[feature] Implement Mastodon-compatible roles (#3136)
* Implement Mastodon-compatible roles - `Account.role` should only be available through verify_credentials for checking current user's permissions - `Account.role` now carries a Mastodon-compatible permissions bitmap and a marker for whether it should be shown to the public - `Account.roles` added for *public* display roles (undocumented but stable since Mastodon 4.1) - Web template now uses only public display roles (no user-visible change here, we already special-cased the `user` role) * Handle verify_credentials case for default role * Update JSON exact-match tests * Address review comments * Add blocks bit to admin permissions bitmap
This commit is contained in:
parent
2f7d654380
commit
fd837776e2
|
@ -304,6 +304,15 @@ definitions:
|
|||
x-go-name: Note
|
||||
role:
|
||||
$ref: '#/definitions/accountRole'
|
||||
roles:
|
||||
description: |-
|
||||
Roles lists the public roles of the account on this instance.
|
||||
Unlike Role, this is always available, but never includes permissions details.
|
||||
Key/value omitted for remote accounts.
|
||||
items:
|
||||
$ref: '#/definitions/accountDisplayRole'
|
||||
type: array
|
||||
x-go-name: Roles
|
||||
source:
|
||||
$ref: '#/definitions/Source'
|
||||
statuses_count:
|
||||
|
@ -333,6 +342,29 @@ definitions:
|
|||
type: object
|
||||
x-go-name: Account
|
||||
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
|
||||
accountDisplayRole:
|
||||
description: This is a subset of AccountRole.
|
||||
properties:
|
||||
color:
|
||||
description: |-
|
||||
Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
|
||||
Since GotoSocial doesn't use role colors, we leave this empty.
|
||||
type: string
|
||||
x-go-name: Color
|
||||
id:
|
||||
description: |-
|
||||
ID of the role.
|
||||
Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
|
||||
type: string
|
||||
x-go-name: ID
|
||||
name:
|
||||
description: Name of the role.
|
||||
type: string
|
||||
x-go-name: Name
|
||||
title: AccountDisplayRole models a public, displayable role of an account.
|
||||
type: object
|
||||
x-go-name: AccountDisplayRole
|
||||
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
|
||||
accountExportStats:
|
||||
description: |-
|
||||
AccountExportStats models an account's stats
|
||||
|
@ -448,9 +480,32 @@ definitions:
|
|||
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
|
||||
accountRole:
|
||||
properties:
|
||||
color:
|
||||
description: |-
|
||||
Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
|
||||
Since GotoSocial doesn't use role colors, we leave this empty.
|
||||
type: string
|
||||
x-go-name: Color
|
||||
highlighted:
|
||||
description: |-
|
||||
Highlighted indicates whether the role is publicly visible on the user profile.
|
||||
This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
|
||||
type: boolean
|
||||
x-go-name: Highlighted
|
||||
id:
|
||||
description: |-
|
||||
ID of the role.
|
||||
Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
|
||||
type: string
|
||||
x-go-name: ID
|
||||
name:
|
||||
description: Name of the role.
|
||||
type: string
|
||||
x-go-name: Name
|
||||
permissions:
|
||||
description: Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
|
||||
type: string
|
||||
x-go-name: Permissions
|
||||
title: AccountRole models the role of an account.
|
||||
type: object
|
||||
x-go-name: AccountRole
|
||||
|
@ -2209,6 +2264,15 @@ definitions:
|
|||
x-go-name: Note
|
||||
role:
|
||||
$ref: '#/definitions/accountRole'
|
||||
roles:
|
||||
description: |-
|
||||
Roles lists the public roles of the account on this instance.
|
||||
Unlike Role, this is always available, but never includes permissions details.
|
||||
Key/value omitted for remote accounts.
|
||||
items:
|
||||
$ref: '#/definitions/accountDisplayRole'
|
||||
type: array
|
||||
x-go-name: Roles
|
||||
source:
|
||||
$ref: '#/definitions/Source'
|
||||
statuses_count:
|
||||
|
|
|
@ -0,0 +1,118 @@
|
|||
// GoToSocial
|
||||
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
package accounts_test
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
|
||||
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||
)
|
||||
|
||||
type AccountGetTestSuite struct {
|
||||
AccountStandardTestSuite
|
||||
}
|
||||
|
||||
// accountVerifyGet calls the get account API method for a given account fixture name.
