Merge remote-tracking branch 'remotes/origin/develop' into 2168-media-preview-proxy

[akkoma] / lib / pleroma / web / admin_api / admin_api_controller.ex
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex

index 9f1fd3aeb334f273577a189f460cb55229937096..451dc92d6766d3896659ce972872bf616a85fca1 100644 (file)
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@@ -37,7 +37,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  
    require Logger
  
-  @descriptions_json Pleroma.Docs.JSON.compile()
+  @descriptions Pleroma.Docs.JSON.compile()
    @users_page_size 50
  
    plug(
@@ -844,15 +844,20 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    end
  
    def status_update(%{assigns: %{user: admin}} = conn, %{"id" => id} = params) do
+    params =
+      params
+      |> Map.take(["sensitive", "visibility"])
+      |> Map.new(fn {key, value} -> {String.to_existing_atom(key), value} end)
+
      with {:ok, activity} <- CommonAPI.update_activity_scope(id, params) do
-      {:ok, sensitive} = Ecto.Type.cast(:boolean, params["sensitive"])
+      {:ok, sensitive} = Ecto.Type.cast(:boolean, params[:sensitive])
  
        ModerationLog.insert_log(%{
          action: "status_update",
          actor: admin,
          subject: activity,
          sensitive: sensitive,
-        visibility: params["visibility"]
+        visibility: params[:visibility]
        })
  
        conn
@@ -892,9 +897,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    end
  
    def config_descriptions(conn, _params) do
-    conn
-    |> Plug.Conn.put_resp_content_type("application/json")
-    |> Plug.Conn.send_resp(200, @descriptions_json)
+    descriptions = Enum.filter(@descriptions, &whitelisted_config?/1)
+
+    json(conn, descriptions)
    end
  
    def config_show(conn, %{"only_db" => true}) do
@@ -949,7 +954,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    def config_update(conn, %{"configs" => configs}) do
      with :ok <- configurable_from_database(conn) do
        {_errors, results} =
-        Enum.map(configs, fn
+        configs
+        |> Enum.filter(&whitelisted_config?/1)
+        |> Enum.map(fn
            %{"group" => group, "key" => key, "delete" => true} = params ->
              ConfigDB.delete(%{group: group, key: key, subkeys: params["subkeys"]})
  
@@ -1011,6 +1018,28 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
      end
    end
  
+  defp whitelisted_config?(group, key) do
+    if whitelisted_configs = Config.get(:database_config_whitelist) do
+      Enum.any?(whitelisted_configs, fn
+        {whitelisted_group} ->
+          group == inspect(whitelisted_group)
+
+        {whitelisted_group, whitelisted_key} ->
+          group == inspect(whitelisted_group) && key == inspect(whitelisted_key)
+      end)
+    else
+      true
+    end
+  end
+
+  defp whitelisted_config?(%{"group" => group, "key" => key}) do
+    whitelisted_config?(group, key)
+  end
+
+  defp whitelisted_config?(%{:group => group} = config) do
+    whitelisted_config?(group, config[:key])
+  end
+
    def reload_emoji(conn, _params) do
      Pleroma.Emoji.reload()