Merge branch 'ensure-staff-privileged-strict' into 'develop'

EnsureStaffPrivilegedPlug: don't let non-moderators through

See merge request pleroma/pleroma!3582
This commit is contained in:
Alex Gleason 2021-12-28 00:53:11 +00:00
commit 52a3f0f08b

View file

@ -4,9 +4,8 @@
defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
@moduledoc """ @moduledoc """
Ensures if staff are privileged enough to do certain tasks Ensures staff are privileged enough to do certain tasks.
""" """
import Pleroma.Web.TranslationHelpers import Pleroma.Web.TranslationHelpers
import Plug.Conn import Plug.Conn
@ -19,7 +18,7 @@ def init(options) do
def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
def call(conn, _) do def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
if Config.get!([:instance, :privileged_staff]) do if Config.get!([:instance, :privileged_staff]) do
conn conn
else else
@ -28,4 +27,10 @@ def call(conn, _) do
|> halt() |> halt()
end end
end end
def call(conn, _) do
conn
|> render_error(:forbidden, "User is not a staff member.")
|> halt()
end
end end