|
||||
func (suite *AccountGetTestSuite) getAccount(id string) *apimodel.Account {
|
||||
recorder := httptest.NewRecorder()
|
||||
ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.BasePath+"/"+id, "")
|
||||
ctx.Params = gin.Params{
|
||||
gin.Param{
|
||||
Key: accounts.IDKey,
|
||||
Value: id,
|
||||
},
|
||||
}
|
||||
|
||||
// call the handler
|
||||
suite.accountsModule.AccountGETHandler(ctx)
|
||||
|
||||
// 1. we should have OK because our request was valid
|
||||
suite.Equal(http.StatusOK, recorder.Code)
|
||||
|
||||
// 2. we should have no error message in the result body
|
||||
result := recorder.Result()
|
||||
defer result.Body.Close()
|
||||
|
||||
// check the response
|
||||
b, err := io.ReadAll(result.Body)
|
||||
if err != nil {
|
||||
suite.FailNow(err.Error())
|
||||
}
|
||||
|
||||
// unmarshal the returned account
|
||||
apimodelAccount := &apimodel.Account{}
|
||||
err = json.Unmarshal(b, apimodelAccount)
|
||||
if err != nil {
|
||||
suite.FailNow(err.Error())
|
||||
}
|
||||
|
||||
return apimodelAccount
|
||||
}
|
||||
|
||||
// Fetching the currently logged-in account shows extra info,
|
||||
// so we should see permissions, but this account is a regular user and should have no display role.
|
||||
func (suite *AccountGetTestSuite) TestGetDisplayRoleForSelf() {
|
||||
apimodelAccount := suite.getAccount(suite.testAccounts["local_account_1"].ID)
|
||||
|
||||
// Role should be set, but permissions should be empty.
|
||||
if suite.NotNil(apimodelAccount.Role) {
|
||||
role := apimodelAccount.Role
|
||||
suite.Equal("user", string(role.Name))
|
||||
suite.Zero(role.Permissions)
|
||||
}
|
||||
|
||||
// Roles should not have anything in it.
|
||||
suite.Empty(apimodelAccount.Roles)
|
||||
}
|
||||
|
||||
// We should not see a display role for an ordinary local account.
|
||||
func (suite *AccountGetTestSuite) TestGetDisplayRoleForUserAccount() {
|
||||
apimodelAccount := suite.getAccount(suite.testAccounts["local_account_2"].ID)
|
||||
|
||||
// Role should not be set.
|
||||
suite.Nil(apimodelAccount.Role)
|
||||
|
||||
// Roles should not have anything in it.
|
||||
suite.Empty(apimodelAccount.Roles)
|
||||
}
|
||||
|
||||
// We should be able to get a display role for an admin account.
|
||||
func (suite *AccountGetTestSuite) TestGetDisplayRoleForAdminAccount() {
|
||||
apimodelAccount := suite.getAccount(suite.testAccounts["admin_account"].ID)
|
||||
|
||||
// Role should not be set.
|
||||
suite.Nil(apimodelAccount.Role)
|
||||
|
||||
// Roles should have exactly one display role.
|
||||
if suite.Len(apimodelAccount.Roles, 1) {
|
||||
role := apimodelAccount.Roles[0]
|
||||
suite.Equal("admin", string(role.Name))
|
||||
suite.NotEmpty(role.ID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAccountGetTestSuite(t *testing.T) {
|
||||
suite.Run(t, new(AccountGetTestSuite))
|
||||
}
|
|
@ -19,30 +19,35 @@ package accounts_test
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
|
||||
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||
)
|
||||
|
||||
type AccountVerifyTestSuite struct {
|
||||
AccountStandardTestSuite
|
||||
}
|
||||
|
||||
func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
|
||||
testAccount := suite.testAccounts["local_account_1"]
|
||||
|
||||
// accountVerifyGet calls the verify_credentials API method for a given account fixture name.
|
||||
// Assumes token and user fixture names are the same as the account fixture name.
