AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
This commit is contained in:
parent
14ab2fd0f4
commit
03471151d6
|
@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set
|
||||
- NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option
|
||||
- Mastodon API: Unsubscribe followers when they unfollow a user
|
||||
- AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
|
||||
|
||||
### Fixed
|
||||
- Not being able to pin unlisted posts
|
||||
|
|
|
@ -195,6 +195,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
|||
- Params:
|
||||
- `nickname` or `id`
|
||||
- *optional* `page_size`: number of statuses to return (default is `20`)
|
||||
- *optional* `godmode`: `true`/`false` – allows to see private statuses
|
||||
- Response:
|
||||
- On failure: `Not found`
|
||||
- On success: JSON array of user's latest statuses
|
||||
|
|
|
@ -631,15 +631,26 @@ def fetch_user_activities(user, reading_user, params \\ %{}) do
|
|||
|> Map.put("pinned_activity_ids", user.info.pinned_activities)
|
||||
|
||||
recipients =
|
||||
user_activities_recipients(%{
|
||||
"godmode" => params["godmode"],
|
||||
"reading_user" => reading_user
|
||||
})
|
||||
|
||||
fetch_activities(recipients, params)
|
||||
|> Enum.reverse()
|
||||
end
|
||||
|
||||
defp user_activities_recipients(%{"godmode" => true}) do
|
||||
[]
|
||||
end
|
||||
|
||||
defp user_activities_recipients(%{"reading_user" => reading_user}) do
|
||||
if reading_user do
|
||||
["https://www.w3.org/ns/activitystreams#Public"] ++
|
||||
[reading_user.ap_id | reading_user.following]
|
||||
else
|
||||
["https://www.w3.org/ns/activitystreams#Public"]
|
||||
end
|
||||
|
||||
fetch_activities(recipients, params)
|
||||
|> Enum.reverse()
|
||||
end
|
||||
|
||||
defp restrict_since(query, %{"since_id" => ""}), do: query
|
||||
|
|
|
@ -83,12 +83,15 @@ def user_show(conn, %{"nickname" => nickname}) do
|
|||
end
|
||||
|
||||
def list_user_statuses(conn, %{"nickname" => nickname} = params) do
|
||||
godmode = params["godmode"] == "true" || params["godmode"] == true
|
||||
|
||||
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname) do
|
||||
{_, page_size} = page_params(params)
|
||||
|
||||
activities =
|
||||
ActivityPub.fetch_user_activities(user, nil, %{
|
||||
"limit" => page_size
|
||||
"limit" => page_size,
|
||||
"godmode" => godmode
|
||||
})
|
||||
|
||||
conn
|
||||
|
|
|
@ -1934,6 +1934,30 @@ test "renders user's statuses with a limit", %{conn: conn, user: user} do
|
|||
|
||||
assert json_response(conn, 200) |> length() == 2
|
||||
end
|
||||
|
||||
test "doesn't return private statuses by default", %{conn: conn, user: user} do
|
||||
{:ok, _private_status} =
|
||||
CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
|
||||
|
||||
{:ok, _public_status} =
|
||||
CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
|
||||
|
||||
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
|
||||
|
||||
assert json_response(conn, 200) |> length() == 4
|
||||
end
|
||||
|
||||
test "returns private statuses with godmode on", %{conn: conn, user: user} do
|
||||
{:ok, _private_status} =
|
||||
CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
|
||||
|
||||
{:ok, _public_status} =
|
||||
CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
|
||||
|
||||
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?godmode=true")
|
||||
|
||||
assert json_response(conn, 200) |> length() == 5
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue