sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Role (#9437)

Browse Source 
* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update create.ts

* wip

* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update CHANGELOG.md

* wip

* wip

* Update delete.ts

* Update delete.ts

* wip

* wip

* wip

* Update account-info.vue

* wip

* wip

* Update settings.vue

* Update user-info.vue

* wip

* Update show-file.ts

* Update show-user.ts

* wip

* wip

* Update delete.ts

* wip

* wip

* Update overview.moderators.vue

* Create 1673500412259-Role.js

* wip

* wip

* Update roles.vue

* 色

* Update roles.vue

* integrate silence

* wip

* wip
This commit is contained in:
syuilo
2023-01-12 21:02:26 +09:00
committed by GitHub
parent 60e545b2fd
commit 2470afaa2e
89 changed files with 2001 additions and 612 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
packages/backend/src/server/api/ApiCallService.ts
View File

@@ -12,6 +12,7 @@ import type { UserIpsRepository } from '@/models/index.js';
import { MetaService } from '@/core/MetaService.js';
import { createTemp } from '@/misc/create-temp.js';
import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from './error.js';
import { RateLimiterService } from './RateLimiterService.js';
import { ApiLoggerService } from './ApiLoggerService.js';
@@ -41,6 +42,7 @@ export class ApiCallService implements OnApplicationShutdown {
private metaService: MetaService,
private authenticateService: AuthenticateService,
private rateLimiterService: RateLimiterService,
private roleService: RoleService,
private apiLoggerService: ApiLoggerService,
) {
this.logger = this.apiLoggerService.logger;
@@ -202,7 +204,6 @@ export class ApiCallService implements OnApplicationShutdown {
request: FastifyRequest<{ Body: Record<string, unknown> | undefined, Querystring: Record<string, unknown> }>,
) {
const isSecure = user != null && token == null;
const isModerator = user != null && (user.isModerator || user.isAdmin);
if (ep.meta.secure && !isSecure) {
throw new ApiError(accessDenied);
@@ -234,30 +235,40 @@ export class ApiCallService implements OnApplicationShutdown {
});
}
if (ep.meta.requireCredential && user == null) {
throw new ApiError({
message: 'Credential required.',
code: 'CREDENTIAL_REQUIRED',
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
httpStatusCode: 401,
});
if (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin) {
if (user == null) {
throw new ApiError({
message: 'Credential required.',
code: 'CREDENTIAL_REQUIRED',
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
httpStatusCode: 401,
});
} else if (user!.isSuspended) {
throw new ApiError({
message: 'Your account has been suspended.',
code: 'YOUR_ACCOUNT_SUSPENDED',
id: 'a8c724b3-6e9c-4b46-b1a8-bc3ed6258370',
httpStatusCode: 403,
});
}
}
if (ep.meta.requireCredential && user!.isSuspended) {
throw new ApiError({
message: 'Your account has been suspended.',
code: 'YOUR_ACCOUNT_SUSPENDED',
id: 'a8c724b3-6e9c-4b46-b1a8-bc3ed6258370',
httpStatusCode: 403,
});
}
if (ep.meta.requireAdmin && !user!.isAdmin) {
throw new ApiError(accessDenied, { reason: 'You are not the admin.' });
}
if (ep.meta.requireModerator && !isModerator) {
throw new ApiError(accessDenied, { reason: 'You are not a moderator.' });
if ((ep.meta.requireModerator || ep.meta.requireAdmin) && !user!.isRoot) {
const myRoles = await this.roleService.getUserRoles(user!.id);
if (ep.meta.requireModerator && !myRoles.some(r => r.isModerator || r.isAdministrator)) {
throw new ApiError({
message: 'You are not assigned to a moderator role.',
code: 'ROLE_PERMISSION_DENIED',
id: 'd33d5333-db36-423d-a8f9-1a2b9549da41',
});
}
if (ep.meta.requireAdmin && !myRoles.some(r => r.isAdministrator)) {
throw new ApiError({
message: 'You are not assigned to an administrator role.',
code: 'ROLE_PERMISSION_DENIED',
id: 'c3d38592-54c0-429d-be96-5636b0431a61',
});
}
}
if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) {

