Add priviledges for :statuses_read - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: b1ff5241c21dac58ec1f9171de26772debfdb283
parent 8a9144ca8b8e17df509dc8ac3934656b7dac8d77
Author: Ilja <ilja@ilja.space>
Date:   Thu, 26 May 2022 14:21:14 +0200

Add priviledges for :statuses_read

This was the last in :require_privileged_staff. I'll remove that in the next commit

Diffstat:
M lib/pleroma/web/router.ex 18 ++++++++++++++----
M test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs 27 ++++++++++++++++++++++++---
M test/pleroma/web/admin_api/controllers/chat_controller_test.exs 26 ++++++++++++++++++++++++--
M test/pleroma/web/admin_api/controllers/status_controller_test.exs 12 ++++++++++++

4 files changed, 74 insertions(+), 9 deletions(-)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -119,6 +119,11 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_credentials)
   end
 
+  pipeline :require_privileged_role_statuses_read do
+    plug(:admin_api)
+    plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statuses_read)
+  end
+
   pipeline :pleroma_html do
     plug(:browser)
     plug(:authenticate)
@@ -242,22 +247,22 @@ defmodule Pleroma.Web.Router do
 
   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
-    pipe_through([:admin_api, :require_privileged_role_user_deletion])
+    pipe_through(:require_privileged_role_user_deletion)
 
     delete("/users", UserController, :delete)
   end
 
   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
-    pipe_through([:admin_api, :require_privileged_role_user_credentials])
+    pipe_through(:require_privileged_role_user_credentials)
 
     get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
     patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
   end
 
-  # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
+  # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
-    pipe_through([:admin_api, :require_privileged_staff])
+    pipe_through(:require_privileged_role_statuses_read)
 
     get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)
     get("/users/:nickname/chats", AdminAPIController, :list_user_chats)
@@ -268,6 +273,11 @@ defmodule Pleroma.Web.Router do
     get("/chats/:id/messages", ChatController, :messages)
   end
 
+  # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
+  scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
+    pipe_through([:admin_api, :require_privileged_staff])
+  end
+
   # AdminAPI: admins and mods (staff) can perform these actions
   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
     pipe_through(:admin_api)
diff --git a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
@@ -359,6 +359,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /api/pleroma/admin/users/:nickname/statuses" do
     setup do
+      clear_config([:instance, :admin_privileges], [:statuses_read])
+
       user = insert(:user)
 
       insert(:note_activity, user: user)
@@ -375,6 +377,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert length(activities) == 3
     end
 
+    test "it requires privileged role :statuses_read", %{conn: conn, user: user} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "renders user's statuses with pagination", %{conn: conn, user: user} do
       %{"total" => 3, "activities" => [activity1]} =
         conn
@@ -436,20 +446,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /api/pleroma/admin/users/:nickname/chats" do
     setup do
+      clear_config([:instance, :admin_privileges], [:statuses_read])
+
       user = insert(:user)
+
+      %{user: user}
+    end
+
+    test "renders user's chats", %{conn: conn, user: user} do
       recipients = insert_list(3, :user)
 
       Enum.each(recipients, fn recipient ->
         CommonAPI.post_chat_message(user, recipient, "yo")
       end)
 
-      %{user: user}
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
+
+      assert json_response(conn, 200) |> length() == 3
     end
 
-    test "renders user's chats", %{conn: conn, user: user} do
+    test "it requires privileged role :statuses_read", %{conn: conn, user: user} do
+      clear_config([:instance, :admin_privileges], [])
+
       conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
 
-      assert json_response(conn, 200) |> length() == 3
+      assert json_response(conn, :forbidden)
     end
   end
 
diff --git a/test/pleroma/web/admin_api/controllers/chat_controller_test.exs b/test/pleroma/web/admin_api/controllers/chat_controller_test.exs
@@ -63,7 +63,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
   end
 
   describe "GET /api/pleroma/admin/chats/:id/messages" do
-    setup do: admin_setup()
+    setup do
+      clear_config([:instance, :admin_privileges], [:statuses_read])
+      admin_setup()
+    end
 
     test "it paginates", %{conn: conn} do
       user = insert(:user)
@@ -114,10 +117,21 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
 
       assert length(result) == 3
     end
+
+    test "it requires privileged role :statuses_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/chats/:id" do
-    setup do: admin_setup()
+    setup do
+      clear_config([:instance, :admin_privileges], [:statuses_read])
+      admin_setup()
+    end
 
     test "it returns a chat", %{conn: conn} do
       user = insert(:user)
@@ -135,6 +149,14 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
       assert %{} = result["receiver"]
       refute result["account"]
     end
+
+    test "it requires privileged role :statuses_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/chats/some_id")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   describe "unauthorized chat moderation" do
diff --git a/test/pleroma/web/admin_api/controllers/status_controller_test.exs b/test/pleroma/web/admin_api/controllers/status_controller_test.exs
@@ -152,6 +152,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
   end
 
   describe "GET /api/pleroma/admin/statuses" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:statuses_read])
+    end
+
     test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
       blocked = insert(:user)
       user = insert(:user)
@@ -197,5 +201,13 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
       conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
       assert json_response_and_validate_schema(conn, 200) |> length() == 3
     end
+
+    test "it requires privileged role :statuses_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/statuses")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 end

M	lib/pleroma/web/router.ex	18	++++++++++++++----
M	test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs	27	++++++++++++++++++++++++---
M	test/pleroma/web/admin_api/controllers/chat_controller_test.exs	26	++++++++++++++++++++++++--
M	test/pleroma/web/admin_api/controllers/status_controller_test.exs	12	++++++++++++