|
||||
func (suite *AccountVerifyTestSuite) accountVerifyGet(fixtureName string) *apimodel.Account {
|
||||
// set up the request
|
||||
recorder := httptest.NewRecorder()
|
||||
ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.VerifyPath, "")
|
||||
|
||||
// override the account that we're authenticated as
|
||||
ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[fixtureName])
|
||||
ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[fixtureName]))
|
||||
ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[fixtureName])
|
||||
|
||||
// call the handler
|
||||
suite.accountsModule.AccountVerifyGETHandler(ctx)
|
||||
|
||||
|
@ -54,13 +59,27 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
|
|||
defer result.Body.Close()
|
||||
|
||||
// check the response
|
||||
b, err := ioutil.ReadAll(result.Body)
|
||||
assert.NoError(suite.T(), err)
|
||||
b, err := io.ReadAll(result.Body)
|
||||
if err != nil {
|
||||
suite.FailNow(err.Error())
|
||||
}
|
||||
|
||||
// unmarshal the returned account
|
||||
apimodelAccount := &apimodel.Account{}
|
||||
err = json.Unmarshal(b, apimodelAccount)
|
||||
suite.NoError(err)
|
||||
if err != nil {
|
||||
suite.FailNow(err.Error())
|
||||
}
|
||||
|
||||
return apimodelAccount
|
||||
}
|
||||
|
||||
// We should see public account information and profile source for a normal user.
|
||||
func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
|
||||
fixtureName := "local_account_1"
|
||||
testAccount := suite.testAccounts[fixtureName]
|
||||
|
||||
apimodelAccount := suite.accountVerifyGet(fixtureName)
|
||||
|
||||
createdAt, err := time.Parse(time.RFC3339, apimodelAccount.CreatedAt)
|
||||
suite.NoError(err)
|
||||
|
@ -85,6 +104,43 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
|
|||
suite.Equal(testAccount.NoteRaw, apimodelAccount.Source.Note)
|
||||
}
|
||||
|
||||
// testAccountVerifyGetRole calls the verify_credentials API method for a given account fixture name,
|
||||
// and checks the response for permissions appropriate to the role.
|
||||
func (suite *AccountVerifyTestSuite) testAccountVerifyGetRole(fixtureName string) {
|
||||
testUser := suite.testUsers[fixtureName]
|
||||
|
||||
apimodelAccount := suite.accountVerifyGet(fixtureName)
|
||||
|
||||
if suite.NotNil(apimodelAccount.Role) {
|
||||
switch {
|
||||
case *testUser.Admin:
|
||||
suite.Equal("admin", string(apimodelAccount.Role.Name))
|
||||
suite.NotZero(apimodelAccount.Role.Permissions)
|
||||
suite.True(apimodelAccount.Role.Highlighted)
|
||||
|
||||
case *testUser.Moderator:
|
||||
suite.Equal("moderator", string(apimodelAccount.Role.Name))
|
||||
suite.Zero(apimodelAccount.Role.Permissions)
|
||||
suite.True(apimodelAccount.Role.Highlighted)
|
||||
|
||||
default:
|
||||
suite.Equal("user", string(apimodelAccount.Role.Name))
|
||||
suite.Zero(apimodelAccount.Role.Permissions)
|
||||
suite.False(apimodelAccount.Role.Highlighted)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// We should see a role for a normal user, and that role should not have any permissions.
|
||||
func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleUser() {
|
||||
suite.testAccountVerifyGetRole("local_account_1")
|
||||
}
|
||||
|
||||
// We should see a role for an admin user, and that role should have some permissions.