52
packages/backend/src/server/api/EndpointsModule.ts
View File

@@ -38,8 +38,6 @@ import * as ep___admin_getIndexStats from './endpoints/admin/get-index-stats.js'
import * as ep___admin_getTableStats from './endpoints/admin/get-table-stats.js';
import * as ep___admin_getUserIps from './endpoints/admin/get-user-ips.js';
import * as ep___admin_invite from './endpoints/admin/invite.js';
import * as ep___admin_moderators_add from './endpoints/admin/moderators/add.js';
import * as ep___admin_moderators_remove from './endpoints/admin/moderators/remove.js';
import * as ep___admin_promo_create from './endpoints/admin/promo/create.js';
import * as ep___admin_queue_clear from './endpoints/admin/queue/clear.js';
import * as ep___admin_queue_deliverDelayed from './endpoints/admin/queue/deliver-delayed.js';
@@ -55,13 +53,19 @@ import * as ep___admin_serverInfo from './endpoints/admin/server-info.js';
import * as ep___admin_showModerationLogs from './endpoints/admin/show-moderation-logs.js';
import * as ep___admin_showUser from './endpoints/admin/show-user.js';
import * as ep___admin_showUsers from './endpoints/admin/show-users.js';
import * as ep___admin_silenceUser from './endpoints/admin/silence-user.js';
import * as ep___admin_suspendUser from './endpoints/admin/suspend-user.js';
import * as ep___admin_unsilenceUser from './endpoints/admin/unsilence-user.js';
import * as ep___admin_unsuspendUser from './endpoints/admin/unsuspend-user.js';
import * as ep___admin_updateMeta from './endpoints/admin/update-meta.js';
import * as ep___admin_deleteAccount from './endpoints/admin/delete-account.js';
import * as ep___admin_updateUserNote from './endpoints/admin/update-user-note.js';
import * as ep___admin_roles_create from './endpoints/admin/roles/create.js';
import * as ep___admin_roles_delete from './endpoints/admin/roles/delete.js';
import * as ep___admin_roles_list from './endpoints/admin/roles/list.js';
import * as ep___admin_roles_show from './endpoints/admin/roles/show.js';
import * as ep___admin_roles_update from './endpoints/admin/roles/update.js';
import * as ep___admin_roles_assign from './endpoints/admin/roles/assign.js';
import * as ep___admin_roles_unassign from './endpoints/admin/roles/unassign.js';
import * as ep___admin_roles_updateDefaultRoleOverride from './endpoints/admin/roles/update-default-role-override.js';
import * as ep___announcements from './endpoints/announcements.js';
import * as ep___antennas_create from './endpoints/antennas/create.js';
import * as ep___antennas_delete from './endpoints/antennas/delete.js';
@@ -326,7 +330,6 @@ import * as ep___users_search from './endpoints/users/search.js';
import * as ep___users_show from './endpoints/users/show.js';
import * as ep___users_stats from './endpoints/users/stats.js';
import * as ep___fetchRss from './endpoints/fetch-rss.js';
import * as ep___admin_driveCapOverride from './endpoints/admin/drive-capacity-override.js';
import * as ep___retention from './endpoints/retention.js';
import { GetterService } from './GetterService.js';
import { ApiLoggerService } from './ApiLoggerService.js';
@@ -369,8 +372,6 @@ const $admin_getIndexStats: Provider = { provide: 'ep:admin/get-index-stats', us
const $admin_getTableStats: Provider = { provide: 'ep:admin/get-table-stats', useClass: ep___admin_getTableStats.default };
const $admin_getUserIps: Provider = { provide: 'ep:admin/get-user-ips', useClass: ep___admin_getUserIps.default };
const $admin_invite: Provider = { provide: 'ep:admin/invite', useClass: ep___admin_invite.default };
const $admin_moderators_add: Provider = { provide: 'ep:admin/moderators/add', useClass: ep___admin_moderators_add.default };
const $admin_moderators_remove: Provider = { provide: 'ep:admin/moderators/remove', useClass: ep___admin_moderators_remove.default };
const $admin_promo_create: Provider = { provide: 'ep:admin/promo/create', useClass: ep___admin_promo_create.default };
const $admin_queue_clear: Provider = { provide: 'ep:admin/queue/clear', useClass: ep___admin_queue_clear.default };
const $admin_queue_deliverDelayed: Provider = { provide: 'ep:admin/queue/deliver-delayed', useClass: ep___admin_queue_deliverDelayed.default };
@@ -386,13 +387,19 @@ const $admin_serverInfo: Provider = { provide: 'ep:admin/server-info', useClass:
const $admin_showModerationLogs: Provider = { provide: 'ep:admin/show-moderation-logs', useClass: ep___admin_showModerationLogs.default };
const $admin_showUser: Provider = { provide: 'ep:admin/show-user', useClass: ep___admin_showUser.default };
const $admin_showUsers: Provider = { provide: 'ep:admin/show-users', useClass: ep___admin_showUsers.default };
const $admin_silenceUser: Provider = { provide: 'ep:admin/silence-user', useClass: ep___admin_silenceUser.default };
const $admin_suspendUser: Provider = { provide: 'ep:admin/suspend-user', useClass: ep___admin_suspendUser.default };
const $admin_unsilenceUser: Provider = { provide: 'ep:admin/unsilence-user', useClass: ep___admin_unsilenceUser.default };
const $admin_unsuspendUser: Provider = { provide: 'ep:admin/unsuspend-user', useClass: ep___admin_unsuspendUser.default };
const $admin_updateMeta: Provider = { provide: 'ep:admin/update-meta', useClass: ep___admin_updateMeta.default };
const $admin_deleteAccount: Provider = { provide: 'ep:admin/delete-account', useClass: ep___admin_deleteAccount.default };
const $admin_updateUserNote: Provider = { provide: 'ep:admin/update-user-note', useClass: ep___admin_updateUserNote.default };
const $admin_roles_create: Provider = { provide: 'ep:admin/roles/create', useClass: ep___admin_roles_create.default };
const $admin_roles_delete: Provider = { provide: 'ep:admin/roles/delete', useClass: ep___admin_roles_delete.default };
const $admin_roles_list: Provider = { provide: 'ep:admin/roles/list', useClass: ep___admin_roles_list.default };
const $admin_roles_show: Provider = { provide: 'ep:admin/roles/show', useClass: ep___admin_roles_show.default };
const $admin_roles_update: Provider = { provide: 'ep:admin/roles/update', useClass: ep___admin_roles_update.default };
const $admin_roles_assign: Provider = { provide: 'ep:admin/roles/assign', useClass: ep___admin_roles_assign.default };
const $admin_roles_unassign: Provider = { provide: 'ep:admin/roles/unassign', useClass: ep___admin_roles_unassign.default };
const $admin_roles_updateDefaultRoleOverride: Provider = { provide: 'ep:admin/roles/update-default-role-override', useClass: ep___admin_roles_updateDefaultRoleOverride.default };
const $announcements: Provider = { provide: 'ep:announcements', useClass: ep___announcements.default };
const $antennas_create: Provider = { provide: 'ep:antennas/create', useClass: ep___antennas_create.default };
const $antennas_delete: Provider = { provide: 'ep:antennas/delete', useClass: ep___antennas_delete.default };
@@ -656,7 +663,6 @@ const $users_searchByUsernameAndHost: Provider = { provide: 'ep:users/search-by-
const $users_search: Provider = { provide: 'ep:users/search', useClass: ep___users_search.default };
const $users_show: Provider = { provide: 'ep:users/show', useClass: ep___users_show.default };
const $users_stats: Provider = { provide: 'ep:users/stats', useClass: ep___users_stats.default };
const $admin_driveCapOverride: Provider = { provide: 'ep:admin/drive-capacity-override', useClass: ep___admin_driveCapOverride.default };
const $fetchRss: Provider = { provide: 'ep:fetch-rss', useClass: ep___fetchRss.default };
const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention.default };
@@ -704,8 +710,6 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$admin_getTableStats,
$admin_getUserIps,
$admin_invite,
$admin_moderators_add,
$admin_moderators_remove,
$admin_promo_create,
$admin_queue_clear,
$admin_queue_deliverDelayed,
@@ -721,13 +725,19 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$admin_showModerationLogs,
$admin_showUser,
$admin_showUsers,
$admin_silenceUser,
$admin_suspendUser,
$admin_unsilenceUser,
$admin_unsuspendUser,
$admin_updateMeta,
$admin_deleteAccount,
$admin_updateUserNote,
$admin_roles_create,
$admin_roles_delete,
$admin_roles_list,
$admin_roles_show,
$admin_roles_update,
$admin_roles_assign,
$admin_roles_unassign,
$admin_roles_updateDefaultRoleOverride,
$announcements,
$antennas_create,
$antennas_delete,
@@ -991,7 +1001,6 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$users_search,
$users_show,
$users_stats,
$admin_driveCapOverride,
$fetchRss,
$retention,
],
@@ -1033,8 +1042,6 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$admin_getTableStats,
$admin_getUserIps,
$admin_invite,
$admin_moderators_add,
$admin_moderators_remove,
$admin_promo_create,
$admin_queue_clear,
$admin_queue_deliverDelayed,
@@ -1050,13 +1057,19 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$admin_showModerationLogs,
$admin_showUser,
$admin_showUsers,
$admin_silenceUser,
$admin_suspendUser,
$admin_unsilenceUser,
$admin_unsuspendUser,
$admin_updateMeta,
$admin_deleteAccount,
$admin_updateUserNote,
$admin_roles_create,
$admin_roles_delete,
$admin_roles_list,
$admin_roles_show,
$admin_roles_update,
$admin_roles_assign,
$admin_roles_unassign,
$admin_roles_updateDefaultRoleOverride,
$announcements,
$antennas_create,
$antennas_delete,
@@ -1318,7 +1331,6 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
$users_search,
$users_show,
$users_stats,
$admin_driveCapOverride,
$fetchRss,
$retention,
],

