Merge branch 'ensure-staff-privileged-strict' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 52a3f0f08bd265139c8cc8ef76a03cfee924ab5e
parent 264f0fde1b9f0cbaf7679eeb59938eb9ca653779
Author: Alex Gleason <alex@alexgleason.me>
Date:   Tue, 28 Dec 2021 00:53:11 +0000

Merge branch 'ensure-staff-privileged-strict' into 'develop'

EnsureStaffPrivilegedPlug: don't let non-moderators through

See merge request pleroma/pleroma!3582
Diffstat:
M lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex 11 ++++++++---

1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex b/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex
@@ -4,9 +4,8 @@
 
 defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
   @moduledoc """
-  Ensures if staff are privileged enough to do certain tasks
+  Ensures staff are privileged enough to do certain tasks.
   """
-
   import Pleroma.Web.TranslationHelpers
   import Plug.Conn
 
@@ -19,7 +18,7 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
 
   def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
 
-  def call(conn, _) do
+  def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
     if Config.get!([:instance, :privileged_staff]) do
       conn
     else
@@ -28,4 +27,10 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
       |> halt()
     end
   end
+
+  def call(conn, _) do
+    conn
+    |> render_error(:forbidden, "User is not a staff member.")
+    |> halt()
+  end
 end