Moderators: reorganize :admin_api pipeline in Router

This commit is contained in:
Alex Gleason 2021-07-12 22:00:44 -05:00
parent 9bc1e79c56
commit 1f093cb216
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
2 changed files with 9 additions and 5 deletions

View file

@ -96,10 +96,14 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug) plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
plug(:after_auth) plug(:after_auth)
plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug) plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
plug(Pleroma.Web.Plugs.UserIsAdminPlug) plug(Pleroma.Web.Plugs.UserIsStaffPlug)
plug(Pleroma.Web.Plugs.IdempotencyPlug) plug(Pleroma.Web.Plugs.IdempotencyPlug)
end end
pipeline :require_admin do
plug(Pleroma.Web.Plugs.UserIsAdminPlug)
end
pipeline :mastodon_html do pipeline :mastodon_html do
plug(:browser) plug(:browser)
plug(:authenticate) plug(:authenticate)
@ -156,7 +160,7 @@ defmodule Pleroma.Web.Router do
end end
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api) pipe_through([:admin_api, :require_admin])
put("/users/disable_mfa", AdminAPIController, :disable_mfa) put("/users/disable_mfa", AdminAPIController, :disable_mfa)
put("/users/tag", AdminAPIController, :tag_users) put("/users/tag", AdminAPIController, :tag_users)
@ -261,7 +265,7 @@ defmodule Pleroma.Web.Router do
scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
scope "/pack" do scope "/pack" do
pipe_through(:admin_api) pipe_through([:admin_api, :require_admin])
post("/", EmojiPackController, :create) post("/", EmojiPackController, :create)
patch("/", EmojiPackController, :update) patch("/", EmojiPackController, :update)
@ -276,7 +280,7 @@ defmodule Pleroma.Web.Router do
# Modifying packs # Modifying packs
scope "/packs" do scope "/packs" do
pipe_through(:admin_api) pipe_through([:admin_api, :require_admin])
get("/import", EmojiPackController, :import_from_filesystem) get("/import", EmojiPackController, :import_from_filesystem)
get("/remote", EmojiPackController, :remote) get("/remote", EmojiPackController, :remote)

View file

@ -305,7 +305,7 @@ test "returns 403 when requested by a non-admin" do
|> get("/api/pleroma/admin/reports") |> get("/api/pleroma/admin/reports")
assert json_response(conn, :forbidden) == assert json_response(conn, :forbidden) ==
%{"error" => "User is not an admin."} %{"error" => "User is not a staff member."}
end end
test "returns 403 when requested by anonymous" do test "returns 403 when requested by anonymous" do