pleroma/lib/pleroma/web/admin_api/admin_api_controller.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  use Pleroma.Web, :controller
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.MRF.KeywordPolicy

  import Pleroma.Web.ControllerHelper, only: [json_response: 3]

  require Logger

  action_fallback(:errors)

  def user_delete(conn, %{"nickname" => nickname}) do
    User.get_by_nickname(nickname)
    |> User.delete()

    conn
    |> json(nickname)
  end

  def user_create(
        conn,
        %{"nickname" => nickname, "email" => email, "password" => password}
      ) do
    user_data = %{
      nickname: nickname,
      name: nickname,
      email: email,
      password: password,
      password_confirmation: password,
      bio: "."
    }

    changeset = User.register_changeset(%User{}, user_data, confirmed: true)
    {:ok, user} = User.register(changeset)

    conn
    |> json(user.nickname)
  end

  def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
    with {:ok, _} <- User.tag(nicknames, tags),
         do: json_response(conn, :no_content, "")
  end

  def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
    with {:ok, _} <- User.untag(nicknames, tags),
         do: json_response(conn, :no_content, "")
  end

  def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
      when permission_group in ["moderator", "admin"] do
    user = User.get_by_nickname(nickname)

    info =
      %{}
      |> Map.put("is_" <> permission_group, true)

    info_cng = User.Info.admin_api_update(user.info, info)

    cng =
      user
      |> Ecto.Changeset.change()
      |> Ecto.Changeset.put_embed(:info, info_cng)

    {:ok, _user} = User.update_and_set_cache(cng)

    json(conn, info)
  end

  def right_add(conn, _) do
    conn
    |> put_status(404)
    |> json(%{error: "No such permission_group"})
  end

  def right_get(conn, %{"nickname" => nickname}) do
    user = User.get_by_nickname(nickname)

    conn
    |> json(%{
      is_moderator: user.info.is_moderator,
      is_admin: user.info.is_admin
    })
  end

  def right_delete(
        %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
        %{
          "permission_group" => permission_group,
          "nickname" => nickname
        }
      )
      when permission_group in ["moderator", "admin"] do
    if admin_nickname == nickname do
      conn
      |> put_status(403)
      |> json(%{error: "You can't revoke your own admin status."})
    else
      user = User.get_by_nickname(nickname)

      info =
        %{}
        |> Map.put("is_" <> permission_group, false)

      info_cng = User.Info.admin_api_update(user.info, info)

      cng =
        Ecto.Changeset.change(user)
        |> Ecto.Changeset.put_embed(:info, info_cng)

      {:ok, _user} = User.update_and_set_cache(cng)

      json(conn, info)
    end
  end

  def right_delete(conn, _) do
    conn
    |> put_status(404)
    |> json(%{error: "No such permission_group"})
  end

  def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
    with {:ok, status} <- Ecto.Type.cast(:boolean, status),
         %User{} = user <- User.get_by_nickname(nickname),
         {:ok, _} <- User.deactivate(user, !status),
         do: json_response(conn, :no_content, "")
  end

  def relay_follow(conn, %{"relay_url" => target}) do
    with {:ok, _message} <- Relay.follow(target) do
      json(conn, target)
    else
      _ ->
        conn
        |> put_status(500)
        |> json(target)
    end
  end

  def relay_unfollow(conn, %{"relay_url" => target}) do
    with {:ok, _message} <- Relay.unfollow(target) do
      json(conn, target)
    else
      _ ->
        conn
        |> put_status(500)
        |> json(target)
    end
  end

  @doc "Sends registration invite via email"
  def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
    with true <-
           Pleroma.Config.get([:instance, :invites_enabled]) &&
             !Pleroma.Config.get([:instance, :registrations_open]),
         {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
         email <-
           Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
         {:ok, _} <- Pleroma.Mailer.deliver(email) do
      json_response(conn, :no_content, "")
    end
  end

