git.squeep.com Git - akkoma/blob - lib/pleroma/web/admin_api/admin_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   6   @users_page_size 50
   7
   8   use Pleroma.Web, :controller
   9   alias Pleroma.User
  10   alias Pleroma.Web.ActivityPub.Relay
  11   alias Pleroma.Web.MastodonAPI.Admin.AccountView
  12
  13   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
  14
  15   require Logger
  16
  17   action_fallback(:errors)
  18
  19   def user_delete(conn, %{"nickname" => nickname}) do
  20     User.get_by_nickname(nickname)
  21     |> User.delete()
  22
  23     conn
  24     |> json(nickname)
  25   end
  26
  27   def user_create(
  28         conn,
  29         %{"nickname" => nickname, "email" => email, "password" => password}
  30       ) do
  31     user_data = %{
  32       nickname: nickname,
  33       name: nickname,
  34       email: email,
  35       password: password,
  36       password_confirmation: password,
  37       bio: "."
  38     }
  39
  40     changeset = User.register_changeset(%User{}, user_data, confirmed: true)
  41     {:ok, user} = User.register(changeset)
  42
  43     conn
  44     |> json(user.nickname)
  45   end
  46
  47   def user_toggle_activation(conn, %{"nickname" => nickname}) do
  48     user = User.get_by_nickname(nickname)
  49
  50     {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)
  51
  52     conn
  53     |> json(AccountView.render("show.json", %{user: updated_user}))
  54   end
  55
  56   def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  57     with {:ok, _} <- User.tag(nicknames, tags),
  58          do: json_response(conn, :no_content, "")
  59   end
  60
  61   def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  62     with {:ok, _} <- User.untag(nicknames, tags),
  63          do: json_response(conn, :no_content, "")
  64   end
  65
  66   def list_users(%{assigns: %{user: admin}} = conn, %{"page" => page_string}) do
  67     with {page, _} <- Integer.parse(page_string),
  68          users <- User.all(page, @users_page_size),
  69          count <- User.count_all_except_one(admin),
  70          do:
  71            conn
  72            |> json(
  73              AccountView.render("index.json", %{
  74                users: users,
  75                count: count,
  76                page_size: @users_page_size
  77              })
  78            )
  79   end
  80
  81   def search_users(%{assigns: %{user: admin}} = conn, %{"query" => term} = params) do
  82     users =
  83       User.search(term,
  84         query: User.maybe_local_user_query(params["local"] == "true"),
  85         resolve: true,
  86         for_user: admin,
  87         limit: @users_page_size
  88       )
  89
  90     conn
  91     |> json(
  92       AccountView.render("index.json", %{
  93         users: users,
  94         count: length(users),
  95         page_size: @users_page_size
  96       })
  97     )
  98   end
  99
 100   def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
 101       when permission_group in ["moderator", "admin"] do
 102     user = User.get_by_nickname(nickname)
 103
 104     info =
 105       %{}
 106       |> Map.put("is_" <> permission_group, true)
 107
 108     info_cng = User.Info.admin_api_update(user.info, info)
 109
 110     cng =
 111       user
 112       |> Ecto.Changeset.change()
 113       |> Ecto.Changeset.put_embed(:info, info_cng)
 114
 115     {:ok, _user} = User.update_and_set_cache(cng)
 116
 117     json(conn, info)
 118   end
 119
 120   def right_add(conn, _) do
 121     conn
 122     |> put_status(404)
 123     |> json(%{error: "No such permission_group"})
 124   end
 125
 126   def right_get(conn, %{"nickname" => nickname}) do
 127     user = User.get_by_nickname(nickname)
 128
 129     conn
 130     |> json(%{
 131       is_moderator: user.info.is_moderator,
 132       is_admin: user.info.is_admin
 133     })
 134   end
 135
 136   def right_delete(
 137         %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
 138         %{
 139           "permission_group" => permission_group,
 140           "nickname" => nickname
 141         }
 142       )
 143       when permission_group in ["moderator", "admin"] do
 144     if admin_nickname == nickname do
 145       conn
 146       |> put_status(403)
 147       |> json(%{error: "You can't revoke your own admin status."})
 148     else
 149       user = User.get_by_nickname(nickname)
 150
 151       info =
 152         %{}
 153         |> Map.put("is_" <> permission_group, false)
 154
 155       info_cng = User.Info.admin_api_update(user.info, info)
 156
 157       cng =
 158         Ecto.Changeset.change(user)
 159         |> Ecto.Changeset.put_embed(:info, info_cng)
 160
 161       {:ok, _user} = User.update_and_set_cache(cng)
 162
 163       json(conn, info)
 164     end
 165   end
 166
 167   def right_delete(conn, _) do
 168     conn
 169     |> put_status(404)
 170     |> json(%{error: "No such permission_group"})
 171   end
 172
 173   def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
 174     with {:ok, status} <- Ecto.Type.cast(:boolean, status),
 175          %User{} = user <- User.get_by_nickname(nickname),
 176          {:ok, _} <- User.deactivate(user, !status),
 177          do: json_response(conn, :no_content, "")
 178   end
 179
 180   def relay_follow(conn, %{"relay_url" => target}) do
 181     with {:ok, _message} <- Relay.follow(target) do
 182       json(conn, target)
 183     else
 184       _ ->
 185         conn
 186         |> put_status(500)
 187         |> json(target)
 188     end
 189   end
 190
 191   def relay_unfollow(conn, %{"relay_url" => target}) do
 192     with {:ok, _message} <- Relay.unfollow(target) do
 193       json(conn, target)
 194     else
 195       _ ->
 196         conn
 197         |> put_status(500)
 198         |> json(target)
 199     end
 200   end
 201
 202   @doc "Sends registration invite via email"
 203   def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
 204     with true <-
 205            Pleroma.Config.get([:instance, :invites_enabled]) &&
 206              !Pleroma.Config.get([:instance, :registrations_open]),
 207          {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
 208          email <-
 209            Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
 210          {:ok, _} <- Pleroma.Mailer.deliver(email) do
 211       json_response(conn, :no_content, "")
 212     end
 213   end
 214
 215   @doc "Get a account registeration invite token (base64 string)"
 216   def get_invite_token(conn, _params) do
 217     {:ok, token} = Pleroma.UserInviteToken.create_token()
 218
 219     conn
 220     |> json(token.token)
 221   end
 222
 223   @doc "Get a password reset token (base64 string) for given nickname"
 224   def get_password_reset(conn, %{"nickname" => nickname}) do
 225     (%User{local: true} = user) = User.get_by_nickname(nickname)
 226     {:ok, token} = Pleroma.PasswordResetToken.create_token(user)
 227
 228     conn
 229     |> json(token.token)
 230   end
 231
 232   def errors(conn, {:param_cast, _}) do
 233     conn
 234     |> put_status(400)
 235     |> json("Invalid parameters")
 236   end
 237
 238   def errors(conn, _) do
 239     conn
 240     |> put_status(500)
 241     |> json("Something went wrong")
 242   end
 243 end