Moderators: reorganize :admin_api pipeline in Router

author Alex Gleason <alex@alexgleason.me>

Tue, 13 Jul 2021 03:00:44 +0000 (22:00 -0500)

committer Alex Gleason <alex@alexgleason.me>

Tue, 13 Jul 2021 03:11:32 +0000 (22:11 -0500)
author Alex Gleason <alex@alexgleason.me>
Tue, 13 Jul 2021 03:00:44 +0000 (22:00 -0500)
committer Alex Gleason <alex@alexgleason.me>
Tue, 13 Jul 2021 03:11:32 +0000 (22:11 -0500)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex

index 72ad14f052a39e56f10e8262e07406f52620f97b..919f4f510680a1f860e80fb292db7c1e95d96ff7 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -96,10 +96,14 @@ defmodule Pleroma.Web.Router do
      plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
      plug(:after_auth)
      plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
-    plug(Pleroma.Web.Plugs.UserIsAdminPlug)
+    plug(Pleroma.Web.Plugs.UserIsStaffPlug)
      plug(Pleroma.Web.Plugs.IdempotencyPlug)
    end
  
+  pipeline :require_admin do
+    plug(Pleroma.Web.Plugs.UserIsAdminPlug)
+  end
+
    pipeline :mastodon_html do
      plug(:browser)
      plug(:authenticate)
@@ -156,7 +160,7 @@ defmodule Pleroma.Web.Router do
    end
  
    scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
-    pipe_through(:admin_api)
+    pipe_through([:admin_api, :require_admin])
  
      put("/users/disable_mfa", AdminAPIController, :disable_mfa)
      put("/users/tag", AdminAPIController, :tag_users)
@@ -261,7 +265,7 @@ defmodule Pleroma.Web.Router do
  
    scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
      scope "/pack" do
-      pipe_through(:admin_api)
+      pipe_through([:admin_api, :require_admin])
  
        post("/", EmojiPackController, :create)
        patch("/", EmojiPackController, :update)
@@ -276,7 +280,7 @@ defmodule Pleroma.Web.Router do
  
      # Modifying packs
      scope "/packs" do
-      pipe_through(:admin_api)
+      pipe_through([:admin_api, :require_admin])
  
        get("/import", EmojiPackController, :import_from_filesystem)
        get("/remote", EmojiPackController, :remote)
diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs

index 6a2986b5ffd7c303af4f9d1d77615c0322923b8c..8102845d57a8ee61d038016c2f251bdafb3182dc 100644 (file)
--- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs
@@ -305,7 +305,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
          |> get("/api/pleroma/admin/reports")
  
        assert json_response(conn, :forbidden) ==
-               %{"error" => "User is not an admin."}
+               %{"error" => "User is not a staff member."}
      end
  
      test "returns 403 when requested by anonymous" do
author	Alex Gleason <alex@alexgleason.me>
	Tue, 13 Jul 2021 03:00:44 +0000 (22:00 -0500)
committer	Alex Gleason <alex@alexgleason.me>
	Tue, 13 Jul 2021 03:11:32 +0000 (22:11 -0500)
lib/pleroma/web/router.ex		patch \| blob \| history
test/pleroma/web/admin_api/controllers/report_controller_test.exs		patch \| blob \| history