- Authentication: Added rate limit for password-authorized actions / login existence checks
- Metadata Link: Atom syndication Feed
- Admin API: `/users/:nickname/toggle_activation` endpoint is now deprecated in favor of: `/users/activate`, `/users/deactivate`, both accept `nicknames` array
+- Admin API: `POST /api/pleroma/admin/users/:nickname/permission_group/:permission_group` / `DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group` are deprecated in favor of: `POST /api/pleroma/admin/users/permission_group/:permission_group` / `DELETE /api/pleroma/admin/users/permission_group/:permission_group` (both accept `nicknames` array)
+
### Changed
- **Breaking:** Elixir >=1.8 is now required (was >= 1.7)
- **Breaking:** Admin API: Return link alongside with token on password reset
-- **Breaking:** Admin API: `POST /users/permission_group/:permission_group` / `DELETE /users/permission_group/:permission_group` now accept `nicknames` array
- Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) and `Pleroma.Web.Federator.RetryQueue` with [Oban](https://github.com/sorentwo/oban) (see [`docs/config.md`](docs/config.md) on migrating customized worker / retry settings)
- Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler
- Admin API: Return `total` when querying for reports
}
```
+## DEPRECATED `POST /api/pleroma/admin/users/:nickname/permission_group/:permission_group`
+
+### Add user to permission group
+
+- Params: none
+- Response:
+ - On failure: `{"error": "…"}`
+ - On success: JSON of the `user.info`
+
## `POST /api/pleroma/admin/users/permission_group/:permission_group`
-### Add user in permission group
+### Add users to permission group
- Params:
- `nicknames`: nicknames array
- On failure: `{"error": "…"}`
- On success: JSON of the `user.info`
-## `DELETE /api/pleroma/admin/users/permission_group/:permission_group`
+## DEPRECATED `DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group`
### Remove user from permission group
+- Params: none
+- Response:
+ - On failure: `{"error": "…"}`
+ - On success: JSON of the `user.info`
+- Note: An admin cannot revoke their own admin status.
+
+## `DELETE /api/pleroma/admin/users/permission_group/:permission_group`
+
+### Remove users from permission group
+
- Params:
- `nicknames`: nicknames array
- Response:
|> Enum.into(%{}, &{&1, true})
end
- def right_add(%{assigns: %{user: admin}} = conn, %{
+ def right_add_multiple(%{assigns: %{user: admin}} = conn, %{
"permission_group" => permission_group,
"nicknames" => nicknames
})
json(conn, info)
end
+ def right_add_multiple(conn, _) do
+ render_error(conn, :not_found, "No such permission_group")
+ end
+
+ def right_add(%{assigns: %{user: admin}} = conn, %{
+ "permission_group" => permission_group,
+ "nickname" => nickname
+ })
+ when permission_group in ["moderator", "admin"] do
+ info = Map.put(%{}, "is_" <> permission_group, true)
+
+ {:ok, user} =
+ nickname
+ |> User.get_cached_by_nickname()
+ |> User.update_info(&User.Info.admin_api_update(&1, info))
+
+ ModerationLog.insert_log(%{
+ action: "grant",
+ actor: admin,
+ subject: [user],
+ permission: permission_group
+ })
+
+ json(conn, info)
+ end
+
def right_add(conn, _) do
render_error(conn, :not_found, "No such permission_group")
end
})
end
- def right_delete(
+ def right_delete_multiple(
%{assigns: %{user: %{nickname: admin_nickname} = admin}} = conn,
%{
"permission_group" => permission_group,
end
end
- def right_delete(conn, _) do
+ def right_delete_multiple(conn, _) do
render_error(conn, :not_found, "No such permission_group")
end
+ def right_delete(
+ %{assigns: %{user: admin}} = conn,
+ %{
+ "permission_group" => permission_group,
+ "nickname" => nickname
+ }
+ )
+ when permission_group in ["moderator", "admin"] do
+ info = Map.put(%{}, "is_" <> permission_group, false)
+
+ {:ok, user} =
+ nickname
+ |> User.get_cached_by_nickname()
+ |> User.update_info(&User.Info.admin_api_update(&1, info))
+
+ ModerationLog.insert_log(%{
+ action: "revoke",
+ actor: admin,
+ subject: [user],
+ permission: permission_group
+ })
+
+ json(conn, info)
+ end
+
+ def right_delete(%{assigns: %{user: %{nickname: nickname}}} = conn, %{"nickname" => nickname}) do
+ render_error(conn, :forbidden, "You can't revoke your own admin status.")
+ end
+
def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do
with {:ok, _message} <- Relay.follow(target) do
ModerationLog.insert_log(%{
get("/users/:nickname/permission_group", AdminAPIController, :right_get)
get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
- post("/users/permission_group/:permission_group", AdminAPIController, :right_add)
- delete("/users/permission_group/:permission_group", AdminAPIController, :right_delete)
+
+ post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)
+
+ delete(
+ "/users/:nickname/permission_group/:permission_group",
+ AdminAPIController,
+ :right_delete
+ )
+
+ post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)
+
+ delete(
+ "/users/permission_group/:permission_group",
+ AdminAPIController,
+ :right_delete_multiple
+ )
post("/relay", AdminAPIController, :relay_follow)
delete("/relay", AdminAPIController, :relay_unfollow)
end
test "/:right POST, can add to a permission group" do
+ admin = insert(:user, info: %{is_admin: true})
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
+
+ assert json_response(conn, 200) == %{
+ "is_admin" => true
+ }
+
+ log_entry = Repo.one(ModerationLog)
+
+ assert ModerationLog.get_log_entry_message(log_entry) ==
+ "@#{admin.nickname} made @#{user.nickname} admin"
+ end
+
+ test "/:right POST, can add to a permission group (multiple)" do
admin = insert(:user, info: %{is_admin: true})
user_one = insert(:user)
user_two = insert(:user)
end
test "/:right DELETE, can remove from a permission group" do
+ admin = insert(:user, info: %{is_admin: true})
+ user = insert(:user, info: %{is_admin: true})
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
+
+ assert json_response(conn, 200) == %{
+ "is_admin" => false
+ }
+
+ log_entry = Repo.one(ModerationLog)
+
+ assert ModerationLog.get_log_entry_message(log_entry) ==
+ "@#{admin.nickname} revoked admin role from @#{user.nickname}"
+ end
+
+ test "/:right DELETE, can remove from a permission group (multiple)" do
admin = insert(:user, info: %{is_admin: true})
user_one = insert(:user, info: %{is_admin: true})
user_two = insert(:user, info: %{is_admin: true})
projects / akkoma / commitdiff