Add privilege for announcements

This commit is contained in:
Ilja 2022-07-14 08:40:26 +02:00
parent 44d14e8a9c
commit c045a49909
4 changed files with 108 additions and 1 deletions

View file

@ -269,6 +269,7 @@ config :pleroma, :instance,
:instances_delete, :instances_delete,
:reports_manage_reports, :reports_manage_reports,
:moderation_log_read, :moderation_log_read,
:announcements_manage_announcements,
:emoji_manage_emoji, :emoji_manage_emoji,
:statistics_read :statistics_read
], ],

View file

@ -984,6 +984,7 @@ config :pleroma, :config_description, [
:instances_delete, :instances_delete,
:reports_manage_reports, :reports_manage_reports,
:moderation_log_read, :moderation_log_read,
:announcements_manage_announcements,
:emoji_manage_emoji, :emoji_manage_emoji,
:statistics_read :statistics_read
], ],
@ -1005,6 +1006,7 @@ config :pleroma, :config_description, [
:instances_delete, :instances_delete,
:reports_manage_reports, :reports_manage_reports,
:moderation_log_read, :moderation_log_read,
:announcements_manage_announcements,
:emoji_manage_emoji, :emoji_manage_emoji,
:statistics_read :statistics_read
], ],

View file

@ -170,6 +170,11 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statistics_read) plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statistics_read)
end end
pipeline :require_privileged_role_announcements_manage_announcements do
plug(:admin_api)
plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :announcements_manage_announcements)
end
pipeline :pleroma_html do pipeline :pleroma_html do
plug(:browser) plug(:browser)
plug(:authenticate) plug(:authenticate)
@ -289,6 +294,11 @@ defmodule Pleroma.Web.Router do
post("/frontends/install", FrontendController, :install) post("/frontends/install", FrontendController, :install)
post("/backups", AdminAPIController, :create_backup) post("/backups", AdminAPIController, :create_backup)
end
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:require_privileged_role_announcements_manage_announcements)
get("/announcements", AnnouncementController, :index) get("/announcements", AnnouncementController, :index)
post("/announcements", AnnouncementController, :create) post("/announcements", AnnouncementController, :create)

View file

@ -3,11 +3,12 @@
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
use Pleroma.Web.ConnCase use Pleroma.Web.ConnCase, async: false
import Pleroma.Factory import Pleroma.Factory
setup do setup do
clear_config([:instance, :admin_privileges], [:announcements_manage_announcements])
admin = insert(:user, is_admin: true) admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin) token = insert(:oauth_admin_token, user: admin)
@ -31,6 +32,18 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
assert [%{"id" => ^id}] = response assert [%{"id" => ^id}] = response
end end
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
conn
|> get("/api/v1/pleroma/admin/announcements")
|> json_response_and_validate_schema(:ok)
clear_config([:instance, :admin_privileges], [])
conn
|> get("/api/v1/pleroma/admin/announcements")
|> json_response(:forbidden)
end
test "it paginates announcements", %{conn: conn} do test "it paginates announcements", %{conn: conn} do
_announcements = Enum.map(0..20, fn _ -> insert(:announcement) end) _announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
@ -92,6 +105,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
assert %{"id" => ^id} = response assert %{"id" => ^id} = response
end end
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
%{id: id} = insert(:announcement)
conn
|> get("/api/v1/pleroma/admin/announcements/#{id}")
|> json_response_and_validate_schema(:ok)
clear_config([:instance, :admin_privileges], [])
conn
|> get("/api/v1/pleroma/admin/announcements/#{id}")
|> json_response(:forbidden)
end
test "it returns not found for non-existent id", %{conn: conn} do test "it returns not found for non-existent id", %{conn: conn} do
%{id: id} = insert(:announcement) %{id: id} = insert(:announcement)
@ -112,6 +139,20 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
|> json_response_and_validate_schema(:ok) |> json_response_and_validate_schema(:ok)
end end
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
%{id: id} = insert(:announcement)
conn
|> delete("/api/v1/pleroma/admin/announcements/#{id}")
|> json_response_and_validate_schema(:ok)
clear_config([:instance, :admin_privileges], [])
conn
|> delete("/api/v1/pleroma/admin/announcements/#{id}")
|> json_response(:forbidden)
end
test "it returns not found for non-existent id", %{conn: conn} do test "it returns not found for non-existent id", %{conn: conn} do
%{id: id} = insert(:announcement) %{id: id} = insert(:announcement)
@ -156,6 +197,29 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq
end end
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
%{id: id} = insert(:announcement)
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
starts_at = NaiveDateTime.add(now, -10, :second)
conn
|> put_req_header("content-type", "application/json")
|> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
starts_at: NaiveDateTime.to_iso8601(starts_at)
})
|> json_response_and_validate_schema(:ok)
clear_config([:instance, :admin_privileges], [])
conn
|> put_req_header("content-type", "application/json")
|> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
starts_at: NaiveDateTime.to_iso8601(starts_at)
})
|> json_response(:forbidden)
end
test "it updates with time with utc timezone", %{conn: conn} do test "it updates with time with utc timezone", %{conn: conn} do
%{id: id} = insert(:announcement) %{id: id} = insert(:announcement)
@ -250,6 +314,36 @@ defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq
end end
test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
content = "test post announcement api"
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
starts_at = NaiveDateTime.add(now, -10, :second)
ends_at = NaiveDateTime.add(now, 10, :second)
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/pleroma/admin/announcements", %{
"content" => content,
"starts_at" => NaiveDateTime.to_iso8601(starts_at),
"ends_at" => NaiveDateTime.to_iso8601(ends_at),
"all_day" => true
})
|> json_response_and_validate_schema(:ok)
clear_config([:instance, :admin_privileges], [])
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/pleroma/admin/announcements", %{
"content" => content,
"starts_at" => NaiveDateTime.to_iso8601(starts_at),
"ends_at" => NaiveDateTime.to_iso8601(ends_at),
"all_day" => true
})
|> json_response(:forbidden)
end
test "creating with time with utc timezones", %{conn: conn} do test "creating with time with utc timezones", %{conn: conn} do
content = "test post announcement api" content = "test post announcement api"