delete statusses is now privileged by :status_delete
Instead of superusers, you now need a role with privilige :status_delete to delete other users statusses I also cleaned up some other stuff I saw
This commit is contained in:
Ilja
parent
7adfc2e0f4
commit
7cf473c500
4 changed files with 24 additions and 33 deletions
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
defmodule Pleroma.Web.CommonAPITest do
|
||||
use Oban.Testing, repo: Pleroma.Repo
|
||||
use Pleroma.DataCase
|
||||
use Pleroma.DataCase, async: false
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.Chat
|
||||
|
|
@ -321,7 +321,7 @@ defmodule Pleroma.Web.CommonAPITest do
|
|||
refute Activity.get_by_id(post.id)
|
||||
end
|
||||
|
||||
test "it does not allow a user to delete their posts" do
|
||||
test "it does not allow a user to delete posts from another user" do
|
||||
user = insert(:user)
|
||||
other_user = insert(:user)
|
||||
|
||||
|
|
@ -331,7 +331,8 @@ defmodule Pleroma.Web.CommonAPITest do
|
|||
assert Activity.get_by_id(post.id)
|
||||
end
|
||||
|
||||
test "it allows moderators to delete other user's posts" do
|
||||
test "it allows privileged users to delete other user's posts" do
|
||||
clear_config([:instance, :moderator_privileges], [:status_delete])
|
||||
user = insert(:user)
|
||||
moderator = insert(:user, is_moderator: true)
|
||||
|
||||
|
|
@ -343,19 +344,20 @@ defmodule Pleroma.Web.CommonAPITest do
|
|||
refute Activity.get_by_id(post.id)
|
||||
end
|
||||
|
||||
test "it allows admins to delete other user's posts" do
|
||||
test "it doesn't allow unprivileged mods or admins to delete other user's posts" do
|
||||
clear_config([:instance, :admin_privileges], [])
|
||||
clear_config([:instance, :moderator_privileges], [])
|
||||
user = insert(:user)
|
||||
moderator = insert(:user, is_admin: true)
|
||||
moderator = insert(:user, is_moderator: true, is_admin: true)
|
||||
|
||||
{:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
|
||||
|
||||
assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
|
||||
assert delete.local
|
||||
|
||||
refute Activity.get_by_id(post.id)
|
||||
assert {:error, "Could not delete"} = CommonAPI.delete(post.id, moderator)
|
||||
assert Activity.get_by_id(post.id)
|
||||
end
|
||||
|
||||
test "superusers deleting non-local posts won't federate the delete" do
|
||||
test "privileged users deleting non-local posts won't federate the delete" do
|
||||
clear_config([:instance, :admin_privileges], [:status_delete])
|
||||
# This is the user of the ingested activity
|
||||
_user =
|
||||
insert(:user,
|
||||
|
|
@ -364,7 +366,7 @@ defmodule Pleroma.Web.CommonAPITest do
|
|||
last_refreshed_at: NaiveDateTime.utc_now()
|
||||
)
|
||||
|
||||
moderator = insert(:user, is_admin: true)
|
||||
admin = insert(:user, is_admin: true)
|
||||
|
||||
data =
|
||||
File.read!("test/fixtures/mastodon-post-activity.json")
|
||||
|
|
@ -374,7 +376,7 @@ defmodule Pleroma.Web.CommonAPITest do
|
|||
|
||||
with_mock Pleroma.Web.Federator,
|
||||
publish: fn _ -> nil end do
|
||||
assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
|
||||
assert {:ok, delete} = CommonAPI.delete(post.id, admin)
|
||||
assert delete.local
|
||||
refute called(Pleroma.Web.Federator.publish(:_))
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue