Add proper error message when accessing followers/followings w/ auth
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
c5e7abe3d4
commit
78e3bcb2f8
@ -274,6 +274,14 @@ defmodule Mobilizon.GraphQL.Resolvers.Admin do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def list_relay_followers(_parent, _args, %{context: %{current_user: %User{}}}) do
|
||||||
|
{:error, :unauthorized}
|
||||||
|
end
|
||||||
|
|
||||||
|
def list_relay_followers(_parent, _args, _resolution) do
|
||||||
|
{:error, :unauthenticated}
|
||||||
|
end
|
||||||
|
|
||||||
def list_relay_followings(
|
def list_relay_followings(
|
||||||
_parent,
|
_parent,
|
||||||
%{page: page, limit: limit},
|
%{page: page, limit: limit},
|
||||||
@ -288,6 +296,14 @@ defmodule Mobilizon.GraphQL.Resolvers.Admin do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def list_relay_followings(_parent, _args, %{context: %{current_user: %User{}}}) do
|
||||||
|
{:error, :unauthorized}
|
||||||
|
end
|
||||||
|
|
||||||
|
def list_relay_followings(_parent, _args, _resolution) do
|
||||||
|
{:error, :unauthenticated}
|
||||||
|
end
|
||||||
|
|
||||||
def create_relay(_parent, %{address: address}, %{context: %{current_user: %User{role: role}}})
|
def create_relay(_parent, %{address: address}, %{context: %{current_user: %User{role: role}}})
|
||||||
when is_admin(role) do
|
when is_admin(role) do
|
||||||
case Relay.follow(address) do
|
case Relay.follow(address) do
|
||||||
|
@ -124,6 +124,90 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "Resolver: Get the list of relay followers" do
|
describe "Resolver: Get the list of relay followers" do
|
||||||
|
@relay_followers_query """
|
||||||
|
{
|
||||||
|
relayFollowers {
|
||||||
|
elements {
|
||||||
|
actor {
|
||||||
|
preferredUsername,
|
||||||
|
domain,
|
||||||
|
},
|
||||||
|
approved
|
||||||
|
},
|
||||||
|
total
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
|
||||||
|
@relay_followings_query """
|
||||||
|
{
|
||||||
|
relayFollowings {
|
||||||
|
elements {
|
||||||
|
targetActor {
|
||||||
|
preferredUsername,
|
||||||
|
domain,
|
||||||
|
},
|
||||||
|
approved
|
||||||
|
},
|
||||||
|
total
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
|
||||||
|
test "test list_relay_followers/3 returns nothing when not logged-in", %{conn: conn} do
|
||||||
|
follower_actor =
|
||||||
|
insert(:actor,
|
||||||
|
domain: "localhost",
|
||||||
|
user: nil,
|
||||||
|
url: "http://localhost:8080/actor",
|
||||||
|
preferred_username: "instance_actor",
|
||||||
|
name: "I am an instance actor"
|
||||||
|
)
|
||||||
|
|
||||||
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
|
insert(:follower, actor: follower_actor, target_actor: relay_actor)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You need to be logged in"
|
||||||
|
assert hd(res["errors"])["status_code"] == 401
|
||||||
|
end
|
||||||
|
|
||||||
|
test "test list_relay_followers/3 returns nothing when not an admin", %{conn: conn} do
|
||||||
|
%User{} = user_moderator = insert(:user, role: :moderator)
|
||||||
|
%User{} = user = insert(:user)
|
||||||
|
|
||||||
|
follower_actor =
|
||||||
|
insert(:actor,
|
||||||
|
domain: "localhost",
|
||||||
|
user: nil,
|
||||||
|
url: "http://localhost:8080/actor",
|
||||||
|
preferred_username: "instance_actor",
|
||||||
|
name: "I am an instance actor"
|
||||||
|
)
|
||||||
|
|
||||||
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
|
insert(:follower, actor: follower_actor, target_actor: relay_actor)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(user_moderator)
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You don't have permission to do this"
|
||||||
|
assert hd(res["errors"])["status_code"] == 403
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(user)
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You don't have permission to do this"
|
||||||
|
assert hd(res["errors"])["status_code"] == 403
|
||||||
|
end
|
||||||
|
|
||||||
test "test list_relay_followers/3 returns relay followers", %{conn: conn} do
|
test "test list_relay_followers/3 returns relay followers", %{conn: conn} do
|
||||||
%User{} = user_admin = insert(:user, role: :administrator)