  @doc "Get a account registeration invite token (base64 string)"
  def get_invite_token(conn, _params) do
    {:ok, token} = Pleroma.UserInviteToken.create_token()

    conn
    |> json(token.token)
  end

  @doc "Get a password reset token (base64 string) for given nickname"
  def get_password_reset(conn, %{"nickname" => nickname}) do
    (%User{local: true} = user) = User.get_by_nickname(nickname)
    {:ok, token} = Pleroma.PasswordResetToken.create_token(user)

    conn
    |> json(token.token)
  end

  @doc "List this instance's keyword policy"
  def list_keyword_policy(conn, _params) do
    mrf_keyword = KeywordPolicy.list_keyword_policy()

    conn
    |> put_status(200)
    |> json(mrf_keyword)
  end

  @doc "Add another MRF Keyword Policy rule"
  def add_keyword_policy(conn, %{"policy" => policy}) do
    result =
      policy
      |> Poison.decode!()
      |> KeywordPolicy.save_keyword_policy()

    case result do
      :ok ->
        conn
        |> put_status(201)
        |> json(%{status: "success", message: "New keyword policy created"})

      {:error, msg} ->
        conn
        |> put_status(422)
        |> json(%{status: "error", message: msg})
    end
  end

  @doc "Reset the keyword policy"
  def reset_keyword_policy(conn, _params) do
    KeywordPolicy.save_keyword_policy(%{
      "federated_timeline_removal" => [],
      "reject" => [],
      "replace" => %{}
    })

    conn
    |> put_status(200)
    |> json(%{status: "success", message: "Keyword Policy has been successfully reset"})
  end

  def errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
    |> json("Invalid parameters")
  end

  def errors(conn, _) do
    conn
    |> put_status(500)
    |> json("Something went wrong")
  end
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
update copyright years to 2019 2018-12-31 16:41:47 +01:00			`# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

lib/pleroma/web/admin_api/admin_api_controller.ex: Pleroma.Web.AdminAPI.Controller → Pleroma.Web.AdminAPI.AdminAPIController 2018-10-12 06:26:58 +02:00			`defmodule Pleroma.Web.AdminAPI.AdminAPIController do`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`use Pleroma.Web, :controller`
[#114] Refactored User.register_changeset to init confirmation data. Introduced User.register/1 to encapsulate User record creation and post-registration actions. 2018-12-18 11:13:57 +01:00			`alias Pleroma.User`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`alias Pleroma.Web.ActivityPub.Relay`
[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00			`alias Pleroma.Web.ActivityPub.MRF.KeywordPolicy`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00
[#394] Added `users.tags` and admin routes to tag and untag users. Added tests. 2018-12-06 18:06:50 +01:00			`import Pleroma.Web.ControllerHelper, only: [json_response: 3]`

admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`require Logger`

			`action_fallback(:errors)`

admin_api_controller.ex: fix remaining params at once 2018-10-12 06:43:08 +02:00			`def user_delete(conn, %{"nickname" => nickname}) do`
Web.AdminAPI.AdminAPIController: Remove a useless if in user_delete 2018-12-31 12:18:59 +01:00			`User.get_by_nickname(nickname)`
			`\|> User.delete()`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00
			`conn`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`\|> json(nickname)`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`

Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit 2018-11-17 22:10:23 +01:00			`def user_create(`
			`conn,`
			`%{"nickname" => nickname, "email" => email, "password" => password}`
			`) do`
[#114] Refactored User.register_changeset to init confirmation data. Introduced User.register/1 to encapsulate User record creation and post-registration actions. 2018-12-18 11:13:57 +01:00			`user_data = %{`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`nickname: nickname,`
Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit 2018-11-17 22:10:23 +01:00			`name: nickname,`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`email: email,`
			`password: password,`
			`password_confirmation: password,`
Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit 2018-11-17 22:10:23 +01:00			`bio: "."`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`}`

[#114] Refactored User.register_changeset to init confirmation data. Introduced User.register/1 to encapsulate User record creation and post-registration actions. 2018-12-18 11:13:57 +01:00			`changeset = User.register_changeset(%User{}, user_data, confirmed: true)`
			`{:ok, user} = User.register(changeset)`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00
			`conn`
[#114] Refactored User.register_changeset to init confirmation data. Introduced User.register/1 to encapsulate User record creation and post-registration actions. 2018-12-18 11:13:57 +01:00			`\|> json(user.nickname)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`end`

[#394] Added `users.tags` and admin routes to tag and untag users. Added tests. 2018-12-06 18:06:50 +01:00			`def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do`
			`with {:ok, _} <- User.tag(nicknames, tags),`
			`do: json_response(conn, :no_content, "")`
			`end`

			`def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do`
			`with {:ok, _} <- User.untag(nicknames, tags),`
			`do: json_response(conn, :no_content, "")`
			`end`

Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})`
			`when permission_group in ["moderator", "admin"] do`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`user = User.get_by_nickname(nickname)`

