Authentication is required and the user must be an admin.
+Configuration options:
+
+* `[:auth, :enforce_oauth_admin_scope_usage]` — OAuth admin scope requirement toggle.
+ If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token (client app must support admin scopes).
+ If `false` and token doesn't have admin scope(s), `is_admin` user flag grants access to admin-specific actions.
+ Note that client app needs to explicitly support admin scopes and request them when obtaining auth token.
+
## `GET /api/pleroma/admin/users`
### List users
import Pleroma.Web.TranslationHelpers
import Plug.Conn
- alias Pleroma.User
alias Pleroma.Web.OAuth
def init(options) do
options
end
+ unless Pleroma.Config.enforce_oauth_admin_scope_usage?() do
+ # To do: once AdminFE makes use of "admin" scope, disable the following func definition
+ # (fail on no admin scope(s) in token even if `is_admin` is true)
+ def call(%Plug.Conn{assigns: %{user: %Pleroma.User{is_admin: true}}} = conn, _) do
+ conn
+ end
+ end
+
def call(%Plug.Conn{assigns: %{token: %OAuth.Token{scopes: oauth_scopes} = _token}} = conn, _) do
if OAuth.Scopes.contains_admin_scopes?(oauth_scopes) do
# Note: checking for _any_ admin scope presence, not necessarily fitting requested action.
end
end
- unless Pleroma.Config.enforce_oauth_admin_scope_usage?() do
- # To do: once AdminFE makes use of "admin" scope, disable the following func definition
- # (fail on no admin scope(s) in token even if `is_admin` is true)
- def call(%Plug.Conn{assigns: %{user: %User{is_admin: true}}} = conn, _) do
- conn
- end
- end
-
def call(conn, _) do
fail(conn)
end
projects / akkoma / commitdiff