git.squeep.com Git - akkoma/blob - lib/pleroma/web/admin_api/admin_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   6   @users_page_size 50
   7
   8   use Pleroma.Web, :controller
   9   alias Pleroma.User
  10   alias Pleroma.Web.ActivityPub.Relay
  11   alias Pleroma.Web.MastodonAPI.Admin.AccountView
  12
  13   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
  14
  15   require Logger
  16
  17   action_fallback(:errors)
  18
  19   def user_delete(conn, %{"nickname" => nickname}) do
  20     User.get_by_nickname(nickname)
  21     |> User.delete()
  22
  23     conn
  24     |> json(nickname)
  25   end
  26
  27   def user_create(
  28         conn,
  29         %{"nickname" => nickname, "email" => email, "password" => password}
  30       ) do
  31     user_data = %{
  32       nickname: nickname,
  33       name: nickname,
  34       email: email,
  35       password: password,
  36       password_confirmation: password,
  37       bio: "."
  38     }
  39
  40     changeset = User.register_changeset(%User{}, user_data, confirmed: true)
  41     {:ok, user} = User.register(changeset)
  42
  43     conn
  44     |> json(user.nickname)
  45   end
  46
  47   def user_toggle_activation(conn, %{"nickname" => nickname}) do
  48     user = User.get_by_nickname(nickname)
  49
  50     {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)
  51
  52     conn
  53     |> json(AccountView.render("show.json", %{user: updated_user}))
  54   end
  55
  56   def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  57     with {:ok, _} <- User.tag(nicknames, tags),
  58          do: json_response(conn, :no_content, "")
  59   end
  60
  61   def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  62     with {:ok, _} <- User.untag(nicknames, tags),
  63          do: json_response(conn, :no_content, "")
  64   end
  65
  66   def list_users(%{assigns: %{user: admin}} = conn, params) do
  67     {page, page_size} = page_params(params)
  68
  69     with {:ok, users, count} <-
  70            User.search_for_admin(%{
  71              query: params["query"],
  72              admin: admin,
  73              local: params["local_only"] == "true",
  74              page: page,
  75              page_size: page_size
  76            }),
  77          do:
  78            conn
  79            |> json(
  80              AccountView.render("index.json",
  81                users: users,
  82                count: count,
  83                page_size: page_size
  84              )
  85            )
  86   end
  87
  88   def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
  89       when permission_group in ["moderator", "admin"] do
  90     user = User.get_by_nickname(nickname)
  91
  92     info =
  93       %{}
  94       |> Map.put("is_" <> permission_group, true)
  95
  96     info_cng = User.Info.admin_api_update(user.info, info)
  97
  98     cng =
  99       user
 100       |> Ecto.Changeset.change()
 101       |> Ecto.Changeset.put_embed(:info, info_cng)
 102
 103     {:ok, _user} = User.update_and_set_cache(cng)
 104
 105     json(conn, info)
 106   end
 107
 108   def right_add(conn, _) do
 109     conn
 110     |> put_status(404)
 111     |> json(%{error: "No such permission_group"})
 112   end
 113
 114   def right_get(conn, %{"nickname" => nickname}) do
 115     user = User.get_by_nickname(nickname)
 116
 117     conn
 118     |> json(%{
 119       is_moderator: user.info.is_moderator,
 120       is_admin: user.info.is_admin
 121     })
 122   end
 123
 124   def right_delete(
 125         %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
 126         %{
 127           "permission_group" => permission_group,
 128           "nickname" => nickname
 129         }
 130       )
 131       when permission_group in ["moderator", "admin"] do
 132     if admin_nickname == nickname do
 133       conn
 134       |> put_status(403)
 135       |> json(%{error: "You can't revoke your own admin status."})
 136     else
 137       user = User.get_by_nickname(nickname)
 138
 139       info =
 140         %{}
 141         |> Map.put("is_" <> permission_group, false)
 142
 143       info_cng = User.Info.admin_api_update(user.info, info)
 144
 145       cng =
 146         Ecto.Changeset.change(user)
 147         |> Ecto.Changeset.put_embed(:info, info_cng)
 148
 149       {:ok, _user} = User.update_and_set_cache(cng)
 150
 151       json(conn, info)
 152     end
 153   end
 154
 155   def right_delete(conn, _) do
 156     conn
 157     |> put_status(404)
 158     |> json(%{error: "No such permission_group"})
 159   end
 160
 161   def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
 162     with {:ok, status} <- Ecto.Type.cast(:boolean, status),
 163          %User{} = user <- User.get_by_nickname(nickname),
 164          {:ok, _} <- User.deactivate(user, !status),
 165          do: json_response(conn, :no_content, "")
 166   end
 167
 168   def relay_follow(conn, %{"relay_url" => target}) do
 169     with {:ok, _message} <- Relay.follow(target) do
 170       json(conn, target)
 171     else
 172       _ ->
 173         conn
 174         |> put_status(500)
 175         |> json(target)
 176     end
 177   end
 178
 179   def relay_unfollow(conn, %{"relay_url" => target}) do
 180     with {:ok, _message} <- Relay.unfollow(target) do
 181       json(conn, target)
 182     else
 183       _ ->
 184         conn
 185         |> put_status(500)
 186         |> json(target)
 187     end
 188   end
 189
 190   @doc "Sends registration invite via email"
 191   def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
 192     with true <-
 193            Pleroma.Config.get([:instance, :invites_enabled]) &&
 194              !Pleroma.Config.get([:instance, :registrations_open]),
 195          {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
 196          email <-
 197            Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
 198          {:ok, _} <- Pleroma.Mailer.deliver(email) do
 199       json_response(conn, :no_content, "")
 200     end
 201   end
 202
 203   @doc "Get a account registeration invite token (base64 string)"
 204   def get_invite_token(conn, _params) do
 205     {:ok, token} = Pleroma.UserInviteToken.create_token()
 206
 207     conn
 208     |> json(token.token)
 209   end
 210
 211   @doc "Get a password reset token (base64 string) for given nickname"
 212   def get_password_reset(conn, %{"nickname" => nickname}) do
 213     (%User{local: true} = user) = User.get_by_nickname(nickname)
 214     {:ok, token} = Pleroma.PasswordResetToken.create_token(user)
 215
 216     conn
 217     |> json(token.token)
 218   end
 219
 220   def errors(conn, {:param_cast, _}) do
 221     conn
 222     |> put_status(400)
 223     |> json("Invalid parameters")
 224   end
 225
 226   def errors(conn, _) do
 227     conn
 228     |> put_status(500)
 229     |> json("Something went wrong")
 230   end
 231
 232   defp page_params(params) do
 233     {get_page(params["page"]), get_page_size(params["page_size"])}
 234   end
 235
 236   defp get_page(page_string) when is_nil(page_string), do: 1
 237
 238   defp get_page(page_string) do
 239     case Integer.parse(page_string) do
 240       {page, _} -> page
 241       :error -> 1
 242     end
 243   end
 244
 245   defp get_page_size(page_size_string) when is_nil(page_size_string), do: @users_page_size
 246
 247   defp get_page_size(page_size_string) do
 248     case Integer.parse(page_size_string) do
 249       {page_size, _} -> page_size
 250       :error -> @users_page_size
 251     end
 252   end
 253 end