diff options
| author | lain <lain@soykaf.club> | 2020-08-28 12:17:19 +0000 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-08-28 12:17:19 +0000 |
| commit | 73dd5bdb7dcdf804bdbabcf632671d4de5042ebc (patch) | |
| tree | efcb0b8e68f86d067de98a23f40a24c7dab79d2f /lib/pleroma/plugs/user_is_admin_plug.ex | |
| parent | f891e2b2f1d1daa122b9856e4b660be394d31e34 (diff) | |
| parent | b141e35d641e733dffe7bd6a45a5bbcafe586c56 (diff) | |
Merge branch 'release/2.1.0' into 'stable'v2.1.0
Release/2.1.0
See merge request pleroma/pleroma!2927
Diffstat (limited to 'lib/pleroma/plugs/user_is_admin_plug.ex')
| -rw-r--r-- | lib/pleroma/plugs/user_is_admin_plug.ex | 25 |
1 files changed, 3 insertions, 22 deletions
diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex index 2748102df..488a61d1d 100644 --- a/lib/pleroma/plugs/user_is_admin_plug.ex +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -7,37 +7,18 @@ defmodule Pleroma.Plugs.UserIsAdminPlug do import Plug.Conn alias Pleroma.User - alias Pleroma.Web.OAuth def init(options) do options end - def call(%{assigns: %{user: %User{is_admin: true}} = assigns} = conn, _) do - token = assigns[:token] - - cond do - not Pleroma.Config.enforce_oauth_admin_scope_usage?() -> - conn - - token && OAuth.Scopes.contains_admin_scopes?(token.scopes) -> - # Note: checking for _any_ admin scope presence, not necessarily fitting requested action. - # Thus, controller must explicitly invoke OAuthScopesPlug to verify scope requirements. - # Admin might opt out of admin scope for some apps to block any admin actions from them. - conn - - true -> - fail(conn) - end + def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _) do + conn end def call(conn, _) do - fail(conn) - end - - defp fail(conn) do conn - |> render_error(:forbidden, "User is not an admin or OAuth admin scope is not granted.") + |> render_error(:forbidden, "User is not an admin.") |> halt() end end |