1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.UserIsAdminPlug do
6 import Pleroma.Web.TranslationHelpers
9 alias Pleroma.Web.OAuth
15 def call(%Plug.Conn{assigns: assigns} = conn, _) do
16 token = assigns[:token]
20 token && OAuth.Scopes.contains_admin_scopes?(token.scopes) ->
21 # Note: checking for _any_ admin scope presence, not necessarily fitting requested action.
22 # Thus, controller must explicitly invoke OAuthScopesPlug to verify scope requirements.
25 user && user.is_admin && !Pleroma.Config.enforce_oauth_admin_scope_usage?() ->
30 |> render_error(:forbidden, "User is not an admin or OAuth admin scope is not granted.")