|
%User{} = user_admin = insert(:user, role: :administrator)
|
||||||
|
|
||||||
@ -139,25 +223,10 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|
|||||||
%Actor{} = relay_actor = Relay.get_actor()
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
insert(:follower, actor: follower_actor, target_actor: relay_actor)
|
insert(:follower, actor: follower_actor, target_actor: relay_actor)
|
||||||
|
|
||||||
query = """
|
|
||||||
{
|
|
||||||
relayFollowers {
|
|
||||||
elements {
|
|
||||||
actor {
|
|
||||||
preferredUsername,
|
|
||||||
domain,
|
|
||||||
},
|
|
||||||
approved
|
|
||||||
},
|
|
||||||
total
|
|
||||||
}
|
|
||||||
}
|
|
||||||
"""
|
|
||||||
|
|
||||||
res =
|
res =
|
||||||
conn
|
conn
|
||||||
|> auth_conn(user_admin)
|
|> auth_conn(user_admin)
|
||||||
|> AbsintheHelpers.graphql_query(query: query)
|
|> AbsintheHelpers.graphql_query(query: @relay_followers_query)
|
||||||
|
|
||||||
assert is_nil(res["errors"])
|
assert is_nil(res["errors"])
|
||||||
|
|
||||||
@ -167,7 +236,63 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "test list_relay_followers/3 returns relay followings", %{conn: conn} do
|
test "test list_relay_followings/3 returns nothing when not logged-in", %{conn: conn} do
|
||||||
|
%Actor{} =
|
||||||
|
following_actor =
|
||||||
|
insert(:actor,
|
||||||
|
domain: "localhost",
|
||||||
|
user: nil,
|
||||||
|
url: "http://localhost:8080/actor",
|
||||||
|
preferred_username: "instance_actor",
|
||||||
|
name: "I am an instance actor"
|
||||||
|
)
|
||||||
|
|
||||||
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
|
insert(:follower, actor: relay_actor, target_actor: following_actor)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You need to be logged in"
|
||||||
|
assert hd(res["errors"])["status_code"] == 401
|
||||||
|
end
|
||||||
|
|
||||||
|
test "test list_relay_followings/3 returns nothing when not an admin", %{conn: conn} do
|
||||||
|
%User{} = user_moderator = insert(:user, role: :moderator)
|
||||||
|
%User{} = user = insert(:user)
|
||||||
|
|
||||||
|
%Actor{} =
|
||||||
|
following_actor =
|
||||||
|
insert(:actor,
|
||||||
|
domain: "localhost",
|
||||||
|
user: nil,
|
||||||
|
url: "http://localhost:8080/actor",
|
||||||
|
preferred_username: "instance_actor",
|
||||||
|
name: "I am an instance actor"
|
||||||
|
)
|
||||||
|
|
||||||
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
|
insert(:follower, actor: relay_actor, target_actor: following_actor)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(user_moderator)
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You don't have permission to do this"
|
||||||
|
assert hd(res["errors"])["status_code"] == 403
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(user)
|
||||||
|
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "You don't have permission to do this"
|
||||||
|
assert hd(res["errors"])["status_code"] == 403
|
||||||
|
end
|
||||||
|
|
||||||
|
test "test list_relay_followings/3 returns relay followings", %{conn: conn} do
|
||||||
%User{} = user_admin = insert(:user, role: :administrator)
|
%User{} = user_admin = insert(:user, role: :administrator)
|
||||||
|
|
||||||
%Actor{
|
%Actor{
|
||||||
@ -186,25 +311,10 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
|
|||||||
%Actor{} = relay_actor = Relay.get_actor()
|
%Actor{} = relay_actor = Relay.get_actor()
|
||||||
insert(:follower, actor: relay_actor, target_actor: following_actor)
|
insert(:follower, actor: relay_actor, target_actor: following_actor)
|
||||||
|
|
||||||
query = """
|
|
||||||
{
|
|
||||||
relayFollowings {
|
|
||||||
elements {
|
|
||||||
targetActor {
|
|
||||||
preferredUsername,
|
|
||||||
domain,
|
|
||||||
},
|
|
||||||
approved
|
|
||||||
},
|
|
||||||
total
|
|
||||||
}
|
|
||||||
}
|
|
||||||
"""
|
|
||||||
|
|
||||||
res =
|
res =
|
||||||
conn
|
conn
|
||||||
|> auth_conn(user_admin)
|
|> auth_conn(user_admin)
|
||||||
|> AbsintheHelpers.graphql_query(query: query)
|
|> AbsintheHelpers.graphql_query(query: @relay_followings_query)
|
||||||
|
|
||||||
assert is_nil(res["errors"])
|
assert is_nil(res["errors"])
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user