Added admin API for changing user activation status

2019-02-19 18:40:57 +03:00 · 2019-02-19 18:40:57 +03:00 · 25b9e7a8c3
commit 25b9e7a8c3
parent 1dd718e83c
4 changed files with 65 additions and 0 deletions
--- a/docs/Admin-API.md
+++ b/docs/Admin-API.md
@ -66,6 +66,14 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
    * On success: JSON of the ``user.info``
 * Note: An admin cannot revoke their own admin status.

+## `/api/pleroma/admin/activation_status/:nickname`
+
+### Active or deactivate a user
+* Method: `PUT`
+* Params:
+    * `nickname`
+    * `status` BOOLEAN field, false value means deactivation.
+
 ## `/api/pleroma/admin/relay`
 ### Follow a Relay
 * Methods: `POST`
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -124,6 +124,13 @@ def right_delete(conn, _) do
    |> json(%{error: "No such permission_group"})
  end

+  def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
+    with {:ok, status} <- Ecto.Type.cast(:boolean, status),
+         %User{} = user <- User.get_by_nickname(nickname),
+         {:ok, _} <- User.deactivate(user, !status),
+         do: json_response(conn, :no_content, "")
+  end
+
  def relay_follow(conn, %{"relay_url" => target}) do
    with {:ok, _message} <- Relay.follow(target) do
      json(conn, target)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -124,6 +124,8 @@ defmodule Pleroma.Web.Router do
    post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add)
    delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete)

+    put("/activation_status/:nickname", AdminAPIController, :set_activation_status)
+
    post("/relay", AdminAPIController, :relay_follow)
    delete("/relay", AdminAPIController, :relay_unfollow)

--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@ -159,6 +159,54 @@ test "/:right DELETE, can remove from a permission group" do
    end
  end

+  describe "PUT /api/pleroma/admin/activation_status" do
+    setup %{conn: conn} do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        conn
+        |> assign(:user, admin)
+        |> put_req_header("accept", "application/json")
+
+      %{conn: conn}
+    end
+
+    test "deactivates the user", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
+
+      user = Repo.get(User, user.id)
+      assert user.info.deactivated == true
+      assert json_response(conn, :no_content)
+    end
+
+    test "activates the user", %{conn: conn} do
+      user = insert(:user, info: %{deactivated: true})
+
+      conn =
+        conn
+        |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: true})
+
+      user = Repo.get(User, user.id)
+      assert user.info.deactivated == false
+      assert json_response(conn, :no_content)
+    end
+
+    test "returns 403 when requested by a non-admin", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
+
+      assert json_response(conn, :forbidden)
+    end
+  end
+
  describe "POST /api/pleroma/admin/email_invite, with valid config" do
    setup do
      registrations_open = Pleroma.Config.get([:instance, :registrations_open])