			`info =`
Fix admin api. 2018-12-01 09:03:16 +01:00			`%{}`
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`\|> Map.put("is_" <> permission_group, true)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00
Fix admin api. 2018-12-01 09:03:16 +01:00			`info_cng = User.Info.admin_api_update(user.info, info)`

			`cng =`
updates 2018-12-10 07:39:57 +01:00			`user`
			`\|> Ecto.Changeset.change()`
Fix admin api. 2018-12-01 09:03:16 +01:00			`\|> Ecto.Changeset.put_embed(:info, info_cng)`

fix compile warnings 2018-12-09 10:12:48 +01:00			`{:ok, _user} = User.update_and_set_cache(cng)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00
fix compile warnings 2018-12-09 10:12:48 +01:00			`json(conn, info)`
			`end`

			`def right_add(conn, _) do`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`conn`
fix compile warnings 2018-12-09 10:12:48 +01:00			`\|> put_status(404)`
			`\|> json(%{error: "No such permission_group"})`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`end`

Add get endpoints for rights [AdminAPI] 2018-11-02 08:19:56 +01:00			`def right_get(conn, %{"nickname" => nickname}) do`
			`user = User.get_by_nickname(nickname)`

			`conn`
Fix admin api. 2018-12-01 09:03:16 +01:00			`\|> json(%{`
			`is_moderator: user.info.is_moderator,`
			`is_admin: user.info.is_admin`
			`})`
Add get endpoints for rights [AdminAPI] 2018-11-02 08:19:56 +01:00			`end`

lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`def right_delete(`
			`%{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,`
			`%{`
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`"permission_group" => permission_group,`
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`"nickname" => nickname`
			`}`
			`)`
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`when permission_group in ["moderator", "admin"] do`
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`if admin_nickname == nickname do`
			`conn`
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-10 14:55:49 +01:00			`\|> put_status(403)`
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`\|> json(%{error: "You can't revoke your own admin status."})`
			`else`
			`user = User.get_by_nickname(nickname)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`info =`
Fix admin api. 2018-12-01 09:03:16 +01:00			`%{}`
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`\|> Map.put("is_" <> permission_group, false)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00
Fix admin api. 2018-12-01 09:03:16 +01:00			`info_cng = User.Info.admin_api_update(user.info, info)`

			`cng =`
			`Ecto.Changeset.change(user)`
			`\|> Ecto.Changeset.put_embed(:info, info_cng)`

fix compile warnings 2018-12-09 10:12:48 +01:00			`{:ok, _user} = User.update_and_set_cache(cng)`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00
fix compile warnings 2018-12-09 10:12:48 +01:00			`json(conn, info)`
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-10 14:42:34 +01:00			`end`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`end`

			`def right_delete(conn, _) do`
			`conn`
			`\|> put_status(404)`
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-10 15:16:19 +01:00			`\|> json(%{error: "No such permission_group"})`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`

Added admin API for changing user activation status 2019-02-19 16:40:57 +01:00			`def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do`
			`with {:ok, status} <- Ecto.Type.cast(:boolean, status),`
			`%User{} = user <- User.get_by_nickname(nickname),`
			`{:ok, _} <- User.deactivate(user, !status),`
			`do: json_response(conn, :no_content, "")`
			`end`

admin_api_controller.ex: fix remaining params at once 2018-10-12 06:43:08 +02:00			`def relay_follow(conn, %{"relay_url" => target}) do`
fix compile warnings 2018-12-09 10:12:48 +01:00			`with {:ok, _message} <- Relay.follow(target) do`
			`json(conn, target)`
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-10 14:55:49 +01:00			`else`
fix compile warnings 2018-12-09 10:12:48 +01:00			`_ ->`
			`conn`
			`\|> put_status(500)`
			`\|> json(target)`
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-10 14:55:49 +01:00			`end`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`

admin_api_controller.ex: fix remaining params at once 2018-10-12 06:43:08 +02:00			`def relay_unfollow(conn, %{"relay_url" => target}) do`
fix compile warnings 2018-12-09 10:12:48 +01:00			`with {:ok, _message} <- Relay.unfollow(target) do`
			`json(conn, target)`
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-10 14:55:49 +01:00			`else`
fix compile warnings 2018-12-09 10:12:48 +01:00			`_ ->`
			`conn`
			`\|> put_status(500)`
			`\|> json(target)`
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-10 14:55:49 +01:00			`end`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`