38
packages/backend/src/server/api/endpoints.ts
View File

@@ -37,8 +37,6 @@ import * as ep___admin_getIndexStats from './endpoints/admin/get-index-stats.js'
import * as ep___admin_getTableStats from './endpoints/admin/get-table-stats.js';
import * as ep___admin_getUserIps from './endpoints/admin/get-user-ips.js';
import * as ep___admin_invite from './endpoints/admin/invite.js';
import * as ep___admin_moderators_add from './endpoints/admin/moderators/add.js';
import * as ep___admin_moderators_remove from './endpoints/admin/moderators/remove.js';
import * as ep___admin_promo_create from './endpoints/admin/promo/create.js';
import * as ep___admin_queue_clear from './endpoints/admin/queue/clear.js';
import * as ep___admin_queue_deliverDelayed from './endpoints/admin/queue/deliver-delayed.js';
@@ -54,13 +52,19 @@ import * as ep___admin_serverInfo from './endpoints/admin/server-info.js';
import * as ep___admin_showModerationLogs from './endpoints/admin/show-moderation-logs.js';
import * as ep___admin_showUser from './endpoints/admin/show-user.js';
import * as ep___admin_showUsers from './endpoints/admin/show-users.js';
import * as ep___admin_silenceUser from './endpoints/admin/silence-user.js';
import * as ep___admin_suspendUser from './endpoints/admin/suspend-user.js';
import * as ep___admin_unsilenceUser from './endpoints/admin/unsilence-user.js';
import * as ep___admin_unsuspendUser from './endpoints/admin/unsuspend-user.js';
import * as ep___admin_updateMeta from './endpoints/admin/update-meta.js';
import * as ep___admin_deleteAccount from './endpoints/admin/delete-account.js';
import * as ep___admin_updateUserNote from './endpoints/admin/update-user-note.js';
import * as ep___admin_roles_create from './endpoints/admin/roles/create.js';
import * as ep___admin_roles_delete from './endpoints/admin/roles/delete.js';
import * as ep___admin_roles_list from './endpoints/admin/roles/list.js';
import * as ep___admin_roles_show from './endpoints/admin/roles/show.js';
import * as ep___admin_roles_update from './endpoints/admin/roles/update.js';
import * as ep___admin_roles_assign from './endpoints/admin/roles/assign.js';
import * as ep___admin_roles_unassign from './endpoints/admin/roles/unassign.js';
import * as ep___admin_roles_updateDefaultRoleOverride from './endpoints/admin/roles/update-default-role-override.js';
import * as ep___announcements from './endpoints/announcements.js';
import * as ep___antennas_create from './endpoints/antennas/create.js';
import * as ep___antennas_delete from './endpoints/antennas/delete.js';
@@ -325,7 +329,6 @@ import * as ep___users_search from './endpoints/users/search.js';
import * as ep___users_show from './endpoints/users/show.js';
import * as ep___users_stats from './endpoints/users/stats.js';
import * as ep___fetchRss from './endpoints/fetch-rss.js';
import * as ep___admin_driveCapOverride from './endpoints/admin/drive-capacity-override.js';
import * as ep___retention from './endpoints/retention.js';
const eps = [
@@ -366,8 +369,6 @@ const eps = [
['admin/get-table-stats', ep___admin_getTableStats],
['admin/get-user-ips', ep___admin_getUserIps],
['admin/invite', ep___admin_invite],
['admin/moderators/add', ep___admin_moderators_add],
['admin/moderators/remove', ep___admin_moderators_remove],
['admin/promo/create', ep___admin_promo_create],
['admin/queue/clear', ep___admin_queue_clear],
['admin/queue/deliver-delayed', ep___admin_queue_deliverDelayed],
@@ -383,13 +384,19 @@ const eps = [
['admin/show-moderation-logs', ep___admin_showModerationLogs],
['admin/show-user', ep___admin_showUser],
['admin/show-users', ep___admin_showUsers],
['admin/silence-user', ep___admin_silenceUser],
['admin/suspend-user', ep___admin_suspendUser],
['admin/unsilence-user', ep___admin_unsilenceUser],
['admin/unsuspend-user', ep___admin_unsuspendUser],
['admin/update-meta', ep___admin_updateMeta],
['admin/delete-account', ep___admin_deleteAccount],
['admin/update-user-note', ep___admin_updateUserNote],
['admin/roles/create', ep___admin_roles_create],
['admin/roles/delete', ep___admin_roles_delete],
['admin/roles/list', ep___admin_roles_list],
['admin/roles/show', ep___admin_roles_show],
['admin/roles/update', ep___admin_roles_update],
['admin/roles/assign', ep___admin_roles_assign],
['admin/roles/unassign', ep___admin_roles_unassign],
['admin/roles/update-default-role-override', ep___admin_roles_updateDefaultRoleOverride],
['announcements', ep___announcements],
['antennas/create', ep___antennas_create],
['antennas/delete', ep___antennas_delete],
@@ -653,7 +660,6 @@ const eps = [
['users/search', ep___users_search],
['users/show', ep___users_show],
['users/stats', ep___users_stats],
['admin/drive-capacity-override', ep___admin_driveCapOverride],
['fetch-rss', ep___fetchRss],
['retention', ep___retention],
];
@@ -680,15 +686,15 @@ export interface IEndpointMeta {
readonly requireCredential?: boolean;
/**
* 管理者のみ使えるエンドポイントか否
*/
readonly requireAdmin?: boolean;
/**
* 管理者またはモデレーターのみ使えるエンドポイントか否か
* isModeratorなロールを必要とする
*/
readonly requireModerator?: boolean;
/**
* isAdministratorなロールを必要とするか
*/
readonly requireAdmin?: boolean;
/**
* エンドポイントのリミテーションに関するやつ
* 省略した場合はリミテーションは無いものとして解釈されます。

2
packages/backend/src/server/api/endpoints/admin/accounts/create.ts
View File

@@ -47,7 +47,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const noUsers = (await this.usersRepository.countBy({
host: IsNull(),
})) === 0;
if (!noUsers && !me?.isAdmin) throw new Error('access denied');
if (!noUsers && !me?.isRoot) throw new Error('access denied');
const { account, secret } = await this.signupService.signup({
username: ps.username,

10
packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
View File

@@ -11,7 +11,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
requireAdmin: true,
} as const;
export const paramDef = {
@@ -41,12 +41,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new Error('user not found');
}
if (user.isAdmin) {
throw new Error('cannot suspend admin');
}
if (user.isModerator) {
throw new Error('cannot suspend moderator');
if (user.isRoot) {
throw new Error('cannot delete a root account');
}
if (this.userEntityService.isLocalUser(user)) {

2
packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
View File

@@ -8,7 +8,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
requireAdmin: true,
} as const;
export const paramDef = {

61
packages/backend/src/server/api/endpoints/admin/drive-capacity-override.ts
View File

@@ -1,61 +0,0 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/index.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { DI } from '@/di-symbols.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
userId: { type: 'string', format: 'misskey:id' },
overrideMb: { type: 'number', nullable: true },
},
required: ['userId', 'overrideMb'],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private userEntityService: UserEntityService,
private moderationLogService: ModerationLogService,
) {
super(meta, paramDef, async (ps, me) => {
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new Error('user not found');
}
if (!this.userEntityService.isLocalUser(user)) {
throw new Error('user is not local user');
}
/*if (user.isAdmin) {
throw new Error('cannot suspend admin');
}
if (user.isModerator) {
throw new Error('cannot suspend moderator');
}*/
await this.usersRepository.update(user.id, {
driveCapacityOverrideMb: ps.overrideMb,
});
this.moderationLogService.insertModerationLog(me, 'change-drive-capacity-override', {
targetId: user.id,
});
});
}
}

9
packages/backend/src/server/api/endpoints/admin/drive/show-file.ts
View File

@@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
import type { DriveFilesRepository } from '@/models/index.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../../error.js';
export const meta = {
@@ -159,6 +160,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.driveFilesRepository)
private driveFilesRepository: DriveFilesRepository,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
const file = ps.fileId ? await this.driveFilesRepository.findOneBy({ id: ps.fileId }) : await this.driveFilesRepository.findOne({
@@ -175,6 +178,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.noSuchFile);
}
const isModerator = await this.roleService.isModerator(me);
return {
id: file.id,
userId: file.userId,
@@ -202,8 +207,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
name: file.name,
md5: file.md5,
createdAt: file.createdAt.toISOString(),
requestIp: me.isAdmin ? file.requestIp : null,
requestHeaders: me.isAdmin ? file.requestHeaders : null,
requestIp: isModerator ? file.requestIp : null,
requestHeaders: isModerator ? file.requestHeaders : null,
};
});
}

2
packages/backend/src/server/api/endpoints/admin/get-index-stats.ts
View File

@@ -5,7 +5,7 @@ import { DI } from '@/di-symbols.js';
export const meta = {
requireCredential: true,
requireModerator: true,
requireAdmin: true,
tags: ['admin'],
} as const;

