fix oauth scopes for AdminApi#reports_update

This commit is contained in:
Maksim Pechnikov 2019-12-24 20:45:46 +03:00
parent 10ce7185c2
commit 385356aad0
2 changed files with 25 additions and 1 deletions

View File

@ -66,7 +66,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
plug(
OAuthScopesPlug,
%{scopes: ["write:reports"], admin: true}
when action in [:report_update_state, :report_respond]
when action in [:reports_update]
)
plug(

View File

@ -1418,6 +1418,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
}
end
test "requires write:reports scope", %{conn: conn, id: id, admin: admin} do
read_token = insert(:oauth_token, user: admin, scopes: ["read"])
write_token = insert(:oauth_token, user: admin, scopes: ["write:reports"])
response =
conn
|> assign(:token, read_token)
|> patch("/api/pleroma/admin/reports", %{
"reports" => [%{"state" => "resolved", "id" => id}]
})
|> json_response(403)
assert response == %{
"error" => "Insufficient permissions: admin:write:reports | write:reports."
}
conn
|> assign(:token, write_token)
|> patch("/api/pleroma/admin/reports", %{
"reports" => [%{"state" => "resolved", "id" => id}]
})
|> json_response(:no_content)
end
test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
conn
|> patch("/api/pleroma/admin/reports", %{