Merge branch 'feature/multiple-users-activation-permissions' into 'develop'

Ability to toggle activation status, permission group & delete multiple users Closes admin-fe#39 See merge request pleroma/pleroma!1825
2019-10-16 12:14:47 +00:00 · 2019-10-16 12:14:47 +00:00 · 21f0757b0d
commit 21f0757b0d
parent 6977cddff9 da0e4879bc
9 changed files with 361 additions and 124 deletions
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -46,6 +46,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
           :user_delete,
           :users_create,
           :user_toggle_activation,
+           :user_activate,
+           :user_deactivate,
           :tag_users,
           :untag_users,
           :right_add,
@ -98,7 +100,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do

    ModerationLog.insert_log(%{
      actor: admin,
-      subject: user,
+      subject: [user],
      action: "delete"
    })

@ -106,6 +108,20 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    |> json(nickname)
  end

+  def user_delete(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do
+    users = nicknames |> Enum.map(&User.get_cached_by_nickname/1)
+    User.delete(users)
+
+    ModerationLog.insert_log(%{
+      actor: admin,
+      subject: users,
+      action: "delete"
+    })
+
+    conn
+    |> json(nicknames)
+  end
+
  def user_follow(%{assigns: %{user: admin}} = conn, %{
        "follower" => follower_nick,
        "followed" => followed_nick
@ -240,7 +256,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do

    ModerationLog.insert_log(%{
      actor: admin,
-      subject: user,
+      subject: [user],
      action: action
    })

@ -249,6 +265,36 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    |> render("show.json", %{user: updated_user})
  end

+  def user_activate(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do
+    users = Enum.map(nicknames, &User.get_cached_by_nickname/1)
+    {:ok, updated_users} = User.deactivate(users, false)
+
+    ModerationLog.insert_log(%{
+      actor: admin,
+      subject: users,
+      action: "activate"
+    })
+
+    conn
+    |> put_view(AccountView)
+    |> render("index.json", %{users: Keyword.values(updated_users)})
+  end
+
+  def user_deactivate(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do
+    users = Enum.map(nicknames, &User.get_cached_by_nickname/1)
+    {:ok, updated_users} = User.deactivate(users, true)
+
+    ModerationLog.insert_log(%{
+      actor: admin,
+      subject: users,
+      action: "deactivate"
+    })
+
+    conn
+    |> put_view(AccountView)
+    |> render("index.json", %{users: Keyword.values(updated_users)})
+  end
+
  def tag_users(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames, "tags" => tags}) do
    with {:ok, _} <- User.tag(nicknames, tags) do
      ModerationLog.insert_log(%{
@ -313,6 +359,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    |> Enum.into(%{}, &{&1, true})
  end

+  def right_add_multiple(%{assigns: %{user: admin}} = conn, %{
+        "permission_group" => permission_group,
+        "nicknames" => nicknames
+      })
+      when permission_group in ["moderator", "admin"] do
+    info = Map.put(%{}, "is_" <> permission_group, true)
+
+    users = nicknames |> Enum.map(&User.get_cached_by_nickname/1)
+
+    User.update_info(users, &User.Info.admin_api_update(&1, info))
+
+    ModerationLog.insert_log(%{
+      action: "grant",
+      actor: admin,
+      subject: users,
+      permission: permission_group
+    })
+
+    json(conn, info)
+  end
+
+  def right_add_multiple(conn, _) do
+    render_error(conn, :not_found, "No such permission_group")
+  end
+
  def right_add(%{assigns: %{user: admin}} = conn, %{
        "permission_group" => permission_group,
        "nickname" => nickname
@ -328,7 +399,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    ModerationLog.insert_log(%{
      action: "grant",
      actor: admin,
-      subject: user,
+      subject: [user],
      permission: permission_group
    })

@ -349,8 +420,36 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    })
  end

-  def right_delete(%{assigns: %{user: %{nickname: nickname}}} = conn, %{"nickname" => nickname}) do
-    render_error(conn, :forbidden, "You can't revoke your own admin status.")
+  def right_delete_multiple(
+        %{assigns: %{user: %{nickname: admin_nickname} = admin}} = conn,
+        %{
+          "permission_group" => permission_group,
+          "nicknames" => nicknames
+        }
+      )
+      when permission_group in ["moderator", "admin"] do
+    with false <- Enum.member?(nicknames, admin_nickname) do
+      info = Map.put(%{}, "is_" <> permission_group, false)
+
+      users = nicknames |> Enum.map(&User.get_cached_by_nickname/1)
+
+      User.update_info(users, &User.Info.admin_api_update(&1, info))
+
+      ModerationLog.insert_log(%{
+        action: "revoke",
+        actor: admin,
+        subject: users,
+        permission: permission_group
+      })
+
+      json(conn, info)
+    else
+      _ -> render_error(conn, :forbidden, "You can't revoke your own admin/moderator status.")
+    end
+  end
+
+  def right_delete_multiple(conn, _) do
+    render_error(conn, :not_found, "No such permission_group")
  end

  def right_delete(
@ -371,34 +470,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    ModerationLog.insert_log(%{
      action: "revoke",
      actor: admin,
-      subject: user,
+      subject: [user],
      permission: permission_group
    })

    json(conn, info)
  end

-  def right_delete(conn, _) do
-    render_error(conn, :not_found, "No such permission_group")
-  end
-
-  def set_activation_status(%{assigns: %{user: admin}} = conn, %{
-        "nickname" => nickname,
-        "status" => status
-      }) do
-    with {:ok, status} <- Ecto.Type.cast(:boolean, status),
-         %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, _} <- User.deactivate(user, !status) do
-      action = if(user.info.deactivated, do: "activate", else: "deactivate")
-
-      ModerationLog.insert_log(%{
-        actor: admin,
-        subject: user,
-        action: action
-      })
-
-      json_response(conn, :no_content, "")
-    end
+  def right_delete(%{assigns: %{user: %{nickname: nickname}}} = conn, %{"nickname" => nickname}) do
+    render_error(conn, :forbidden, "You can't revoke your own admin status.")
  end

  def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do
--- a/lib/pleroma/web/admin_api/views/account_view.ex
+++ b/lib/pleroma/web/admin_api/views/account_view.ex
@ -19,6 +19,12 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
    }
  end

+  def render("index.json", %{users: users}) do
+    %{
+      users: render_many(users, AccountView, "show.json", as: :user)
+    }
+  end
+
  def render("show.json", %{user: user}) do
    avatar = User.avatar_url(user) |> MediaProxy.url()
    display_name = HTML.strip_tags(user.name || user.nickname)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -137,11 +137,14 @@ defmodule Pleroma.Web.Router do
    delete("/users", AdminAPIController, :user_delete)
    post("/users", AdminAPIController, :users_create)
    patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation)
+    patch("/users/activate", AdminAPIController, :user_activate)
+    patch("/users/deactivate", AdminAPIController, :user_deactivate)
    put("/users/tag", AdminAPIController, :tag_users)
    delete("/users/tag", AdminAPIController, :untag_users)

    get("/users/:nickname/permission_group", AdminAPIController, :right_get)
    get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
+
    post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)

    delete(
@ -150,7 +153,13 @@ defmodule Pleroma.Web.Router do
      :right_delete
    )

-    put("/users/:nickname/activation_status", AdminAPIController, :set_activation_status)
+    post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)
+
+    delete(
+      "/users/permission_group/:permission_group",
+      AdminAPIController,
+      :right_delete_multiple
+    )

    post("/relay", AdminAPIController, :relay_follow)
    delete("/relay", AdminAPIController, :relay_unfollow)