[#114] Moved email_invite action to AdminAPIController, adjusted tests. 2018-12-13 16:23:05 +01:00			`@doc "Sends registration invite via email"`
			`def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do`
			`with true <-`
			`Pleroma.Config.get([:instance, :invites_enabled]) &&`
			`!Pleroma.Config.get([:instance, :registrations_open]),`
			`{:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),`
			`email <-`
			`Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),`
			`{:ok, _} <- Pleroma.Mailer.deliver(email) do`
			`json_response(conn, :no_content, "")`
			`end`
			`end`

fix compile warnings 2018-12-09 10:12:48 +01:00			`@doc "Get a account registeration invite token (base64 string)"`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`def get_invite_token(conn, _params) do`
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-02 08:15:09 +01:00			`{:ok, token} = Pleroma.UserInviteToken.create_token()`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00
			`conn`
admin_api_controller.ex: Add documentation, fix get_invite_token 2018-10-12 06:37:37 +02:00			`\|> json(token.token)`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`

fix compile warnings 2018-12-09 10:12:48 +01:00			`@doc "Get a password reset token (base64 string) for given nickname"`
admin_api_controller.ex: get_password_reset: fix params and response 2018-10-12 06:28:20 +02:00			`def get_password_reset(conn, %{"nickname" => nickname}) do`
admin_api_controller: Have some basic code 2018-10-02 19:03:05 +02:00			`(%User{local: true} = user) = User.get_by_nickname(nickname)`
			`{:ok, token} = Pleroma.PasswordResetToken.create_token(user)`

			`conn`
admin_api_controller.ex: get_password_reset: fix params and response 2018-10-12 06:28:20 +02:00			`\|> json(token.token)`
			`end`

[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00			`@doc "List this instance's keyword policy"`
			`def list_keyword_policy(conn, _params) do`
			`mrf_keyword = KeywordPolicy.list_keyword_policy()`

			`conn`
			`\|> put_status(200)`
			`\|> json(mrf_keyword)`
			`end`

[KeywordPolicy] Preliminary work 2019-02-10 01:33:41 +01:00			`@doc "Add another MRF Keyword Policy rule"`
[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00			`def add_keyword_policy(conn, %{"policy" => policy}) do`
[KeywordPolicy] Fix linter errors 2019-02-21 02:03:12 +01:00			`result =`
			`policy`
			`\|> Poison.decode!()`
			`\|> KeywordPolicy.save_keyword_policy()`
[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00
			`case result do`
			`:ok ->`
			`conn`
			`\|> put_status(201)`
			`\|> json(%{status: "success", message: "New keyword policy created"})`
[KeywordPolicy] Fix linter errors 2019-02-21 02:03:12 +01:00
[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00			`{:error, msg} ->`
			`conn`
			`\|> put_status(422)`
			`\|> json(%{status: "error", message: msg})`
			`end`
[KeywordPolicy] Implement the 'reset' action on Keyword Policies 2019-02-21 01:49:21 +01:00			`end`
[KeywordPolicy] Implement the /list and /add routes 2019-02-21 01:32:06 +01:00
[KeywordPolicy] Implement the 'reset' action on Keyword Policies 2019-02-21 01:49:21 +01:00			`@doc "Reset the keyword policy"`
			`def reset_keyword_policy(conn, _params) do`
[KeywordPolicy] Fix linter errors 2019-02-21 02:03:12 +01:00			`KeywordPolicy.save_keyword_policy(%{`
			`"federated_timeline_removal" => [],`
			`"reject" => [],`
			`"replace" => %{}`
			`})`

[KeywordPolicy] Implement the 'reset' action on Keyword Policies 2019-02-21 01:49:21 +01:00			`conn`
			`\|> put_status(200)`
			`\|> json(%{status: "success", message: "Keyword Policy has been successfully reset"})`
[KeywordPolicy] Preliminary work 2019-02-10 01:33:41 +01:00			`end`

admin_api_controller.ex: get_password_reset: fix params and response 2018-10-12 06:28:20 +02:00			`def errors(conn, {:param_cast, _}) do`
			`conn`
			`\|> put_status(400)`
			`\|> json("Invalid parameters")`
			`end`

			`def errors(conn, _) do`
			`conn`
			`\|> put_status(500)`
			`\|> json("Something went wrong")`
admin_api_controller.ex: Create 2018-10-02 18:38:16 +02:00			`end`
			`end`