From cd1041c3a413b9b3ba4c763308b5fd77a53d7c3c Mon Sep 17 00:00:00 2001
From: Alibek Omarov <a1ba.omarov@gmail.com>
Date: Mon, 27 Dec 2021 02:27:48 +0300
Subject: API: optionally restrict moderators from accessing sensitive data

---
 config/config.exs      | 3 ++-
 config/description.exs | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/config.exs b/config/config.exs
index 23c41eddd..ec242cadc 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -255,7 +255,8 @@ config :pleroma, :instance,
   ],
   show_reactions: true,
   password_reset_token_validity: 60 * 60 * 24,
-  profile_directory: true
+  profile_directory: true,
+  privileged_staff: false
 
 config :pleroma, :welcome,
   direct_message: [
diff --git a/config/description.exs b/config/description.exs
index 517077acf..a8fbd4d73 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -941,6 +941,11 @@ config :pleroma, :config_description, [
         key: :profile_directory,
         type: :boolean,
         description: "Enable profile directory."
+      },
+      %{
+        key: :privileged_staff,
+        type: :boolean,
+        description: "Let moderators access sensitive data (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
       }
     ]
   },
-- 
cgit v1.2.3