|
||||
func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleAdmin() {
|
||||
suite.testAccountVerifyGetRole("admin_account")
|
||||
}
|
||||
|
||||
func TestAccountVerifyTestSuite(t *testing.T) {
|
||||
suite.Run(t, new(AccountVerifyTestSuite))
|
||||
}
|
||||
|
|
|
@ -70,7 +70,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -109,10 +113,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -127,7 +128,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -156,9 +161,13 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -173,7 +182,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -214,7 +227,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "en",
|
||||
"invite_request": "I wanna be on this damned webbed site so bad! Please! Wow",
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -244,10 +261,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -262,7 +276,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "en",
|
||||
"invite_request": "hi, please let me in! I'm looking for somewhere neato bombeato to hang out.",
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -289,10 +307,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"statuses_count": 0,
|
||||
"last_status_at": null,
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"fields": []
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -307,7 +322,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -348,7 +367,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -389,7 +412,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -431,7 +458,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -511,7 +542,11 @@ func (suite *AccountsGetTestSuite) TestAccountsMinID() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
|
|
@ -157,7 +157,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -198,7 +202,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -237,10 +245,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -255,7 +260,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -284,9 +293,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -301,7 +314,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -330,9 +347,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -360,7 +381,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -399,10 +424,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -417,7 +439,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -605,7 +631,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -644,10 +674,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -662,7 +689,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -850,7 +881,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -889,10 +924,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -907,7 +939,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
|
|
@ -176,9 +176,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch1() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
@ -312,9 +316,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch2() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
@ -448,9 +456,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch3() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
@ -635,9 +647,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch6() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
@ -797,9 +813,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch8() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
@ -970,9 +990,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch9() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [
|
||||
|
|
|
@ -118,10 +118,7 @@ func (suite *StatusHistoryTestSuite) TestGetHistory() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"poll": null,
|
||||
"media_attachments": [],
|
||||
|
|
|
@ -136,10 +136,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"media_attachments": [],
|
||||
"mentions": [],
|
||||
|
@ -224,10 +221,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"media_attachments": [],
|
||||
"mentions": [],
|
||||
|
|
|
@ -18,8 +18,11 @@
|
|||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"mime/multipart"
|
||||
"net"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
// Account models a fediverse account.
|
||||
|
@ -105,8 +108,13 @@ type Account struct {
|
|||
// Key/value omitted if false.
|
||||
HideCollections bool `json:"hide_collections,omitempty"`
|
||||
// Role of the account on this instance.
|
||||
// Only available through the `verify_credentials` API method.
|
||||
// Key/value omitted for remote accounts.
|
||||
Role *AccountRole `json:"role,omitempty"`
|
||||
// Roles lists the public roles of the account on this instance.
|
||||
// Unlike Role, this is always available, but never includes permissions details.
|
||||
// Key/value omitted for remote accounts.
|
||||
Roles []AccountDisplayRole `json:"roles,omitempty"`
|
||||
// If set, indicates that this account is currently inactive, and has migrated to the given account.
|
||||
// Key/value omitted for accounts that haven't moved, and for suspended accounts.
|
||||
Moved *Account `json:"moved,omitempty"`
|
||||
|
@ -286,11 +294,35 @@ type AccountAliasRequest struct {
|
|||
AlsoKnownAsURIs []string `form:"also_known_as_uris" json:"also_known_as_uris" xml:"also_known_as_uris"`
|
||||
}
|
||||
|
||||
// AccountDisplayRole models a public, displayable role of an account.
|
||||
// This is a subset of AccountRole.
|
||||
//
|
||||
// swagger:model accountDisplayRole
|
||||
type AccountDisplayRole struct {
|
||||
// ID of the role.
|
||||
// Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
|
||||
ID string `json:"id"`
|
||||
|
||||
// Name of the role.
|
||||
Name AccountRoleName `json:"name"`
|
||||
|
||||
// Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
|
||||
// Since GotoSocial doesn't use role colors, we leave this empty.
|
||||
Color string `json:"color"`
|
||||
}
|
||||
|
||||
// AccountRole models the role of an account.
|
||||
//
|
||||
// swagger:model accountRole
|
||||
type AccountRole struct {
|
||||
Name AccountRoleName `json:"name"`
|
||||
AccountDisplayRole
|
||||
|
||||
// Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
|
||||
Permissions AccountRolePermissions `json:"permissions"`
|
||||
|
||||
// Highlighted indicates whether the role is publicly visible on the user profile.
|
||||
// This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
|
||||
Highlighted bool `json:"highlighted"`
|
||||
}
|
||||
|
||||
// AccountRoleName represent the name of the role of an account.
|
||||
|
@ -305,6 +337,103 @@ const (
|
|||
AccountRoleUnknown AccountRoleName = "" // We don't know / remote account
|
||||
)
|
||||
|
||||
// AccountRolePermissions is a bitmap representing a set of user permissions.
|
||||
// It's used for Mastodon API compatibility: internally, GotoSocial only tracks admins and moderators.
|
||||
//
|
||||
// swagger:type string
|
||||
type AccountRolePermissions int
|
||||
|
||||
// MarshalJSON serializes an AccountRolePermissions as a numeric string.