2
packages/backend/src/server/api/endpoints/admin/get-table-stats.ts
View File

@@ -5,7 +5,7 @@ import { DI } from '@/di-symbols.js';
export const meta = {
requireCredential: true,
requireModerator: true,
requireAdmin: true,
tags: ['admin'],

2
packages/backend/src/server/api/endpoints/admin/get-user-ips.ts
View File

@@ -7,7 +7,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireAdmin: true,
requireModerator: true,
} as const;
export const paramDef = {

9
packages/backend/src/server/api/endpoints/admin/meta.ts
View File

@@ -4,6 +4,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import { MetaService } from '@/core/MetaService.js';
import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
import { DEFAULT_ROLE } from '@/core/RoleService.js';
export const meta = {
tags: ['meta'],
@@ -15,10 +16,6 @@ export const meta = {
type: 'object',
optional: false, nullable: false,
properties: {
driveCapacityPerLocalUserMb: {
type: 'number',
optional: false, nullable: false,
},
driveCapacityPerRemoteUserMb: {
type: 'number',
optional: false, nullable: false,
@@ -377,9 +374,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
repositoryUrl: instance.repositoryUrl,
feedbackUrl: instance.feedbackUrl,
disableRegistration: instance.disableRegistration,
disableLocalTimeline: instance.disableLocalTimeline,
disableGlobalTimeline: instance.disableGlobalTimeline,
driveCapacityPerLocalUserMb: instance.localDriveCapacityMb,
driveCapacityPerRemoteUserMb: instance.remoteDriveCapacityMb,
emailRequiredForSignup: instance.emailRequiredForSignup,
enableHcaptcha: instance.enableHcaptcha,
@@ -451,6 +445,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
deeplIsPro: instance.deeplIsPro,
enableIpLogging: instance.enableIpLogging,
enableActiveEmailValidation: instance.enableActiveEmailValidation,
baseRole: { ...DEFAULT_ROLE, ...instance.defaultRoleOverride },
};
});
}

49
packages/backend/src/server/api/endpoints/admin/moderators/add.ts
View File

@@ -1,49 +0,0 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireAdmin: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
userId: { type: 'string', format: 'misskey:id' },
},
required: ['userId'],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps) => {
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new Error('user not found');
}
if (user.isAdmin) {
throw new Error('cannot mark as moderator if admin user');
}
await this.usersRepository.update(user.id, {
isModerator: true,
});
this.globalEventService.publishInternalEvent('userChangeModeratorState', { id: user.id, isModerator: true });
});
}
}

4
packages/backend/src/server/api/endpoints/admin/reset-password.ts
View File

@@ -50,8 +50,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new Error('user not found');
}
if (user.isAdmin) {
throw new Error('cannot reset password of admin');
if (user.isRoot) {
throw new Error('cannot reset password of root');
}
const passwd = rndstr('a-zA-Z0-9', 8);

96
packages/backend/src/server/api/endpoints/admin/roles/assign.ts Normal file
View File

@@ -0,0 +1,96 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RoleAssignmentsRepository, RolesRepository, UsersRepository } from '@/models/index.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { IdService } from '@/core/IdService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireModerator: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: '6503c040-6af4-4ed9-bf07-f2dd16678eab',
},
noSuchUser: {
message: 'No such user.',
code: 'NO_SUCH_USER',
id: '558ea170-f653-4700-94d0-5a818371d0df',
},
accessDenied: {
message: 'Only administrators can edit members of the role.',
code: 'ACCESS_DENIED',
id: '25b5bc31-dc79-4ebd-9bd2-c84978fd052c',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
userId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
'userId',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
@Inject(DI.roleAssignmentsRepository)
private roleAssignmentsRepository: RoleAssignmentsRepository,
private globalEventService: GlobalEventService,
private roleService: RoleService,
private idService: IdService,
) {
super(meta, paramDef, async (ps, me) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
throw new ApiError(meta.errors.accessDenied);
}
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new ApiError(meta.errors.noSuchUser);
}
const date = new Date();
const created = await this.roleAssignmentsRepository.insert({
id: this.idService.genId(),
createdAt: date,
roleId: role.id,
userId: user.id,
}).then(x => this.roleAssignmentsRepository.findOneByOrFail(x.identifiers[0]));
this.rolesRepository.update(ps.roleId, {
lastUsedAt: new Date(),
});
this.globalEventService.publishInternalEvent('userRoleAssigned', created);
});
}
}

75
packages/backend/src/server/api/endpoints/admin/roles/create.ts Normal file
View File

@@ -0,0 +1,75 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RolesRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { IdService } from '@/core/IdService.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireAdmin: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
name: { type: 'string' },
description: { type: 'string' },
color: { type: 'string', nullable: true },
isPublic: { type: 'boolean' },
isModerator: { type: 'boolean' },
isAdministrator: { type: 'boolean' },
canEditMembersByModerator: { type: 'boolean' },
options: {
type: 'object',
},
},
required: [
'name',
'description',
'color',
'isPublic',
'isModerator',
'isAdministrator',
'canEditMembersByModerator',
'options',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private globalEventService: GlobalEventService,
private idService: IdService,
private roleEntityService: RoleEntityService,
) {
super(meta, paramDef, async (ps, me) => {
const date = new Date();
const created = await this.rolesRepository.insert({
id: this.idService.genId(),
createdAt: date,
updatedAt: date,
lastUsedAt: date,
name: ps.name,
description: ps.description,
color: ps.color,
isPublic: ps.isPublic,
isAdministrator: ps.isAdministrator,
isModerator: ps.isModerator,
canEditMembersByModerator: ps.canEditMembersByModerator,
options: ps.options,
}).then(x => this.rolesRepository.findOneByOrFail(x.identifiers[0]));
this.globalEventService.publishInternalEvent('roleCreated', created);
return await this.roleEntityService.pack(created, me);
});
}
}

53
packages/backend/src/server/api/endpoints/admin/roles/delete.ts Normal file
View File

@@ -0,0 +1,53 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RolesRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireAdmin: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: 'de0d6ecd-8e0a-4253-88ff-74bc89ae3d45',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
await this.rolesRepository.delete({
id: ps.roleId,
});
this.globalEventService.publishInternalEvent('roleDeleted', role);
});
}
}

39
packages/backend/src/server/api/endpoints/admin/roles/list.ts Normal file
View File

@@ -0,0 +1,39 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RolesRepository } from '@/models/index.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireModerator: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
},
required: [
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private roleEntityService: RoleEntityService,
) {
super(meta, paramDef, async (ps, me) => {
const roles = await this.rolesRepository.find({
order: { lastUsedAt: 'DESC' },
});
return await this.roleEntityService.packMany(roles, me, { detail: false });
});
}
}

50
packages/backend/src/server/api/endpoints/admin/roles/show.ts Normal file
View File

@@ -0,0 +1,50 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RolesRepository } from '@/models/index.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireModerator: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: '07dc7d34-c0d8-49b7-96c6-db3ce64ee0b3',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private roleEntityService: RoleEntityService,
) {
super(meta, paramDef, async (ps) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
return await this.roleEntityService.pack(role);
});
}
}

101
packages/backend/src/server/api/endpoints/admin/roles/unassign.ts Normal file
View File

