diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2022-07-05 02:41:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-05 02:41:40 +0200 |
commit | 44b2ee3485ba0845e5910cefcb4b1e2f84f34470 (patch) | |
tree | cc91189c9b36aaf0a04d339455c6d238992753a9 /app/policies | |
parent | 1b4054256f9d3302b44f71627a23bb0902578867 (diff) |
Add customizable user roles (#18641)
* Add customizable user roles
* Various fixes and improvements
* Add migration for old settings and fix tootctl role management
Diffstat (limited to 'app/policies')
30 files changed, 149 insertions, 138 deletions
diff --git a/app/policies/account_moderation_note_policy.rb b/app/policies/account_moderation_note_policy.rb index 885411a5b5a..310ce854ccb 100644 --- a/app/policies/account_moderation_note_policy.rb +++ b/app/policies/account_moderation_note_policy.rb @@ -2,11 +2,11 @@ class AccountModerationNotePolicy < ApplicationPolicy def create? - staff? + role.can?(:manage_reports) end def destroy? - admin? || owner? + owner? || (role.can?(:manage_reports) && role.overrides?(record.account.user_role)) end private diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb index cc23771e7a9..a744af81ded 100644 --- a/app/policies/account_policy.rb +++ b/app/policies/account_policy.rb @@ -2,74 +2,66 @@ class AccountPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_users) end def show? - staff? + role.can?(:manage_users) end def warn? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def suspend? - staff? && !record.user&.staff? && !record.instance_actor? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) && !record.instance_actor? end def destroy? - record.suspended_temporarily? && admin? + record.suspended_temporarily? && role.can?(:delete_user_data) end def unsuspend? - staff? && record.suspension_origin_local? + role.can?(:manage_users) && record.suspension_origin_local? end def sensitive? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def unsensitive? - staff? + role.can?(:manage_users) end def silence? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def unsilence? - staff? + role.can?(:manage_users) end def redownload? - admin? + role.can?(:manage_federation) end def remove_avatar? - staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def remove_header? - staff? - end - - def subscribe? - admin? - end - - def unsubscribe? - admin? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def memorialize? - admin? && !record.user&.admin? && !record.instance_actor? + role.can?(:delete_user_data) && role.overrides?(record.user_role) && !record.instance_actor? end def unblock_email? - staff? + role.can?(:manage_users) end def review? - staff? + role.can?(:manage_taxonomies) end end diff --git a/app/policies/account_warning_policy.rb b/app/policies/account_warning_policy.rb index 65707dfa7cb..4f8df7420e4 100644 --- a/app/policies/account_warning_policy.rb +++ b/app/policies/account_warning_policy.rb @@ -2,7 +2,7 @@ class AccountWarningPolicy < ApplicationPolicy def show? - target? || staff? + target? || role.can?(:manage_appeals) end def appeal? diff --git a/app/policies/account_warning_preset_policy.rb b/app/policies/account_warning_preset_policy.rb index bccbd33efd4..59514e95163 100644 --- a/app/policies/account_warning_preset_policy.rb +++ b/app/policies/account_warning_preset_policy.rb @@ -2,18 +2,18 @@ class AccountWarningPresetPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_settings) end def create? - staff? + role.can?(:manage_settings) end def update? - staff? + role.can?(:manage_settings) end def destroy? - staff? + role.can?(:manage_settings) end end diff --git a/app/policies/announcement_policy.rb b/app/policies/announcement_policy.rb index 0a4e4575ca9..b5dc6a18af0 100644 --- a/app/policies/announcement_policy.rb +++ b/app/policies/announcement_policy.rb @@ -2,18 +2,18 @@ class AnnouncementPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_announcements) end def create? - admin? + role.can?(:manage_announcements) end def update? - admin? + role.can?(:manage_announcements) end def destroy? - admin? + role.can?(:manage_announcements) end end diff --git a/app/policies/appeal_policy.rb b/app/policies/appeal_policy.rb index a25187172a4..7466b334b0f 100644 --- a/app/policies/appeal_policy.rb +++ b/app/policies/appeal_policy.rb @@ -2,12 +2,14 @@ class AppealPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_appeals) end def approve? - record.pending? && staff? + record.pending? && role.can?(:manage_appeals) end - alias reject? approve? + def reject? + record.pending? && role.can?(:manage_appeals) + end end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index d1de5e81a21..163b81e9e65 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -8,8 +8,6 @@ class ApplicationPolicy @record = record end - delegate :admin?, :moderator?, :staff?, to: :current_user, allow_nil: true - private def current_user @@ -19,4 +17,8 @@ class ApplicationPolicy def user_signed_in? !current_user.nil? end + + def role + current_user&.role || UserRole.nobody + end end diff --git a/app/policies/audit_log_policy.rb b/app/policies/audit_log_policy.rb new file mode 100644 index 00000000000..f78aa9a8e01 --- /dev/null +++ b/app/policies/audit_log_policy.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class AuditLogPolicy < ApplicationPolicy + def index? + role.can?(:view_audit_log) + end +end diff --git a/app/policies/custom_emoji_policy.rb b/app/policies/custom_emoji_policy.rb index a8c3cbc7333..18de71c1930 100644 --- a/app/policies/custom_emoji_policy.rb +++ b/app/policies/custom_emoji_policy.rb @@ -2,30 +2,30 @@ class CustomEmojiPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_custom_emojis) end def create? - admin? + role.can?