|
||||
func (a *AccountRolePermissions) MarshalJSON() ([]byte, error) {
|
||||
return json.Marshal(strconv.Itoa(int(*a)))
|
||||
}
|
||||
|
||||
// UnmarshalJSON deserializes an AccountRolePermissions from a number or numeric string.
|
||||
func (a *AccountRolePermissions) UnmarshalJSON(b []byte) error {
|
||||
if string(b) == "null" {
|
||||
return nil
|
||||
}
|
||||
|
||||
i := 0
|
||||
if err := json.Unmarshal(b, &i); err != nil {
|
||||
s := ""
|
||||
if err := json.Unmarshal(b, &s); err != nil {
|
||||
return errors.New("not a number or string")
|
||||
}
|
||||
|
||||
i, err = strconv.Atoi(s)
|
||||
if err != nil {
|
||||
return errors.New("not a numeric string")
|
||||
}
|
||||
}
|
||||
|
||||
*a = AccountRolePermissions(i)
|
||||
return nil
|
||||
}
|
||||
|
||||
const (
|
||||
// AccountRolePermissionsNone represents an empty set of permissions.
|
||||
AccountRolePermissionsNone AccountRolePermissions = 0
|
||||
// AccountRolePermissionsAdministrator ignores all permission checks.
|
||||
AccountRolePermissionsAdministrator AccountRolePermissions = 1 << (iota - 1)
|
||||
// AccountRolePermissionsDevops is not used by GotoSocial.
|
||||
AccountRolePermissionsDevops
|
||||
// AccountRolePermissionsViewAuditLog is not used by GotoSocial.
|
||||
AccountRolePermissionsViewAuditLog
|
||||
// AccountRolePermissionsViewDashboard is not used by GotoSocial.
|
||||
AccountRolePermissionsViewDashboard
|
||||
// AccountRolePermissionsManageReports indicates that the user can view and resolve reports.
|
||||
AccountRolePermissionsManageReports
|
||||
// AccountRolePermissionsManageFederation indicates that the user can edit federation allows and blocks.
|
||||
AccountRolePermissionsManageFederation
|
||||
// AccountRolePermissionsManageSettings indicates that the user can edit instance metadata.
|
||||
AccountRolePermissionsManageSettings
|
||||
// AccountRolePermissionsManageBlocks indicates that the user can manage non-federation blocks, currently including HTTP header blocks.
|
||||
AccountRolePermissionsManageBlocks
|
||||
// AccountRolePermissionsManageTaxonomies is not used by GotoSocial.
|
||||
AccountRolePermissionsManageTaxonomies
|
||||
// AccountRolePermissionsManageAppeals is not used by GotoSocial.
|
||||
AccountRolePermissionsManageAppeals
|
||||
// AccountRolePermissionsManageUsers indicates that the user can view user details and perform user moderation actions.
|
||||
AccountRolePermissionsManageUsers
|
||||
// AccountRolePermissionsManageInvites is not used by GotoSocial.
|
||||
AccountRolePermissionsManageInvites
|
||||
// AccountRolePermissionsManageRules indicates that the user can edit instance rules.
|
||||
AccountRolePermissionsManageRules
|
||||
// AccountRolePermissionsManageAnnouncements is not used by GotoSocial.
|
||||
AccountRolePermissionsManageAnnouncements
|
||||
// AccountRolePermissionsManageCustomEmojis indicates that the user can edit custom emoji.
|
||||
AccountRolePermissionsManageCustomEmojis
|
||||
// AccountRolePermissionsManageWebhooks is not used by GotoSocial.
|
||||
AccountRolePermissionsManageWebhooks
|
||||
// AccountRolePermissionsInviteUsers is not used by GotoSocial.
|
||||
AccountRolePermissionsInviteUsers
|
||||
// AccountRolePermissionsManageRoles is not used by GotoSocial.
|
||||
AccountRolePermissionsManageRoles
|
||||
// AccountRolePermissionsManageUserAccess is not used by GotoSocial.
|
||||
AccountRolePermissionsManageUserAccess
|
||||
// AccountRolePermissionsDeleteUserData indicates that the user can permanently delete user data.
|
||||
AccountRolePermissionsDeleteUserData
|
||||
|
||||
// FUTURE: If we decide to assign our own permissions bits,
|
||||
// they should start at the other end of the int to avoid conflicts with future Mastodon permissions.
