1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase, async: false
10 alias Pleroma.Activity
11 alias Pleroma.ModerationLog
14 alias Pleroma.Web.CommonAPI
17 admin = insert(:user, is_admin: true)
18 token = insert(:oauth_admin_token, user: admin)
22 |> assign(:user, admin)
23 |> assign(:token, token)
25 {:ok, %{admin: admin, token: token, conn: conn}}
28 describe "GET /api/pleroma/admin/statuses/:id" do
30 clear_config([:instance, :admin_privileges], [:messages_read])
33 test "not found", %{conn: conn} do
35 |> get("/api/pleroma/admin/statuses/not_found")
36 |> json_response_and_validate_schema(:not_found)
39 test "shows activity", %{conn: conn} do
40 activity = insert(:note_activity)
44 |> get("/api/pleroma/admin/statuses/#{activity.id}")
45 |> json_response_and_validate_schema(200)
47 assert response["id"] == activity.id
49 account = response["account"]
50 actor = User.get_by_ap_id(activity.actor)
52 assert account["id"] == actor.id
53 assert account["nickname"] == actor.nickname
54 assert account["is_active"] == actor.is_active
55 assert account["is_confirmed"] == actor.is_confirmed
58 test "denies reading activity when not privileged", %{conn: conn} do
59 clear_config([:instance, :admin_privileges], [])
61 assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
65 describe "PUT /api/pleroma/admin/statuses/:id" do
67 clear_config([:instance, :admin_privileges], [:messages_delete])
68 activity = insert(:note_activity)
73 test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
76 |> put_req_header("content-type", "application/json")
77 |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "true"})
78 |> json_response_and_validate_schema(:ok)
80 assert response["sensitive"]
82 log_entry = Repo.one(ModerationLog)
84 assert ModerationLog.get_log_entry_message(log_entry) ==
85 "@#{admin.nickname} updated status ##{id}, set sensitive: 'true'"
89 |> put_req_header("content-type", "application/json")
90 |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "false"})
91 |> json_response_and_validate_schema(:ok)
93 refute response["sensitive"]
96 test "change visibility flag", %{conn: conn, id: id, admin: admin} do
99 |> put_req_header("content-type", "application/json")
100 |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "public"})
101 |> json_response_and_validate_schema(:ok)
103 assert response["visibility"] == "public"
105 log_entry = Repo.one(ModerationLog)
107 assert ModerationLog.get_log_entry_message(log_entry) ==
108 "@#{admin.nickname} updated status ##{id}, set visibility: 'public'"
112 |> put_req_header("content-type", "application/json")
113 |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "private"})
114 |> json_response_and_validate_schema(:ok)
116 assert response["visibility"] == "private"
120 |> put_req_header("content-type", "application/json")
121 |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "unlisted"})
122 |> json_response_and_validate_schema(:ok)
124 assert response["visibility"] == "unlisted"
127 test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
130 |> put_req_header("content-type", "application/json")
131 |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "test"})
133 assert %{"error" => "test - Invalid value for enum."} =
134 json_response_and_validate_schema(conn, :bad_request)
137 test "it requires privileged role :messages_delete", %{conn: conn} do
138 clear_config([:instance, :admin_privileges], [])
141 |> put_req_header("content-type", "application/json")
142 |> put("/api/pleroma/admin/statuses/some_id", %{})
143 |> json_response(:forbidden)
147 describe "DELETE /api/pleroma/admin/statuses/:id" do
149 clear_config([:instance, :admin_privileges], [:messages_delete])
150 activity = insert(:note_activity)
155 test "deletes status", %{conn: conn, id: id, admin: admin} do
157 |> delete("/api/pleroma/admin/statuses/#{id}")
158 |> json_response_and_validate_schema(:ok)
160 refute Activity.get_by_id(id)
162 log_entry = Repo.one(ModerationLog)
164 assert ModerationLog.get_log_entry_message(log_entry) ==
165 "@#{admin.nickname} deleted status ##{id}"
168 test "returns 404 when the status does not exist", %{conn: conn} do
169 conn = delete(conn, "/api/pleroma/admin/statuses/test")
171 assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
174 test "it requires privileged role :messages_delete", %{conn: conn} do
175 clear_config([:instance, :admin_privileges], [])
178 |> put_req_header("content-type", "application/json")
179 |> delete("/api/pleroma/admin/statuses/some_id")
180 |> json_response(:forbidden)
184 describe "GET /api/pleroma/admin/statuses" do
186 clear_config([:instance, :admin_privileges], [:messages_read])
189 test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
190 blocked = insert(:user)
192 User.block(admin, blocked)
194 {:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
196 {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"})
197 {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
198 {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
199 {:ok, _} = CommonAPI.post(blocked, %{status: ".", visibility: "public"})
203 |> get("/api/pleroma/admin/statuses")
204 |> json_response_and_validate_schema(200)
206 refute "private" in Enum.map(response, & &1["visibility"])
207 assert length(response) == 3
210 test "returns only local statuses with local_only on", %{conn: conn} do
212 remote_user = insert(:user, local: false, nickname: "archaeme@archae.me")
213 insert(:note_activity, user: user, local: true)
214 insert(:note_activity, user: remote_user, local: false)
218 |> get("/api/pleroma/admin/statuses?local_only=true")
219 |> json_response_and_validate_schema(200)
221 assert length(response) == 1
224 test "returns private and direct statuses with godmode on", %{conn: conn, admin: admin} do
227 {:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
229 {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
230 {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
231 conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
232 assert json_response_and_validate_schema(conn, 200) |> length() == 3
235 test "it requires privileged role :messages_read", %{conn: conn} do
236 clear_config([:instance, :admin_privileges], [])
238 conn = get(conn, "/api/pleroma/admin/statuses")
240 assert json_response(conn, :forbidden)