EnsureStaffPrivilegedPlug: don't let non-moderators through

author Alex Gleason <alex@alexgleason.me>

Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)

committer Alex Gleason <alex@alexgleason.me>

Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)
author Alex Gleason <alex@alexgleason.me>
Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)
committer Alex Gleason <alex@alexgleason.me>
Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)
diff --git a/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex b/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex

index fe0a11decdfc3119f0ef3c0fe2264a68c411a165..c6ed456351f0acd74ab66bbb7b9b065272e98c2e 100644 (file)
--- a/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex
+++ b/lib/pleroma/web/plugs/ensure_staff_privileged_plug.ex
@@ -4,9 +4,8 @@
  
  defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
    @moduledoc """
-  Ensures if staff are privileged enough to do certain tasks
+  Ensures staff are privileged enough to do certain tasks.
    """
-
    import Pleroma.Web.TranslationHelpers
    import Plug.Conn
  
@@ -19,7 +18,7 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
  
    def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _), do: conn
  
-  def call(conn, _) do
+  def call(%{assigns: %{user: %User{is_moderator: true}}} = conn, _) do
      if Config.get!([:instance, :privileged_staff]) do
        conn
      else
@@ -28,4 +27,10 @@ defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug do
        |> halt()
      end
    end
+
+  def call(conn, _) do
+    conn
+    |> render_error(:forbidden, "User is not a staff member.")
+    |> halt()
+  end
  end
author	Alex Gleason <alex@alexgleason.me>
	Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)
committer	Alex Gleason <alex@alexgleason.me>
	Mon, 27 Dec 2021 23:18:26 +0000 (17:18 -0600)