1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do
6 use Pleroma.Web.ConnCase
8 alias Pleroma.Web.Plugs.EnsurePrivilegedPlug
11 test "denies a user that isn't moderator or admin" do
12 clear_config([:instance, :admin_privileges], [])
17 |> assign(:user, user)
18 |> EnsurePrivilegedPlug.call(:cofe)
20 assert conn.status == 403
23 test "accepts an admin that is privileged" do
24 clear_config([:instance, :admin_privileges], [:cofe])
25 user = insert(:user, is_admin: true)
26 conn = assign(build_conn(), :user, user)
28 ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
30 assert conn == ret_conn
33 test "denies an admin that isn't privileged" do
34 clear_config([:instance, :admin_privileges], [:suya])
35 user = insert(:user, is_admin: true)
39 |> assign(:user, user)
40 |> EnsurePrivilegedPlug.call(:cofe)
42 assert conn.status == 403
45 test "accepts a moderator that is privileged" do
46 clear_config([:instance, :moderator_privileges], [:cofe])
47 user = insert(:user, is_moderator: true)
48 conn = assign(build_conn(), :user, user)
50 ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
52 assert conn == ret_conn
55 test "denies a moderator that isn't privileged" do
56 clear_config([:instance, :moderator_privileges], [:suya])
57 user = insert(:user, is_moderator: true)
61 |> assign(:user, user)
62 |> EnsurePrivilegedPlug.call(:cofe)
64 assert conn.status == 403
67 test "accepts for a privileged role even if other role isn't privileged" do
68 clear_config([:instance, :admin_privileges], [:cofe])
69 clear_config([:instance, :moderator_privileges], [])
70 user = insert(:user, is_admin: true, is_moderator: true)
71 conn = assign(build_conn(), :user, user)
73 ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
75 # privileged through admin role
76 assert conn == ret_conn
78 clear_config([:instance, :admin_privileges], [])
79 clear_config([:instance, :moderator_privileges], [:cofe])
80 user = insert(:user, is_admin: true, is_moderator: true)
81 conn = assign(build_conn(), :user, user)
83 ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
85 # privileged through moderator role
86 assert conn == ret_conn
89 test "denies when no user is set" do
92 |> EnsurePrivilegedPlug.call(:cofe)
94 assert conn.status == 403