@@ -0,0 +1,101 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RoleAssignmentsRepository, RolesRepository, UsersRepository } from '@/models/index.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { IdService } from '@/core/IdService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireModerator: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: '6e519036-a70d-4c76-b679-bc8fb18194e2',
},
noSuchUser: {
message: 'No such user.',
code: 'NO_SUCH_USER',
id: '2b730f78-1179-461b-88ad-d24c9af1a5ce',
},
notAssigned: {
message: 'Not assigned.',
code: 'NOT_ASSIGNED',
id: 'b9060ac7-5c94-4da4-9f55-2047c953df44',
},
accessDenied: {
message: 'Only administrators can edit members of the role.',
code: 'ACCESS_DENIED',
id: '24636eee-e8c1-493e-94b2-e16ad401e262',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
userId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
'userId',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
@Inject(DI.roleAssignmentsRepository)
private roleAssignmentsRepository: RoleAssignmentsRepository,
private globalEventService: GlobalEventService,
private roleService: RoleService,
private idService: IdService,
) {
super(meta, paramDef, async (ps, me) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
throw new ApiError(meta.errors.accessDenied);
}
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new ApiError(meta.errors.noSuchUser);
}
const roleAssignment = await this.roleAssignmentsRepository.findOneBy({ userId: user.id, roleId: role.id });
if (roleAssignment == null) {
throw new ApiError(meta.errors.notAssigned);
}
await this.roleAssignmentsRepository.delete(roleAssignment.id);
this.rolesRepository.update(ps.roleId, {
lastUsedAt: new Date(),
});
this.globalEventService.publishInternalEvent('userRoleUnassigned', roleAssignment);
});
}
}

31
packages/backend/src/server/api/endpoints/admin/moderators/remove.ts → packages/backend/src/server/api/endpoints/admin/roles/update-default-role-override.ts
View File

@@ -1,11 +1,13 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/index.js';
import type { RolesRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { MetaService } from '@/core/MetaService.js';
export const meta = {
tags: ['admin'],
tags: ['admin', 'role'],
requireCredential: true,
requireAdmin: true,
@@ -14,32 +16,27 @@ export const meta = {
export const paramDef = {
type: 'object',
properties: {
userId: { type: 'string', format: 'misskey:id' },
options: {
type: 'object',
},
},
required: ['userId'],
required: [
'options',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private metaService: MetaService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps) => {
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new Error('user not found');
}
await this.usersRepository.update(user.id, {
isModerator: false,
await this.metaService.update({
defaultRoleOverride: ps.options,
});
this.globalEventService.publishInternalEvent('userChangeModeratorState', { id: user.id, isModerator: false });
this.globalEventService.publishInternalEvent('defaultRoleOverrideUpdated', ps.options);
});
}
}

82
packages/backend/src/server/api/endpoints/admin/roles/update.ts Normal file
View File

@@ -0,0 +1,82 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RolesRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireAdmin: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: 'cd23ef55-09ad-428a-ac61-95a45e124b32',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
name: { type: 'string' },
description: { type: 'string' },
color: { type: 'string', nullable: true },
isPublic: { type: 'boolean' },
isModerator: { type: 'boolean' },
isAdministrator: { type: 'boolean' },
canEditMembersByModerator: { type: 'boolean' },
options: {
type: 'object',
},
},
required: [
'roleId',
'name',
'description',
'color',
'isPublic',
'isModerator',
'isAdministrator',
'canEditMembersByModerator',
'options',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
const date = new Date();
await this.rolesRepository.update(ps.roleId, {
updatedAt: date,
name: ps.name,
description: ps.description,
color: ps.color,
isPublic: ps.isPublic,
isModerator: ps.isModerator,
isAdministrator: ps.isAdministrator,
canEditMembersByModerator: ps.canEditMembersByModerator,
options: ps.options,
});
const updated = await this.rolesRepository.findOneByOrFail({ id: ps.roleId });
this.globalEventService.publishInternalEvent('roleUpdated', updated);
});
}
}

21
packages/backend/src/server/api/endpoints/admin/show-user.ts
View File

@@ -2,6 +2,8 @@ import { Inject, Injectable } from '@nestjs/common';
import type { UsersRepository, SigninsRepository, UserProfilesRepository } from '@/models/index.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
export const meta = {
tags: ['admin'],
@@ -35,6 +37,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
@Inject(DI.signinsRepository)
private signinsRepository: SigninsRepository,
private roleService: RoleService,
private roleEntityService: RoleEntityService,
) {
super(meta, paramDef, async (ps, me) => {
const [user, profile] = await Promise.all([
@@ -46,15 +51,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new Error('user not found');
}
const isModerator = await this.roleService.isModerator(user);
const isSilenced = !(await this.roleService.getUserRoleOptions(user.id)).canPublicNote;
const _me = await this.usersRepository.findOneByOrFail({ id: me.id });
if ((_me.isModerator && !_me.isAdmin) && user.isAdmin) {
if (!await this.roleService.isAdministrator(_me) && await this.roleService.isAdministrator(user)) {
throw new Error('cannot show info of admin');
}
if (!_me.isAdmin) {
if (!await this.roleService.isAdministrator(_me)) {
return {
isModerator: user.isModerator,
isSilenced: user.isSilenced,
isSuspended: user.isSuspended,
};
}
@@ -66,6 +72,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const signins = await this.signinsRepository.findBy({ userId: user.id });
const roles = await this.roleService.getUserRoles(user.id);
return {
email: profile.email,
emailVerified: profile.emailVerified,
@@ -80,12 +88,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
mutedWords: profile.mutedWords,
mutedInstances: profile.mutedInstances,
mutingNotificationTypes: profile.mutingNotificationTypes,
isModerator: user.isModerator,
isSilenced: user.isSilenced,
isModerator: isModerator,
isSilenced: isSilenced,
isSuspended: user.isSuspended,
lastActiveDate: user.lastActiveDate,
moderationNote: profile.moderationNote,
signins,
roles: await this.roleEntityService.packMany(roles, me, { detail: false }),
};
});
}

26
packages/backend/src/server/api/endpoints/admin/show-users.ts
View File

@@ -4,6 +4,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import { DI } from '@/di-symbols.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { sqlLikeEscape } from '@/misc/sql-like-escape.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['admin'],
@@ -28,7 +29,7 @@ export const paramDef = {
limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
offset: { type: 'integer', default: 0 },
sort: { type: 'string', enum: ['+follower', '-follower', '+createdAt', '-createdAt', '+updatedAt', '-updatedAt', '+lastActiveDate', '-lastActiveDate'] },
state: { type: 'string', enum: ['all', 'alive', 'available', 'admin', 'moderator', 'adminOrModerator', 'silenced', 'suspended'], default: 'all' },
state: { type: 'string', enum: ['all', 'alive', 'available', 'admin', 'moderator', 'adminOrModerator', 'suspended'], default: 'all' },
origin: { type: 'string', enum: ['combined', 'local', 'remote'], default: 'combined' },
username: { type: 'string', nullable: true, default: null },
hostname: {
@@ -49,18 +50,33 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private usersRepository: UsersRepository,
private userEntityService: UserEntityService,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
const query = this.usersRepository.createQueryBuilder('user');
switch (ps.state) {
case 'available': query.where('user.isSuspended = FALSE'); break;
case 'admin': query.where('user.isAdmin = TRUE'); break;
case 'moderator': query.where('user.isModerator = TRUE'); break;
case 'adminOrModerator': query.where('user.isAdmin = TRUE OR user.isModerator = TRUE'); break;
case 'alive': query.where('user.updatedAt > :date', { date: new Date(Date.now() - 1000 * 60 * 60 * 24 * 5) }); break;
case 'silenced': query.where('user.isSilenced = TRUE'); break;
case 'suspended': query.where('user.isSuspended = TRUE'); break;
case 'admin': {
const adminIds = await this.roleService.getAdministratorIds();
if (adminIds.length === 0) return [];
query.where('user.id IN (:...adminIds)', { adminIds: adminIds });
break;
}
case 'moderator': {
const moderatorIds = await this.roleService.getModeratorIds(false);
if (moderatorIds.length === 0) return [];
query.where('user.id IN (:...moderatorIds)', { moderatorIds: moderatorIds });
break;
}
case 'adminOrModerator': {
const adminOrModeratorIds = await this.roleService.getModeratorIds();
if (adminOrModeratorIds.length === 0) return [];
query.where('user.id IN (:...adminOrModeratorIds)', { adminOrModeratorIds: adminOrModeratorIds });
break;
}
}
switch (ps.origin) {

