id", StatusController, :delete) - get("/statuses", StatusController, :index) get("/moderation_log", AdminAPIController, :list_log) post("/reload_emoji", AdminAPIController, :reload_emoji) get("/stats", AdminAPIController, :stats) - get("/chats/:id", ChatController, :show) - get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end From 1c223331fc7276a7e5946b6dbd5d2b713cd6c1e8 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 27 Dec 2021 02:28:09 +0300 Subject: [PATCH 06/10] API: show info about privileged staff in instance metadata --- lib/pleroma/web/mastodon_api/views/instance_view.ex | 3 ++- lib/pleroma/web/nodeinfo/nodeinfo.ex | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/instance_view.ex b/lib/pleroma/web/mastodon_api/views/instance_view.ex index 7072d5d61..8e657ee0f 100644 --- a/lib/pleroma/web/mastodon_api/views/instance_view.ex +++ b/lib/pleroma/web/mastodon_api/views/instance_view.ex @@ -45,7 +45,8 @@ def render("show.json", _) do features: features(), federation: federation(), fields_limits: fields_limits(), - post_formats: Config.get([:instance, :allowed_post_formats]) + post_formats: Config.get([:instance, :allowed_post_formats]), + privileged_staff: Config.get([:instance, :privileged_staff]) }, stats: %{mau: Pleroma.User.active_user_count()}, vapid_public_key: Keyword.get(Pleroma.Web.Push.vapid_config(), :public_key) diff --git a/lib/pleroma/web/nodeinfo/nodeinfo.ex b/lib/pleroma/web/nodeinfo/nodeinfo.ex index 3781781c8..80a2ce676 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo.ex @@ -69,7 +69,8 @@ def get_nodeinfo("2.0") do mailerEnabled: Config.get([Pleroma.Emails.Mailer, :enabled], false), features: features, restrictedNicknames: Config.get([Pleroma.User, :restricted_nicknames]), - skipThreadContainment: Config.get([:instance, :skip_thread_containment], false) + skipThreadContainment: Config.get([:instance, :skip_thread_containment], false), + privilegedStaff: Config.get([:instance, :privileged_staff]) } } end From f66675f349a6e6b8111280e1abd23871688f6179 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 27 Dec 2021 02:57:54 +0300 Subject: [PATCH 07/10] API: fix duplicate :get_password_token route --- lib/pleroma/web/router.ex | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7ba72994b..5473cd93d 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -199,7 +199,6 @@ defmodule Pleroma.Web.Router do post("/relay", RelayController, :follow) delete("/relay", RelayController, :unfollow) - get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) patch("/users/force_password_reset", AdminAPIController, :force_password_reset) get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials) patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) From f02715c4b2bfe5b1f055e44d8fece2047d85b611 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 27 Dec 2021 03:12:32 +0300 Subject: [PATCH 08/10] Fix lint errors --- config/description.exs | 3 ++- ...ure_staff_privileged.ex => ensure_staff_privileged_plug.ex} | 2 +- lib/pleroma/web/router.ex | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) rename lib/pleroma/web/plugs/{ensure_staff_privileged.ex => ensure_staff_privileged_plug.ex} (100%) diff --git a/config/description.exs b/config/description.exs index a8fbd4d73..ea3f34abe 100644 --- a/config/description.exs +++ b/config/description.exs @@ -945,7 +945,8 @@ %{ key: :privileged_staff, type: :boolean, - description: "Let moderators access sensitive data (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" + description: + "Let moderators access sensitive data (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" } ] }, diff --git a/lib/pleroma/web/plugs/ensure_staff_privileged.ex b/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex similarity index 100% rename from lib/pleroma/web/plugs/ensure_staff_privileged.ex rename to lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex index b15ddfc56..fe0a11dec 100644 --- a/lib/pleroma/web/plugs/ensure_staff_privileged.ex +++ b/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex @@ -10,8 +10,8 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do import Pleroma.Web.TranslationHelpers import Plug.Conn - alias Pleroma.User alias Pleroma.Config + alias Pleroma.User def init(options) do options diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5473cd93d..02ca8d70a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -238,7 +238,7 @@ defmodule Pleroma.Web.Router do delete("/users", UserController, :delete) get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) - patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) + patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials) get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) get("/users/:nickname/chats", AdminAPIController, :list_user_chats) From 08c0f09bad040ea713893be822342867f589efbe Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 27 Dec 2021 09:13:31 +0300 Subject: [PATCH 09/10] Made slow queries logging disabled by default. --- config/config.exs | 6 +++++- lib/pleroma/telemetry/logger.ex | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/config.exs b/config/config.exs index 656778007..30113a2e3 100644 --- a/config/config.exs +++ b/config/config.exs @@ -855,7 +855,11 @@ ] config :pleroma, :telemetry, - slow_queries_logging: [exclude_sources: [nil, "oban_jobs"], min_duration: 500_000] + slow_queries_logging: [ + enabled: false, + min_duration: 500_000, + exclude_sources: [nil, "oban_jobs"] + ] # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. diff --git a/lib/pleroma/telemetry/logger.ex b/lib/pleroma/telemetry/logger.ex index 0f73ecc02..d7fea9c0f 100644 --- a/lib/pleroma/telemetry/logger.ex +++ b/lib/pleroma/telemetry/logger.ex @@ -106,7 +106,9 @@ def handle_event( ) do logging_config = Pleroma.Config.get([:telemetry, :slow_queries_logging], []) - if logging_config[:min_duration] && query_time > logging_config[:min_duration] and + if logging_config[:enabled] && + logging_config[:min_duration] && + query_time > logging_config[:min_duration] and (is_nil(logging_config[:exclude_sources]) or source not in logging_config[:exclude_sources]) do log_slow_query(measurements, metadata, config) From 479fc5fff8355e552c5d2297d83f4ca7456d4f03 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Dec 2021 10:39:59 -0600 Subject: [PATCH 10/10] EnsureStaffPrivilegedPlug: add tests --- .../ensure_staff_privileged_plug_test.exs | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs diff --git a/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs new file mode 100644 index 000000000..74f4ae504 --- /dev/null +++ b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs @@ -0,0 +1,60 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2021 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug + import Pleroma.Factory + + test "accepts a user that is an admin" do + user = insert(:user, is_admin: true) + + conn = assign(build_conn(), :user, user) + + ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) + + assert conn == ret_conn + end + + test "accepts a user that is a moderator when :privileged_staff is enabled" do + clear_config([:instance, :privileged_staff], true) + user = insert(:user, is_moderator: true) + + conn = assign(build_conn(), :user, user) + + ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{}) + + assert conn == ret_conn + end + + test "denies a user that is a moderator when :privileged_staff is disabled" do + clear_config([:instance, :privileged_staff], false) + user = insert(:user, is_moderator: true) + + conn = + build_conn() + |> assign(:user, user) + |> EnsureStaffPrivilegedPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies a user that isn't a staff member" do + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + |> EnsureStaffPrivilegedPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies when a user isn't set" do + conn = EnsureStaffPrivilegedPlug.call(build_conn(), %{}) + + assert conn.status == 403 + end +end