commit: 34a98990dba1e021a75a23b225cff22af23f5ca2
parent 4cb0dbb5dce93ebc6c638c99eab13d0d2c02667c
Author: Ilja <ilja@ilja.space>
Date: Sat, 11 Jun 2022 09:38:43 +0200
last off :statuses_read
From the endpoints left to do, I believe these should be under :statuses_read.
These should be the last for that privilege for this MR
Diffstat:
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -292,6 +292,10 @@ defmodule Pleroma.Web.Router do
get("/chats/:id", ChatController, :show)
get("/chats/:id/messages", ChatController, :messages)
+
+ get("/instances/:instance/statuses", InstanceController, :list_statuses)
+
+ get("/statuses/:id", StatusController, :show)
end
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
@@ -345,10 +349,8 @@ defmodule Pleroma.Web.Router do
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through(:admin_api)
- get("/instances/:instance/statuses", InstanceController, :list_statuses)
delete("/instances/:instance", InstanceController, :delete)
- get("/statuses/:id", StatusController, :show)
put("/statuses/:id", StatusController, :update)
delete("/statuses/:id", StatusController, :delete)
diff --git a/test/pleroma/web/admin_api/controllers/instance_controller_test.exs b/test/pleroma/web/admin_api/controllers/instance_controller_test.exs
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
- use Pleroma.Web.ConnCase
+ use Pleroma.Web.ConnCase, async: false
use Oban.Testing, repo: Pleroma.Repo
import Pleroma.Factory
@@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
end
test "GET /instances/:instance/statuses", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [:statuses_read])
user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
insert_pair(:note_activity, user: user)
@@ -60,6 +61,10 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
|> json_response(200)
assert length(activities) == 3
+
+ clear_config([:instance, :admin_privileges], [])
+
+ conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden)
end
test "DELETE /instances/:instance", %{conn: conn} do
diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs
@@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
end
describe "GET /api/pleroma/admin/statuses/:id" do
+ setup do
+ clear_config([:instance, :admin_privileges], [:statuses_read])
+ end
+
test "not found", %{conn: conn} do
assert conn
|> get("/api/pleroma/admin/statuses/not_found")
@@ -50,6 +54,12 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
assert account["is_active"] == actor.is_active
assert account["is_confirmed"] == actor.is_confirmed
end
+
+ test "denies reading activity when not privileged", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
+ end
end
describe "PUT /api/pleroma/admin/statuses/:id" do