|
||||
|
||||
// AccountRolePermissionsForAdminRole includes all of the permissions assigned to GotoSocial's built-in administrator role.
|
||||
AccountRolePermissionsForAdminRole = AccountRolePermissionsAdministrator |
|
||||
AccountRolePermissionsManageReports |
|
||||
AccountRolePermissionsManageFederation |
|
||||
AccountRolePermissionsManageSettings |
|
||||
AccountRolePermissionsManageBlocks |
|
||||
AccountRolePermissionsManageUsers |
|
||||
AccountRolePermissionsManageRules |
|
||||
AccountRolePermissionsManageCustomEmojis |
|
||||
AccountRolePermissionsDeleteUserData
|
||||
|
||||
// AccountRolePermissionsForModeratorRole includes all of the permissions assigned to GotoSocial's built-in moderator role.
|
||||
// (Currently, there aren't any.)
|
||||
AccountRolePermissionsForModeratorRole = AccountRolePermissionsNone
|
||||
)
|
||||
|
||||
// AccountNoteRequest models a request to update the private note for an account.
|
||||
//
|
||||
// swagger:ignore
|
||||
|
|
|
@ -100,13 +100,13 @@ func (c *Converter) UserToAPIUser(ctx context.Context, u *gtsmodel.User) *apimod
|
|||
return user
|
||||
}
|
||||
|
||||
// AppToAPIAppSensitive takes a db model application as a param, and returns a populated apitype application, or an error
|
||||
// AccountToAPIAccountSensitive takes a db model application as a param, and returns a populated apitype application, or an error
|
||||
// if something goes wrong. The returned application should be ready to serialize on an API level, and may have sensitive fields
|
||||
// (such as client id and client secret), so serve it only to an authorized user who should have permission to see it.
|
||||
func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) {
|
||||
// We can build this sensitive account model
|
||||
// by first getting the public account, and
|
||||
// then adding the Source object to it.
|
||||
// then adding the Source object and role permissions bitmap to it.
|
||||
apiAccount, err := c.AccountToAPIAccountPublic(ctx, a)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -122,6 +122,13 @@ func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmode
|
|||
}
|
||||
}
|
||||
|
||||
// Populate the account's role permissions bitmap and highlightedness from its public role.
|
||||
if len(apiAccount.Roles) > 0 {
|
||||
apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(&apiAccount.Roles[0])
|
||||
} else {
|
||||
apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil)
|
||||
}
|
||||
|
||||
statusContentType := string(apimodel.StatusContentTypeDefault)
|
||||
if a.Settings.StatusContentType != "" {
|
||||
statusContentType = a.Settings.StatusContentType
|
||||
|
@ -299,7 +306,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
|
|||
|
||||
var (
|
||||
acct string
|
||||
role *apimodel.AccountRole
|
||||
roles []apimodel.AccountDisplayRole
|
||||
enableRSS bool
|
||||
theme string
|
||||
customCSS string
|
||||
|
@ -324,14 +331,8 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
|
|||
if err != nil {
|
||||
return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err)
|
||||
}
|
||||
|
||||
switch {
|
||||
case *user.Admin:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin}
|
||||
case *user.Moderator:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator}
|
||||
default:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser}
|
||||
if role := c.UserToAPIAccountDisplayRole(user); role != nil {
|
||||
roles = append(roles, *role)
|
||||
}
|
||||
|
||||
enableRSS = *a.Settings.EnableRSS
|
||||
|
@ -380,7 +381,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
|
|||
CustomCSS: customCSS,
|
||||
EnableRSS: enableRSS,
|
||||
HideCollections: hideCollections,
|
||||
Role: role,
|
||||
Roles: roles,
|
||||
}
|
||||
|
||||
// Bodge default avatar + header in,
|
||||
|
@ -391,6 +392,56 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
|
|||
return accountFrontend, nil
|
||||
}
|
||||
|
||||
// UserToAPIAccountDisplayRole returns the API representation of a user's display role.
|
||||
// This will accept a nil user but does not always return a value:
|
||||
// the default "user" role is considered uninteresting and not returned.
