AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)

author: Maxim Filippov <colixer@gmail.com> 2019-07-24 01:50:09 +0300
committer: Maxim Filippov <colixer@gmail.com> 2019-07-24 01:51:36 +0300
commit: 03471151d6089e318abaf5265d42ffedf7a5b902 (patch)
tree: 189ceea2d1c293016e3a1b067425f65eb1390a8c
parent: 14ab2fd0f43f0f8338f685d2ea599479e1e103bf (diff)
download: pleroma-03471151d6089e318abaf5265d42ffedf7a5b902.tar.gz
5 files changed, 47 insertions, 7 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3a0f2cdc9..6c9381b45 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set
 - NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option
 - Mastodon API: Unsubscribe followers when they unfollow a user
+- AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
 
 ### Fixed
 - Not being able to pin unlisted posts
diff --git a/docs/api/admin_api.md b/docs/api/admin_api.md
index 3880af218..98968c1a6 100644
--- a/docs/api/admin_api.md
+++ b/docs/api/admin_api.md
@@ -195,6 +195,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 - Params:
   - `nickname` or `id`
   - *optional* `page_size`: number of statuses to return (default is `20`)
+  - *optional* `godmode`: `true`/`false` – allows to see private statuses
 - Response:
   - On failure: `Not found`
   - On success: JSON array of user's latest statuses
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 31397b09f..a42c50875 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -631,17 +631,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
       |> Map.put("pinned_activity_ids", user.info.pinned_activities)
 
     recipients =
-      if reading_user do
-        ["https://www.w3.org/ns/activitystreams#Public"] ++
-          [reading_user.ap_id | reading_user.following]
-      else
-        ["https://www.w3.org/ns/activitystreams#Public"]
-      end
+      user_activities_recipients(%{
+        "godmode" => params["godmode"],
+        "reading_user" => reading_user
+      })
 
     fetch_activities(recipients, params)
     |> Enum.reverse()
   end
 
+  defp user_activities_recipients(%{"godmode" => true}) do
+    []
+  end
+
+  defp user_activities_recipients(%{"reading_user" => reading_user}) do
+    if reading_user do
+      ["https://www.w3.org/ns/activitystreams#Public"] ++
+        [reading_user.ap_id | reading_user.following]
+    else
+      ["https://www.w3.org/ns/activitystreams#Public"]
+    end
+  end
+
   defp restrict_since(query, %{"since_id" => ""}), do: query
 
   defp restrict_since(query, %{"since_id" => since_id}) do
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex
index 64ad7e8e2..5c64bb81b 100644
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@@ -83,12 +83,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   end
 
   def list_user_statuses(conn, %{"nickname" => nickname} = params) do
+    godmode = params["godmode"] == "true" || params["godmode"] == true
+
     with %User{} = user <- User.get_cached_by_nickname_or_id(nickname) do
       {_, page_size} = page_params(params)
 
       activities =
         ActivityPub.fetch_user_activities(user, nil, %{
-          "limit" => page_size
+          "limit" => page_size,
+          "godmode" => godmode
         })
 
       conn
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 25e062878..20d5268a2 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -1934,6 +1934,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       assert json_response(conn, 200) |> length() == 2
     end
+
+    test "doesn't return private statuses by default", %{conn: conn, user: user} do
+      {:ok, _private_status} =
+        CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+
+      {:ok, _public_status} =
+        CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
+
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
+
+      assert json_response(conn, 200) |> length() == 4
+    end
+
+    test "returns private statuses with godmode on", %{conn: conn, user: user} do
+      {:ok, _private_status} =
+        CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+
+      {:ok, _public_status} =
+        CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
+
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?godmode=true")
+
+      assert json_response(conn, 200) |> length() == 5
+    end
   end
 end
author	Maxim Filippov <colixer@gmail.com>	2019-07-24 01:50:09 +0300
committer	Maxim Filippov <colixer@gmail.com>	2019-07-24 01:51:36 +0300
commit	03471151d6089e318abaf5265d42ffedf7a5b902 (patch)
tree	189ceea2d1c293016e3a1b067425f65eb1390a8c
parent	14ab2fd0f43f0f8338f685d2ea599479e1e103bf (diff)
download	pleroma-03471151d6089e318abaf5265d42ffedf7a5b902.tar.gz