(:manage_custom_emojis) end def update? - admin? + role.can?(:manage_custom_emojis) end def copy? - admin? + role.can?(:manage_custom_emojis) end def enable? - staff? + role.can?(:manage_custom_emojis) end def disable? - staff? + role.can?(:manage_custom_emojis) end def destroy? - admin? + role.can?(:manage_custom_emojis) end end diff --git a/app/policies/dashboard_policy.rb b/app/policies/dashboard_policy.rb new file mode 100644 index 00000000000..3df1c3088b5 --- /dev/null +++ b/app/policies/dashboard_policy.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class DashboardPolicy < ApplicationPolicy + def index? + role.can?(:view_dashboard) + end +end diff --git a/app/policies/delivery_policy.rb b/app/policies/delivery_policy.rb index 24d06c1689f..f6ba2eb1813 100644 --- a/app/policies/delivery_policy.rb +++ b/app/policies/delivery_policy.rb @@ -2,14 +2,14 @@ class DeliveryPolicy < ApplicationPolicy def clear_delivery_errors? - admin? + role.can?(:manage_federation) end def restart_delivery? - admin? + role.can?(:manage_federation) end def stop_delivery? - admin? + role.can?(:manage_federation) end end diff --git a/app/policies/domain_allow_policy.rb b/app/policies/domain_allow_policy.rb index 7a5b5d78081..45c797ecdfc 100644 --- a/app/policies/domain_allow_policy.rb +++ b/app/policies/domain_allow_policy.rb @@ -2,18 +2,18 @@ class DomainAllowPolicy < ApplicationPolicy def index? - admin? + role.can?(:manage_federation) end def show? - admin? + role.can?(:manage_federation) end def create? - admin? + role.can?(:manage_federation) end def destroy? - admin? + role.can?(:manage_federation) end end diff --git a/app/policies/domain_block_policy.rb b/app/policies/domain_block_policy.rb index 543259ccef8..0fea2e03510 100644 --- a/app/policies/domain_block_policy.rb +++ b/app/policies/domain_block_policy.rb @@ -2,22 +2,22 @@ class DomainBlockPolicy < ApplicationPolicy def index? - admin? + role.can?(:manage_federation) end def show? - admin? + role.can?(:manage_federation) end def create? - admin? + role.can?(:manage_federation) end def update? - admin? + role.can?(:manage_federation) end def destroy? - admin? + role.can?(:manage_federation) end end diff --git a/app/policies/email_domain_block_policy.rb b/app/policies/email_domain_block_policy.rb index 5a75ee1838a..1a0ddfa8777 100644 --- a/app/policies/email_domain_block_policy.rb +++ b/app/policies/email_domain_block_policy.rb @@ -2,14 +2,14 @@ class EmailDomainBlockPolicy < ApplicationPolicy def index? - admin? + role.can?(:manage_blocks) end def create? - admin? + role.can?(:manage_blocks) end def destroy? - admin? + role.can?(:manage_blocks) end end diff --git a/app/policies/follow_recommendation_policy.rb b/app/policies/follow_recommendation_policy.rb index 68cd0e547ff..9245733ea81 100644 --- a/app/policies/follow_recommendation_policy.rb +++ b/app/policies/follow_recommendation_policy.rb @@ -2,14 +2,14 @@ class FollowRecommendationPolicy < ApplicationPolicy def show? - staff? + role.can?(:manage_taxonomies) end def suppress? - staff? + role.can?(:manage_taxonomies) end def unsuppress? - staff? + role.can?(:manage_taxonomies) end end diff --git a/app/policies/instance_policy.rb b/app/policies/instance_policy.rb index 801ca162e33..b15e123fef9 100644 --- a/app/policies/instance_policy.rb +++ b/app/policies/instance_policy.rb @@ -2,14 +2,14 @@ class InstancePolicy < ApplicationPolicy def index? - admin? + role.can?(:manage_federation) end def show? - admin? + role.can?(:manage_federation) end def destroy? - admin? + role.can?(:manage_federation) end end diff --git a/app/policies/invite_policy.rb b/app/policies/invite_policy.rb index 14236f78b8c..24eacd08e88 100644 --- a/app/policies/invite_policy.rb +++ b/app/policies/invite_policy.rb @@ -2,19 +2,19 @@ class InvitePolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_invites) end def create? - min_required_role? + role.can?(:invite_users) end def deactivate_all? - admin? + role.can?(:manage_invites) end def destroy? - owner? || (Setting.min_invite_role == 'admin' ? admin? : staff?) + owner? || role.can?(:manage_invites) end private @@ -22,8 +22,4 @@ class InvitePolicy < ApplicationPolicy def owner? record.user_id == current_user&.id end - - def min_required_role? - current_user&.role?(Setting.min_invite_role) - end end diff --git a/app/policies/ip_block_policy.rb b/app/policies/ip_block_policy.rb index 34dbd746a33..1abc97ad8b7 100644 --- a/app/policies/ip_block_policy.rb +++ b/app/policies/ip_block_policy.rb @@ -2,14 +2,14 @@ class IpBlockPolicy < ApplicationPolicy def index? - admin? + role.can?(:manage_blocks) end def create? - admin? + role.can?(:manage_blocks) end def destroy? - admin? + role.can?(:manage_blocks) end end diff --git a/app/policies/preview_card_policy.rb b/app/policies/preview_card_policy.rb index 0410987e46c..a7bb41634d9 100644 --- a/app/policies/preview_card_policy.rb +++ b/app/policies/preview_card_policy.rb @@ -2,10 +2,10 @@ class PreviewCardPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_taxonomies) end def review? - staff? + role.can?(:manage_taxonomies) end end diff --git a/app/policies/preview_card_provider_policy.rb b/app/policies/preview_card_provider_policy.rb index 44d2ad5cfc5..131ccb5ddfb 100644 --- a/app/policies/preview_card_provider_policy.rb +++ b/app/policies/preview_card_provider_policy.rb @@ -2,10 +2,10 @@ class PreviewCardProviderPolicy < ApplicationPolicy def |