|
||||
func (c *Converter) UserToAPIAccountDisplayRole(user *gtsmodel.User) *apimodel.AccountDisplayRole {
|
||||
switch {
|
||||
case user == nil:
|
||||
return nil
|
||||
case *user.Admin:
|
||||
return &apimodel.AccountDisplayRole{
|
||||
ID: string(apimodel.AccountRoleAdmin),
|
||||
Name: apimodel.AccountRoleAdmin,
|
||||
}
|
||||
case *user.Moderator:
|
||||
return &apimodel.AccountDisplayRole{
|
||||
ID: string(apimodel.AccountRoleModerator),
|
||||
Name: apimodel.AccountRoleModerator,
|
||||
}
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// APIAccountDisplayRoleToAPIAccountRoleSensitive returns the API representation of a user's role,
|
||||
// with permission bitmap. This will accept a nil display role and always returns a value.
|
||||
func (c *Converter) APIAccountDisplayRoleToAPIAccountRoleSensitive(display *apimodel.AccountDisplayRole) *apimodel.AccountRole {
|
||||
// Default to user role.
|
||||
role := &apimodel.AccountRole{
|
||||
AccountDisplayRole: apimodel.AccountDisplayRole{
|
||||
ID: string(apimodel.AccountRoleUser),
|
||||
Name: apimodel.AccountRoleUser,
|
||||
},
|
||||
Permissions: apimodel.AccountRolePermissionsNone,
|
||||
Highlighted: false,
|
||||
}
|
||||
|
||||
// If there's a display role, use that instead.
|
||||
if display != nil {
|
||||
role.AccountDisplayRole = *display
|
||||
role.Highlighted = true
|
||||
switch display.Name {
|
||||
case apimodel.AccountRoleAdmin:
|
||||
role.Permissions = apimodel.AccountRolePermissionsForAdminRole
|
||||
case apimodel.AccountRoleModerator:
|
||||
role.Permissions = apimodel.AccountRolePermissionsForModeratorRole
|
||||
}
|
||||
}
|
||||
|
||||
return role
|
||||
}
|
||||
|
||||
func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field {
|
||||
fields := make([]apimodel.Field, len(f))
|
||||
|
||||
|
@ -416,8 +467,8 @@ func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field {
|
|||
// when someone wants to view an account they've blocked.
|
||||
func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) {
|
||||
var (
|
||||
acct string
|
||||
role *apimodel.AccountRole
|
||||
acct string
|
||||
roles []apimodel.AccountDisplayRole
|
||||
)
|
||||
|
||||
if a.IsRemote() {
|
||||
|
@ -438,14 +489,8 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.
|
|||
if err != nil {
|
||||
return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err)
|
||||
}
|
||||
|
||||
switch {
|
||||
case *user.Admin:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin}
|
||||
case *user.Moderator:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator}
|
||||
default:
|
||||
role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser}
|
||||
if role := c.UserToAPIAccountDisplayRole(user); role != nil {
|
||||
roles = append(roles, *role)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -464,7 +509,7 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.
|
|||
// Empty array (not nillable).
|
||||
Fields: make([]apimodel.Field, 0),
|
||||
Suspended: !a.SuspendedAt.IsZero(),
|
||||
Role: role,
|
||||
Roles: roles,
|
||||
}
|
||||
|
||||
// Don't show the account's actual
|
||||
|
@ -487,7 +532,7 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
|
|||
inviteRequest *string
|
||||
approved bool
|
||||
disabled bool
|
||||
role = apimodel.AccountRole{Name: apimodel.AccountRoleUser} // assume user by default
|
||||
role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil)
|
||||
createdByApplicationID string
|
||||
)
|
||||
|
||||
|
@ -527,11 +572,9 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
|
|||
inviteRequest = &user.Reason
|
||||
}
|
||||
|
||||
if *user.Admin {
|
||||
role.Name = apimodel.AccountRoleAdmin
|
||||
} else if *user.Moderator {
|
||||
role.Name = apimodel.AccountRoleModerator
|
||||
}
|
||||
role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive(
|
||||
c.UserToAPIAccountDisplayRole(user),
|
||||
)
|
||||
|
||||
confirmed = !user.ConfirmedAt.IsZero()
|
||||
approved = *user.Approved
|
||||
|
|
|
@ -68,10 +68,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontend() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
}`, string(b))
|
||||
}
|
||||
|
||||
|
@ -135,7 +132,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved()
|
|||
},
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"moved": {
|
||||
"id": "01F8MH5NBDF2MV7CTC4Q5128HF",
|
||||
|
@ -169,10 +170,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved()
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
}
|
||||
}`, string(b))
|
||||
}
|
||||
|
@ -222,10 +220,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiStruct()
|
|||
}
|
||||
],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
}`, string(b))
|
||||
}
|
||||
|
||||
|
@ -272,10 +267,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiIDs() {
|
|||
}
|
||||
],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