55
packages/backend/src/server/api/endpoints/admin/silence-user.ts
View File

@@ -1,55 +0,0 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import type { UsersRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
userId: { type: 'string', format: 'misskey:id' },
},
required: ['userId'],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private moderationLogService: ModerationLogService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps, me) => {
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new Error('user not found');
}
if (user.isAdmin) {
throw new Error('cannot silence admin');
}
await this.usersRepository.update(user.id, {
isSilenced: true,
});
this.globalEventService.publishInternalEvent('userChangeSilencedState', { id: user.id, isSilenced: true });
this.moderationLogService.insertModerationLog(me, 'silence', {
targetId: user.id,
});
});
}
}

10
packages/backend/src/server/api/endpoints/admin/suspend-user.ts
View File

@@ -9,6 +9,7 @@ import { UserFollowingService } from '@/core/UserFollowingService.js';
import { DI } from '@/di-symbols.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['admin'],
@@ -41,6 +42,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private userEntityService: UserEntityService,
private userFollowingService: UserFollowingService,
private userSuspendService: UserSuspendService,
private roleService: RoleService,
private moderationLogService: ModerationLogService,
private globalEventService: GlobalEventService,
) {
@@ -51,12 +53,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new Error('user not found');
}
if (user.isAdmin) {
throw new Error('cannot suspend admin');
}
if (user.isModerator) {
throw new Error('cannot suspend moderator');
if (await this.roleService.isModerator(user)) {
throw new Error('cannot suspend moderator account');
}
await this.usersRepository.update(user.id, {

51
packages/backend/src/server/api/endpoints/admin/unsilence-user.ts
View File

@@ -1,51 +0,0 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/index.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { DI } from '@/di-symbols.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
} as const;
export const paramDef = {
type: 'object',
properties: {
userId: { type: 'string', format: 'misskey:id' },
},
required: ['userId'],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private moderationLogService: ModerationLogService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps, me) => {
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new Error('user not found');
}
await this.usersRepository.update(user.id, {
isSilenced: false,
});
this.globalEventService.publishInternalEvent('userChangeSilencedState', { id: user.id, isSilenced: false });
this.moderationLogService.insertModerationLog(me, 'unsilence', {
targetId: user.id,
});
});
}
}

15
packages/backend/src/server/api/endpoints/admin/update-meta.ts
View File

@@ -19,8 +19,6 @@ export const paramDef = {
type: 'object',
properties: {
disableRegistration: { type: 'boolean', nullable: true },
disableLocalTimeline: { type: 'boolean', nullable: true },
disableGlobalTimeline: { type: 'boolean', nullable: true },
useStarForReactionFallback: { type: 'boolean', nullable: true },
pinnedUsers: { type: 'array', nullable: true, items: {
type: 'string',
@@ -42,7 +40,6 @@ export const paramDef = {
description: { type: 'string', nullable: true },
defaultLightTheme: { type: 'string', nullable: true },
defaultDarkTheme: { type: 'string', nullable: true },
localDriveCapacityMb: { type: 'integer' },
remoteDriveCapacityMb: { type: 'integer' },
cacheRemoteFiles: { type: 'boolean' },
emailRequiredForSignup: { type: 'boolean' },
@@ -130,14 +127,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
set.disableRegistration = ps.disableRegistration;
}
if (typeof ps.disableLocalTimeline === 'boolean') {
set.disableLocalTimeline = ps.disableLocalTimeline;
}
if (typeof ps.disableGlobalTimeline === 'boolean') {
set.disableGlobalTimeline = ps.disableGlobalTimeline;
}
if (typeof ps.useStarForReactionFallback === 'boolean') {
set.useStarForReactionFallback = ps.useStarForReactionFallback;
}
@@ -194,10 +183,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
set.defaultDarkTheme = ps.defaultDarkTheme;
}
if (ps.localDriveCapacityMb !== undefined) {
set.localDriveCapacityMb = ps.localDriveCapacityMb;
}
if (ps.remoteDriveCapacityMb !== undefined) {
set.remoteDriveCapacityMb = ps.remoteDriveCapacityMb;
}

4
packages/backend/src/server/api/endpoints/antennas/create.ts
View File

@@ -5,6 +5,7 @@ import type { UserListsRepository, UserGroupJoiningsRepository, AntennasReposito
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { AntennaEntityService } from '@/core/entities/AntennaEntityService.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
@@ -83,6 +84,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private userGroupJoiningsRepository: UserGroupJoiningsRepository,
private antennaEntityService: AntennaEntityService,
private roleService: RoleService,
private idService: IdService,
private globalEventService: GlobalEventService,
) {
@@ -90,7 +92,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const currentAntennasCount = await this.antennasRepository.countBy({
userId: me.id,
});
if (currentAntennasCount > 5) {
if (currentAntennasCount > (await this.roleService.getUserRoleOptions(me.id)).antennaLimit) {
throw new ApiError(meta.errors.tooManyAntennas);
}

6
packages/backend/src/server/api/endpoints/drive.ts
View File

@@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { MetaService } from '@/core/MetaService.js';
import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['drive', 'account'],
@@ -38,6 +39,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
private metaService: MetaService,
private driveFileEntityService: DriveFileEntityService,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
const instance = await this.metaService.fetch(true);
@@ -45,8 +47,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
// Calculate drive usage
const usage = await this.driveFileEntityService.calcDriveUsageOf(me.id);
const myRole = await this.roleService.getUserRoleOptions(me.id);
return {
capacity: 1024 * 1024 * (me.driveCapacityOverrideMb ?? instance.localDriveCapacityMb),
capacity: 1024 * 1024 * myRole.driveCapacityMb,
usage: usage,
};
});

4
packages/backend/src/server/api/endpoints/drive/files/delete.ts
View File

@@ -4,6 +4,7 @@ import type { DriveFilesRepository } from '@/models/index.js';
import { DriveService } from '@/core/DriveService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../../error.js';
export const meta = {
@@ -46,6 +47,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private driveFilesRepository: DriveFilesRepository,
private driveService: DriveService,
private roleService: RoleService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps, me) => {
@@ -55,7 +57,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.noSuchFile);
}
if ((!me.isAdmin && !me.isModerator) && (file.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (file.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}

4
packages/backend/src/server/api/endpoints/drive/files/show.ts
View File

@@ -4,6 +4,7 @@ import type { DriveFilesRepository } from '@/models/index.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../../error.js';
export const meta = {
@@ -62,6 +63,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private driveFilesRepository: DriveFilesRepository,
private driveFileEntityService: DriveFileEntityService,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
let file: DriveFile | null = null;
@@ -84,7 +86,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.noSuchFile);
}
if ((!me.isAdmin && !me.isModerator) && (file.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (file.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}

4
packages/backend/src/server/api/endpoints/drive/files/update.ts
View File

@@ -5,6 +5,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../../error.js';
export const meta = {
@@ -72,6 +73,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private driveFoldersRepository: DriveFoldersRepository,
private driveFileEntityService: DriveFileEntityService,
private roleService: RoleService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps, me) => {
@@ -81,7 +83,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.noSuchFile);
}
if ((!me.isAdmin && !me.isModerator) && (file.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (file.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}

