logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: cbb26262a5957d3a72bef383a394bb3b2ad0215d
parent 3f26f1b30fe605635e3faf610f813f3ae3ad43ec
Author: Ilja <ilja@ilja.space>
Date:   Sat, 28 May 2022 12:15:36 +0200

Add privileges for :user_read


Diffstat:


Mconfig/config.exs3++-


Mconfig/description.exs6++++--


Mlib/pleroma/web/router.ex14++++++++++++--


Mtest/pleroma/web/admin_api/controllers/user_controller_test.exs115++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------


4 files changed, 88 insertions(+), 50 deletions(-)

diff --git a/config/config.exs b/config/config.exs
@@ -263,7 +263,8 @@ config :pleroma, :instance,
     :user_tag,
     :user_activation,
     :user_invite,
-    :report_handle
+    :report_handle,
+    :user_read
   ],
   moderator_privileges: [],
   max_endorsed_users: 20,
diff --git a/config/description.exs b/config/description.exs
@@ -970,7 +970,8 @@ config :pleroma, :config_description, [
           :user_tag,
           :user_activation,
           :user_invite,
-          :report_handle
+          :report_handle,
+          :user_read
         ],
         description:
           "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
@@ -985,7 +986,8 @@ config :pleroma, :config_description, [
           :user_tag,
           :user_activation,
           :user_invite,
-          :report_handle
+          :report_handle,
+          :user_read
         ],
         description:
           "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -140,6 +140,11 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle)
   end
 
+  pipeline :require_privileged_role_user_read do
+    plug(:admin_api)
+    plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read)
+  end
+
   pipeline :pleroma_html do
     plug(:browser)
     plug(:authenticate)
@@ -328,12 +333,17 @@ defmodule Pleroma.Web.Router do
     delete("/reports/:report_id/notes/:id", ReportController, :notes_delete)
   end
 
-  # AdminAPI: admins and mods (staff) can perform these actions
+  # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
-    pipe_through(:admin_api)
+    pipe_through(:require_privileged_role_user_read)
 
     get("/users", UserController, :index)
     get("/users/:nickname", UserController, :show)
+  end
+
+  # AdminAPI: admins and mods (staff) can perform these actions
+  scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
+    pipe_through(:admin_api)
 
     get("/instances/:instance/statuses", InstanceController, :list_statuses)
     delete("/instances/:instance", InstanceController, :delete)
diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs
@@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
   end
 
   test "with valid `admin_token` query parameter, skips OAuth scopes check" do
+    clear_config([:instance, :admin_privileges], [:user_read])
     clear_config([:admin_token], "password123")
 
     user = insert(:user)
@@ -47,50 +48,6 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     assert json_response_and_validate_schema(conn, 200)
   end
 
-  test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
-       %{admin: admin} do
-    user = insert(:user)
-    url = "/api/pleroma/admin/users/#{user.nickname}"
-
-    good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-    good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-    good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-
-    bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-    bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-    bad_token3 = nil
-
-    for good_token <- [good_token1, good_token2, good_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, admin)
-        |> assign(:token, good_token)
-        |> get(url)
-
-      assert json_response_and_validate_schema(conn, 200)
-    end
-
-    for good_token <- [good_token1, good_token2, good_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, nil)
-        |> assign(:token, good_token)
-        |> get(url)
-
-      assert json_response(conn, :forbidden)
-    end
-
-    for bad_token <- [bad_token1, bad_token2, bad_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, admin)
-        |> assign(:token, bad_token)
-        |> get(url)
-
-      assert json_response_and_validate_schema(conn, :forbidden)
-    end
-  end
-
   describe "DELETE /api/pleroma/admin/users" do
     test "single user", %{admin: admin, conn: conn} do
       clear_config([:instance, :federating], true)
@@ -321,7 +278,19 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     end
   end
 
-  describe "/api/pleroma/admin/users/:nickname" do
+  describe "GET /api/pleroma/admin/users/:nickname" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:user_read])
+    end
+
+    test "returns 403 if not privileged with :user_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/user.nickname")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "Show", %{conn: conn} do
       user = insert(:user)
 
@@ -337,6 +306,50 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
 
       assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404)
     end
+
+    test "requires admin:read:accounts or broader scope",
+         %{admin: admin} do
+      user = insert(:user)
+      url = "/api/pleroma/admin/users/#{user.nickname}"
+
+      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+      bad_token3 = nil
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response_and_validate_schema(conn, 200)
+      end
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, nil)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response(conn, :forbidden)
+      end
+
+      for bad_token <- [bad_token1, bad_token2, bad_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, bad_token)
+          |> get(url)
+
+        assert json_response_and_validate_schema(conn, :forbidden)
+      end
+    end
   end
 
   describe "/api/pleroma/admin/users/follow" do
@@ -392,6 +405,18 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
   end
 
   describe "GET /api/pleroma/admin/users" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:user_read])
+    end
+
+    test "returns 403 if not privileged with :user_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users?page=1")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "renders users array for the first page", %{conn: conn, admin: admin} do
       user = insert(:user, local: false, tags: ["foo", "bar"])
       user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude")