diff options
| author | Maxim Filippov <colixer@gmail.com> | 2019-10-11 15:58:45 +0300 |
|---|---|---|
| committer | Maxim Filippov <colixer@gmail.com> | 2019-10-11 15:58:45 +0300 |
| commit | aaa4252f416fbad099f95232de4cf6eab11dd7d2 (patch) | |
| tree | 0863e0cb8b46fce86e4f974ee4d3424c50a19070 /lib | |
| parent | f5104f36bbec7d49d4ff5acee4b9d28223c6474d (diff) | |
| download | pleroma-aaa4252f416fbad099f95232de4cf6eab11dd7d2.tar.gz | |
Deprecate POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group instead of deleting it
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/admin_api/admin_api_controller.ex | 61 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 18 |
2 files changed, 74 insertions, 5 deletions
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 5b513bd7c..33e2180ec 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -345,7 +345,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> Enum.into(%{}, &{&1, true}) end - def right_add(%{assigns: %{user: admin}} = conn, %{ + def right_add_multiple(%{assigns: %{user: admin}} = conn, %{ "permission_group" => permission_group, "nicknames" => nicknames }) @@ -366,6 +366,32 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do json(conn, info) end + def right_add_multiple(conn, _) do + render_error(conn, :not_found, "No such permission_group") + end + + def right_add(%{assigns: %{user: admin}} = conn, %{ + "permission_group" => permission_group, + "nickname" => nickname + }) + when permission_group in ["moderator", "admin"] do + info = Map.put(%{}, "is_" <> permission_group, true) + + {:ok, user} = + nickname + |> User.get_cached_by_nickname() + |> User.update_info(&User.Info.admin_api_update(&1, info)) + + ModerationLog.insert_log(%{ + action: "grant", + actor: admin, + subject: [user], + permission: permission_group + }) + + json(conn, info) + end + def right_add(conn, _) do render_error(conn, :not_found, "No such permission_group") end @@ -380,7 +406,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do }) end - def right_delete( + def right_delete_multiple( %{assigns: %{user: %{nickname: admin_nickname} = admin}} = conn, %{ "permission_group" => permission_group, @@ -408,10 +434,39 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end end - def right_delete(conn, _) do + def right_delete_multiple(conn, _) do render_error(conn, :not_found, "No such permission_group") end + def right_delete( + %{assigns: %{user: admin}} = conn, + %{ + "permission_group" => permission_group, + "nickname" => nickname + } + ) + when permission_group in ["moderator", "admin"] do + info = Map.put(%{}, "is_" <> permission_group, false) + + {:ok, user} = + nickname + |> User.get_cached_by_nickname() + |> User.update_info(&User.Info.admin_api_update(&1, info)) + + ModerationLog.insert_log(%{ + action: "revoke", + actor: admin, + subject: [user], + permission: permission_group + }) + + json(conn, info) + end + + def right_delete(%{assigns: %{user: %{nickname: nickname}}} = conn, %{"nickname" => nickname}) do + render_error(conn, :forbidden, "You can't revoke your own admin status.") + end + def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do with {:ok, _message} <- Relay.follow(target) do ModerationLog.insert_log(%{ diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index a79df51a2..80651f3ff 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -144,8 +144,22 @@ defmodule Pleroma.Web.Router do get("/users/:nickname/permission_group", AdminAPIController, :right_get) get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get) - post("/users/permission_group/:permission_group", AdminAPIController, :right_add) - delete("/users/permission_group/:permission_group", AdminAPIController, :right_delete) + + post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add) + + delete( + "/users/:nickname/permission_group/:permission_group", + AdminAPIController, + :right_delete + ) + + post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple) + + delete( + "/users/permission_group/:permission_group", + AdminAPIController, + :right_delete_multiple + ) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) |