20
packages/backend/src/server/api/endpoints/meta.ts
View File

@@ -7,6 +7,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { MetaService } from '@/core/MetaService.js';
import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
import { DEFAULT_ROLE } from '@/core/RoleService.js';
export const meta = {
tags: ['meta'],
@@ -77,18 +78,6 @@ export const meta = {
type: 'boolean',
optional: false, nullable: false,
},
disableLocalTimeline: {
type: 'boolean',
optional: false, nullable: false,
},
disableGlobalTimeline: {
type: 'boolean',
optional: false, nullable: false,
},
driveCapacityPerLocalUserMb: {
type: 'number',
optional: false, nullable: false,
},
driveCapacityPerRemoteUserMb: {
type: 'number',
optional: false, nullable: false,
@@ -314,9 +303,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
repositoryUrl: instance.repositoryUrl,
feedbackUrl: instance.feedbackUrl,
disableRegistration: instance.disableRegistration,
disableLocalTimeline: instance.disableLocalTimeline,
disableGlobalTimeline: instance.disableGlobalTimeline,
driveCapacityPerLocalUserMb: instance.localDriveCapacityMb,
driveCapacityPerRemoteUserMb: instance.remoteDriveCapacityMb,
emailRequiredForSignup: instance.emailRequiredForSignup,
enableHcaptcha: instance.enableHcaptcha,
@@ -353,6 +339,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
translatorAvailable: instance.deeplAuthKey != null,
baseRole: { ...DEFAULT_ROLE, ...instance.defaultRoleOverride },
...(ps.detail ? {
pinnedPages: instance.pinnedPages,
pinnedClipId: instance.pinnedClipId,
@@ -369,8 +357,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
response.proxyAccountName = proxyAccount ? proxyAccount.username : null;
response.features = {
registration: !instance.disableRegistration,
localTimeLine: !instance.disableLocalTimeline,
globalTimeLine: !instance.disableGlobalTimeline,
emailRequiredForSignup: instance.emailRequiredForSignup,
elasticsearch: this.config.elasticsearch ? true : false,
hcaptcha: instance.enableHcaptcha,

6
packages/backend/src/server/api/endpoints/notes/delete.ts
View File

@@ -4,8 +4,9 @@ import type { UsersRepository } from '@/models/index.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { NoteDeleteService } from '@/core/NoteDeleteService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '../../error.js';
import { GetterService } from '@/server/api/GetterService.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
tags: ['notes'],
@@ -51,6 +52,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private usersRepository: UsersRepository,
private getterService: GetterService,
private roleService: RoleService,
private noteDeleteService: NoteDeleteService,
) {
super(meta, paramDef, async (ps, me) => {
@@ -59,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw err;
});
if ((!me.isAdmin && !me.isModerator) && (note.userId !== me.id)) {
if (!await this.roleService.isModerator(me) && (note.userId !== me.id)) {
throw new ApiError(meta.errors.accessDenied);
}

10
packages/backend/src/server/api/endpoints/notes/global-timeline.ts
View File

@@ -6,6 +6,7 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { MetaService } from '@/core/MetaService.js';
import ActiveUsersChart from '@/core/chart/charts/active-users.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
@@ -57,14 +58,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private noteEntityService: NoteEntityService,
private queryService: QueryService,
private metaService: MetaService,
private roleService: RoleService,
private activeUsersChart: ActiveUsersChart,
) {
super(meta, paramDef, async (ps, me) => {
const m = await this.metaService.fetch();
if (m.disableGlobalTimeline) {
if (me == null || (!me.isAdmin && !me.isModerator)) {
throw new ApiError(meta.errors.gtlDisabled);
}
const role = await this.roleService.getUserRoleOptions(me ? me.id : null);
if (!role.gtlAvailable) {
throw new ApiError(meta.errors.gtlDisabled);
}
//#region Construct query

6
packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
View File

@@ -7,6 +7,7 @@ import ActiveUsersChart from '@/core/chart/charts/active-users.js';
import { MetaService } from '@/core/MetaService.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
@@ -66,11 +67,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private noteEntityService: NoteEntityService,
private queryService: QueryService,
private metaService: MetaService,
private roleService: RoleService,
private activeUsersChart: ActiveUsersChart,
) {
super(meta, paramDef, async (ps, me) => {
const m = await this.metaService.fetch();
if (m.disableLocalTimeline && (!me.isAdmin && !me.isModerator)) {
const role = await this.roleService.getUserRoleOptions(me.id);
if (!role.ltlAvailable) {
throw new ApiError(meta.errors.stlDisabled);
}

10
packages/backend/src/server/api/endpoints/notes/local-timeline.ts
View File

@@ -7,6 +7,7 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { MetaService } from '@/core/MetaService.js';
import ActiveUsersChart from '@/core/chart/charts/active-users.js';
import { DI } from '@/di-symbols.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
@@ -62,14 +63,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private noteEntityService: NoteEntityService,
private queryService: QueryService,
private metaService: MetaService,
private roleService: RoleService,
private activeUsersChart: ActiveUsersChart,
) {
super(meta, paramDef, async (ps, me) => {
const m = await this.metaService.fetch();
if (m.disableLocalTimeline) {
if (me == null || (!me.isAdmin && !me.isModerator)) {
throw new ApiError(meta.errors.ltlDisabled);
}
const role = await this.roleService.getUserRoleOptions(me ? me.id : null);
if (!role.ltlAvailable) {
throw new ApiError(meta.errors.ltlDisabled);
}
//#region Construct query

5
packages/backend/src/server/api/endpoints/users.ts
View File

@@ -27,7 +27,7 @@ export const paramDef = {
limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
offset: { type: 'integer', default: 0 },
sort: { type: 'string', enum: ['+follower', '-follower', '+createdAt', '-createdAt', '+updatedAt', '-updatedAt'] },
state: { type: 'string', enum: ['all', 'admin', 'moderator', 'adminOrModerator', 'alive'], default: 'all' },
state: { type: 'string', enum: ['all', 'alive'], default: 'all' },
origin: { type: 'string', enum: ['combined', 'local', 'remote'], default: 'local' },
hostname: {
type: 'string',
@@ -54,9 +54,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
query.where('user.isExplorable = TRUE');
switch (ps.state) {
case 'admin': query.andWhere('user.isAdmin = TRUE'); break;
case 'moderator': query.andWhere('user.isModerator = TRUE'); break;
case 'adminOrModerator': query.andWhere('user.isAdmin = TRUE OR user.isModerator = TRUE'); break;
case 'alive': query.andWhere('user.updatedAt > :date', { date: new Date(Date.now() - 1000 * 60 * 60 * 24 * 5) }); break;
}

14
packages/backend/src/server/api/endpoints/users/report-abuse.ts
View File

@@ -7,8 +7,9 @@ import { GlobalEventService } from '@/core/GlobalEventService.js';
import { MetaService } from '@/core/MetaService.js';
import { EmailService } from '@/core/EmailService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '../../error.js';
import { GetterService } from '@/server/api/GetterService.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
export const meta = {
tags: ['users'],
@@ -61,6 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private metaService: MetaService,
private emailService: EmailService,
private getterService: GetterService,
private roleService: RoleService,
private globalEventService: GlobalEventService,
) {
super(meta, paramDef, async (ps, me) => {
@@ -74,7 +76,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.cannotReportYourself);
}
if (user.isAdmin) {
if (await this.roleService.isAdministrator(user)) {
throw new ApiError(meta.errors.cannotReportAdmin);
}
@@ -90,13 +92,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
// Publish event to moderators
setImmediate(async () => {
const moderators = await this.usersRepository.find({
where: [{
isAdmin: true,
}, {
isModerator: true,
}],
});
const moderators = await this.roleService.getModerators();
for (const moderator of moderators) {
this.globalEventService.publishAdminStream(moderator.id, 'newAbuseUserReport', {