}`, string(b))
|
||||
}
|
||||
|
||||
|
@ -321,7 +313,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendSensitive() {
|
|||
},
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
}
|
||||
}`, string(b))
|
||||
}
|
||||
|
@ -494,9 +490,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontend() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"media_attachments": [
|
||||
{
|
||||
|
@ -667,9 +667,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredStatusToFrontend() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"media_attachments": [
|
||||
{
|
||||
|
@ -849,10 +853,7 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"media_attachments": [
|
||||
{
|
||||
|
@ -980,9 +981,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"media_attachments": [],
|
||||
"mentions": [],
|
||||
|
@ -1518,9 +1523,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendUnknownLanguage()
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"media_attachments": [
|
||||
{
|
||||
|
@ -1657,10 +1666,7 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendPartialInteraction
|
|||
"last_status_at": "2024-01-10T09:24:00.000Z",
|
||||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"enable_rss": true
|
||||
},
|
||||
"media_attachments": [],
|
||||
"mentions": [],
|
||||
|
@ -1853,9 +1859,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV1ToFrontend() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"max_toot_chars": 5000,
|
||||
"rules": [],
|
||||
|
@ -1989,9 +1999,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"rules": [],
|
||||
|
@ -2158,10 +2172,7 @@ func (suite *InternalToFrontendTestSuite) TestReportToFrontend2() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
}
|
||||
}`, string(b))
|
||||
}
|
||||
|
@ -2194,7 +2205,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -2235,7 +2250,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2274,10 +2293,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -2292,7 +2308,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2321,9 +2341,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -2338,7 +2362,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2367,9 +2395,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() {
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -2407,7 +2439,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2446,10 +2482,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
|
|||
"verified_at": null
|
||||
}
|
||||
],
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
},
|
||||
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
|
||||
},
|
||||
|
@ -2464,7 +2497,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() {
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -2665,7 +2702,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": false,
|
||||
"approved": false,
|
||||
|
@ -2706,7 +2747,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"locale": "",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "user"
|
||||
"id": "user",
|
||||
"name": "user",
|
||||
"color": "",
|
||||
"permissions": "0",
|
||||
"highlighted": false
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2735,10 +2780,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"suspended": true,
|
||||
"hide_collections": true,
|
||||
"role": {
|
||||
"name": "user"
|
||||
}
|
||||
"hide_collections": true
|
||||
}
|
||||
},
|
||||
"assigned_account": {
|
||||
|
@ -2752,7 +2794,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2781,9 +2827,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
@ -2798,7 +2848,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"locale": "en",
|
||||
"invite_request": null,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": "",
|
||||
"permissions": "546033",
|
||||
"highlighted": true
|
||||
},
|
||||
"confirmed": true,
|
||||
"approved": true,
|
||||
|
@ -2827,9 +2881,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca
|
|||
"emojis": [],
|
||||
"fields": [],
|
||||
"enable_rss": true,
|
||||
"role": {
|
||||
"name": "admin"
|
||||
}
|
||||
"roles": [
|
||||
{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"color": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
|
||||
},
|
||||
|
|
|
@ -173,9 +173,11 @@
|
|||
<dt class="sr-only">Username</dt>
|
||||
<dd class="username text-cutoff">@{{- .account.Username -}}@{{- .instance.AccountDomain -}}</dd>
|
||||
</div>
|
||||
{{- if and (.account.Role) (ne .account.Role.Name "user") }}
|
||||
{{- if .account.Roles }}
|
||||
<dt class="sr-only">Role</dt>
|
||||
<dd class="role {{ .account.Role.Name -}}">{{- .account.Role.Name -}}</dd>
|
||||
{{- range .account.Roles }}
|
||||
<dd class="role {{ .Name -}}">{{- .Name -}}</dd>
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
</dl>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue