From 25b9e7a8c39602e6463a867089948a7957cfab9f Mon Sep 17 00:00:00 2001 From: eugenijm Date: Tue, 19 Feb 2019 18:40:57 +0300 Subject: [PATCH] Added admin API for changing user activation status --- docs/Admin-API.md | 8 ++++ .../web/admin_api/admin_api_controller.ex | 7 +++ lib/pleroma/web/router.ex | 2 + .../admin_api/admin_api_controller_test.exs | 48 +++++++++++++++++++ 4 files changed, 65 insertions(+) diff --git a/docs/Admin-API.md b/docs/Admin-API.md index 3b19d1aa6..016444d58 100644 --- a/docs/Admin-API.md +++ b/docs/Admin-API.md @@ -66,6 +66,14 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret * On success: JSON of the ``user.info`` * Note: An admin cannot revoke their own admin status. +## `/api/pleroma/admin/activation_status/:nickname` + +### Active or deactivate a user +* Method: `PUT` +* Params: + * `nickname` + * `status` BOOLEAN field, false value means deactivation. + ## `/api/pleroma/admin/relay` ### Follow a Relay * Methods: `POST` diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index dc01f46f3..9ec50bb90 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -124,6 +124,13 @@ def right_delete(conn, _) do |> json(%{error: "No such permission_group"}) end + def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do + with {:ok, status} <- Ecto.Type.cast(:boolean, status), + %User{} = user <- User.get_by_nickname(nickname), + {:ok, _} <- User.deactivate(user, !status), + do: json_response(conn, :no_content, "") + end + def relay_follow(conn, %{"relay_url" => target}) do with {:ok, _message} <- Relay.follow(target) do json(conn, target) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 9a6cf2232..a4a382110 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -124,6 +124,8 @@ defmodule Pleroma.Web.Router do post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add) delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete) + put("/activation_status/:nickname", AdminAPIController, :set_activation_status) + post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index a27c26f95..9fbaaba39 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -159,6 +159,54 @@ test "/:right DELETE, can remove from a permission group" do end end + describe "PUT /api/pleroma/admin/activation_status" do + setup %{conn: conn} do + admin = insert(:user, info: %{is_admin: true}) + + conn = + conn + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + + %{conn: conn} + end + + test "deactivates the user", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false}) + + user = Repo.get(User, user.id) + assert user.info.deactivated == true + assert json_response(conn, :no_content) + end + + test "activates the user", %{conn: conn} do + user = insert(:user, info: %{deactivated: true}) + + conn = + conn + |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: true}) + + user = Repo.get(User, user.id) + assert user.info.deactivated == false + assert json_response(conn, :no_content) + end + + test "returns 403 when requested by a non-admin", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false}) + + assert json_response(conn, :forbidden) + end + end + describe "POST /api/pleroma/admin/email_invite, with valid config" do setup do registrations_open = Pleroma.Config.get([:instance, :registrations_open])