8
packages/backend/src/server/api/endpoints/users/show.ts
View File

@@ -7,6 +7,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { RemoteUserResolveService } from '@/core/RemoteUserResolveService.js';
import { DI } from '@/di-symbols.js';
import PerUserPvChart from '@/core/chart/charts/per-user-pv.js';
import { RoleService } from '@/core/RoleService.js';
import { ApiError } from '../../error.js';
import { ApiLoggerService } from '../../ApiLoggerService.js';
import type { FindOptionsWhere } from 'typeorm';
@@ -91,20 +92,21 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
private userEntityService: UserEntityService,
private remoteUserResolveService: RemoteUserResolveService,
private roleService: RoleService,
private perUserPvChart: PerUserPvChart,
private apiLoggerService: ApiLoggerService,
) {
super(meta, paramDef, async (ps, me, _1, _2, _3, ip) => {
let user;
const isAdminOrModerator = me && (me.isAdmin || me.isModerator);
const isModerator = await this.roleService.isModerator(me);
if (ps.userIds) {
if (ps.userIds.length === 0) {
return [];
}
const users = await this.usersRepository.findBy(isAdminOrModerator ? {
const users = await this.usersRepository.findBy(isModerator ? {
id: In(ps.userIds),
} : {
id: In(ps.userIds),
@@ -135,7 +137,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
user = await this.usersRepository.findOneBy(q);
}
if (user == null || (!isAdminOrModerator && user.isSuspended)) {
if (user == null || (!isModerator && user.isSuspended)) {
throw new ApiError(meta.errors.noSuchUser);
}

10
packages/backend/src/server/api/stream/channels/global-timeline.ts
View File

@@ -7,6 +7,7 @@ import type { Packed } from '@/misc/schema.js';
import { MetaService } from '@/core/MetaService.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js';
import Channel from '../channel.js';
class GlobalTimelineChannel extends Channel {
@@ -16,6 +17,7 @@ class GlobalTimelineChannel extends Channel {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
id: string,
@@ -27,10 +29,8 @@ class GlobalTimelineChannel extends Channel {
@bindThis
public async init(params: any) {
const meta = await this.metaService.fetch();
if (meta.disableGlobalTimeline) {
if (this.user == null || (!this.user.isAdmin && !this.user.isModerator)) return;
}
const role = await this.roleService.getUserRoleOptions(this.user ? this.user.id : null);
if (!role.gtlAvailable) return;
// Subscribe events
this.subscriber.on('notesStream', this.onNote);
@@ -95,6 +95,7 @@ export class GlobalTimelineChannelService {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
) {
}
@@ -103,6 +104,7 @@ export class GlobalTimelineChannelService {
public create(id: string, connection: Channel['connection']): GlobalTimelineChannel {
return new GlobalTimelineChannel(
this.metaService,
this.roleService,
this.noteEntityService,
id,
connection,

8
packages/backend/src/server/api/stream/channels/hybrid-timeline.ts
View File

@@ -8,6 +8,7 @@ import { DI } from '@/di-symbols.js';
import { MetaService } from '@/core/MetaService.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js';
import Channel from '../channel.js';
class HybridTimelineChannel extends Channel {
@@ -17,6 +18,7 @@ class HybridTimelineChannel extends Channel {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
id: string,
@@ -28,8 +30,8 @@ class HybridTimelineChannel extends Channel {
@bindThis
public async init(params: any): Promise<void> {
const meta = await this.metaService.fetch();
if (meta.disableLocalTimeline && !this.user!.isAdmin && !this.user!.isModerator) return;
const role = await this.roleService.getUserRoleOptions(this.user ? this.user.id : null);
if (!role.ltlAvailable) return;
// Subscribe events
this.subscriber.on('notesStream', this.onNote);
@@ -112,6 +114,7 @@ export class HybridTimelineChannelService {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
) {
}
@@ -120,6 +123,7 @@ export class HybridTimelineChannelService {
public create(id: string, connection: Channel['connection']): HybridTimelineChannel {
return new HybridTimelineChannel(
this.metaService,
this.roleService,
this.noteEntityService,
id,
connection,

10
packages/backend/src/server/api/stream/channels/local-timeline.ts
View File

@@ -6,6 +6,7 @@ import type { Packed } from '@/misc/schema.js';
import { MetaService } from '@/core/MetaService.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js';
import Channel from '../channel.js';
class LocalTimelineChannel extends Channel {
@@ -15,6 +16,7 @@ class LocalTimelineChannel extends Channel {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
id: string,
@@ -26,10 +28,8 @@ class LocalTimelineChannel extends Channel {
@bindThis
public async init(params: any) {
const meta = await this.metaService.fetch();
if (meta.disableLocalTimeline) {
if (this.user == null || (!this.user.isAdmin && !this.user.isModerator)) return;
}
const role = await this.roleService.getUserRoleOptions(this.user ? this.user.id : null);
if (!role.ltlAvailable) return;
// Subscribe events
this.subscriber.on('notesStream', this.onNote);
@@ -92,6 +92,7 @@ export class LocalTimelineChannelService {
constructor(
private metaService: MetaService,
private roleService: RoleService,
private noteEntityService: NoteEntityService,
) {
}
@@ -100,6 +101,7 @@ export class LocalTimelineChannelService {
public create(id: string, connection: Channel['connection']): LocalTimelineChannel {
return new LocalTimelineChannel(
this.metaService,
this.roleService,
this.noteEntityService,
id,
connection,

34
packages/backend/src/server/api/stream/types.ts
View File

@@ -14,23 +14,33 @@ import type { Page } from '@/models/entities/Page.js';
import type { Packed } from '@/misc/schema.js';
import type { Webhook } from '@/models/entities/Webhook.js';
import type { Meta } from '@/models/entities/Meta.js';
import { Role, RoleAssignment } from '@/models';
import type Emitter from 'strict-event-emitter-types';
import type { EventEmitter } from 'events';
// redis通すとDateのインスタンスはstringに変換されるので
type Serialized<T> = {
[K in keyof T]: T[K] extends Date ? string : T[K];
};
//#region Stream type-body definitions
export interface InternalStreamTypes {
userChangeSuspendedState: { id: User['id']; isSuspended: User['isSuspended']; };
userChangeSilencedState: { id: User['id']; isSilenced: User['isSilenced']; };
userChangeModeratorState: { id: User['id']; isModerator: User['isModerator']; };
userTokenRegenerated: { id: User['id']; oldToken: User['token']; newToken: User['token']; };
remoteUserUpdated: { id: User['id']; };
webhookCreated: Webhook;
webhookDeleted: Webhook;
webhookUpdated: Webhook;
antennaCreated: Antenna;
antennaDeleted: Antenna;
antennaUpdated: Antenna;
metaUpdated: Meta,
userChangeSuspendedState: Serialized<{ id: User['id']; isSuspended: User['isSuspended']; }>;
userTokenRegenerated: Serialized<{ id: User['id']; oldToken: User['token']; newToken: User['token']; }>;
remoteUserUpdated: Serialized<{ id: User['id']; }>;
defaultRoleOverrideUpdated: Serialized<Role['options']>;
roleCreated: Serialized<Role>;
roleDeleted: Serialized<Role>;
roleUpdated: Serialized<Role>;
userRoleAssigned: Serialized<RoleAssignment>;
userRoleUnassigned: Serialized<RoleAssignment>;
webhookCreated: Serialized<Webhook>;
webhookDeleted: Serialized<Webhook>;
webhookUpdated: Serialized<Webhook>;
antennaCreated: Serialized<Antenna>;
antennaDeleted: Serialized<Antenna>;
antennaUpdated: Serialized<Antenna>;
metaUpdated: Serialized<Meta>;
}
export interface BroadcastTypes {