From 3a4773c3c2bd0bbef244eb519b07208da9108e49 Mon Sep 17 00:00:00 2001
From: dcc <dcc@logografos.com>
Date: Sat, 2 Sep 2023 00:52:52 -0700
Subject: First

---
 .../web/plugs/ensure_privileged_plug_test.exs      | 96 ++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 test/pleroma/web/plugs/ensure_privileged_plug_test.exs

(limited to 'test/pleroma/web/plugs/ensure_privileged_plug_test.exs')

diff --git a/test/pleroma/web/plugs/ensure_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs
new file mode 100644
index 0000000..4b6679b
--- /dev/null
+++ b/test/pleroma/web/plugs/ensure_privileged_plug_test.exs
@@ -0,0 +1,96 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.EnsurePrivilegedPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Web.Plugs.EnsurePrivilegedPlug
+  import Pleroma.Factory
+
+  test "denies a user that isn't moderator or admin" do
+    clear_config([:instance, :admin_privileges], [])
+    user = insert(:user)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> EnsurePrivilegedPlug.call(:cofe)
+
+    assert conn.status == 403
+  end
+
+  test "accepts an admin that is privileged" do
+    clear_config([:instance, :admin_privileges], [:cofe])
+    user = insert(:user, is_admin: true)
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+    assert conn == ret_conn
+  end
+
+  test "denies an admin that isn't privileged" do
+    clear_config([:instance, :admin_privileges], [:suya])
+    user = insert(:user, is_admin: true)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> EnsurePrivilegedPlug.call(:cofe)
+
+    assert conn.status == 403
+  end
+
+  test "accepts a moderator that is privileged" do
+    clear_config([:instance, :moderator_privileges], [:cofe])
+    user = insert(:user, is_moderator: true)
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+    assert conn == ret_conn
+  end
+
+  test "denies a moderator that isn't privileged" do
+    clear_config([:instance, :moderator_privileges], [:suya])
+    user = insert(:user, is_moderator: true)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> EnsurePrivilegedPlug.call(:cofe)
+
+    assert conn.status == 403
+  end
+
+  test "accepts for a privileged role even if other role isn't privileged" do
+    clear_config([:instance, :admin_privileges], [:cofe])
+    clear_config([:instance, :moderator_privileges], [])
+    user = insert(:user, is_admin: true, is_moderator: true)
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+    # privileged through admin role
+    assert conn == ret_conn
+
+    clear_config([:instance, :admin_privileges], [])
+    clear_config([:instance, :moderator_privileges], [:cofe])
+    user = insert(:user, is_admin: true, is_moderator: true)
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsurePrivilegedPlug.call(conn, :cofe)
+
+    # privileged through moderator role
+    assert conn == ret_conn
+  end
+
+  test "denies when no user is set" do
+    conn =
+      build_conn()
+      |> EnsurePrivilegedPlug.call(:cofe)
+
+    assert conn.status == 403
+  end
+end
-- 
cgit v1.2.3