mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-18 10:27:30 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[feature] Implement Mastodon-compatible roles (#3136)

Browse source 
* Implement Mastodon-compatible roles

- `Account.role` should only be available through verify_credentials for checking current user's permissions
- `Account.role` now carries a Mastodon-compatible permissions bitmap and a marker for whether it should be shown to the public
- `Account.roles` added for *public* display roles (undocumented but stable since Mastodon 4.1)
- Web template now uses only public display roles (no user-visible change here, we already special-cased the `user` role)

* Handle verify_credentials case for default role

* Update JSON exact-match tests

* Address review comments

* Add blocks bit to admin permissions bitmap
This commit is contained in:
Vyr Cossont 2024-07-31 09:26:09 -07:00 committed by GitHub
commit fd837776e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 765 additions and 209 deletions
Download patch file Download diff file Expand all files Collapse all files

118
internal/api/client/accounts/accountget_test.go Normal file
View file

@ -0,0 +1,118 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package accounts_test
import (
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
)
type AccountGetTestSuite struct {
AccountStandardTestSuite
}
// accountVerifyGet calls the get account API method for a given account fixture name.
func (suite *AccountGetTestSuite) getAccount(id string) *apimodel.Account {
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.BasePath+"/"+id, "")
ctx.Params = gin.Params{
gin.Param{
Key: accounts.IDKey,
Value: id,
},
}
// call the handler
suite.accountsModule.AccountGETHandler(ctx)
// 1. we should have OK because our request was valid
suite.Equal(http.StatusOK, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := io.ReadAll(result.Body)
if err != nil {
suite.FailNow(err.Error())
}
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
if err != nil {
suite.FailNow(err.Error())
}
return apimodelAccount
}
// Fetching the currently logged-in account shows extra info,
// so we should see permissions, but this account is a regular user and should have no display role.
func (suite *AccountGetTestSuite) TestGetDisplayRoleForSelf() {
apimodelAccount := suite.getAccount(suite.testAccounts["local_account_1"].ID)
// Role should be set, but permissions should be empty.
if suite.NotNil(apimodelAccount.Role) {
role := apimodelAccount.Role
suite.Equal("user", string(role.Name))
suite.Zero(role.Permissions)
}
// Roles should not have anything in it.
suite.Empty(apimodelAccount.Roles)
}
// We should not see a display role for an ordinary local account.
func (suite *AccountGetTestSuite) TestGetDisplayRoleForUserAccount() {
apimodelAccount := suite.getAccount(suite.testAccounts["local_account_2"].ID)
// Role should not be set.
suite.Nil(apimodelAccount.Role)
// Roles should not have anything in it.
suite.Empty(apimodelAccount.Roles)
}
// We should be able to get a display role for an admin account.
func (suite *AccountGetTestSuite) TestGetDisplayRoleForAdminAccount() {
apimodelAccount := suite.getAccount(suite.testAccounts["admin_account"].ID)
// Role should not be set.
suite.Nil(apimodelAccount.Role)
// Roles should have exactly one display role.
if suite.Len(apimodelAccount.Roles, 1) {
role := apimodelAccount.Roles[0]
suite.Equal("admin", string(role.Name))
suite.NotEmpty(role.ID)
}
}
func TestAccountGetTestSuite(t *testing.T) {
suite.Run(t, new(AccountGetTestSuite))
}

72
internal/api/client/accounts/accountverify_test.go
View file

@ -19,30 +19,35 @@ package accounts_test
import (
"encoding/json"
"io/ioutil"
"io"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/oauth"
)
type AccountVerifyTestSuite struct {
AccountStandardTestSuite
}
func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
testAccount := suite.testAccounts["local_account_1"]
// accountVerifyGet calls the verify_credentials API method for a given account fixture name.
// Assumes token and user fixture names are the same as the account fixture name.
func (suite *AccountVerifyTestSuite) accountVerifyGet(fixtureName string) *apimodel.Account {
// set up the request
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.VerifyPath, "")
// override the account that we're authenticated as
ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[fixtureName])
ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[fixtureName]))
ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[fixtureName])
// call the handler
suite.accountsModule.AccountVerifyGETHandler(ctx)
@ -54,13 +59,27 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
assert.NoError(suite.T(), err)
b, err := io.ReadAll(result.Body)
if err != nil {
suite.FailNow(err.Error())
}
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
suite.NoError(err)
if err != nil {
suite.FailNow(err.Error())
}
return apimodelAccount
}
// We should see public account information and profile source for a normal user.
func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
fixtureName := "local_account_1"
testAccount := suite.testAccounts[fixtureName]
apimodelAccount := suite.accountVerifyGet(fixtureName)
createdAt, err := time.Parse(time.RFC3339, apimodelAccount.CreatedAt)
suite.NoError(err)
@ -85,6 +104,43 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
suite.Equal(testAccount.NoteRaw, apimodelAccount.Source.Note)
}
// testAccountVerifyGetRole calls the verify_credentials API method for a given account fixture name,
// and checks the response for permissions appropriate to the role.
func (suite *AccountVerifyTestSuite) testAccountVerifyGetRole(fixtureName string) {
testUser := suite.testUsers[fixtureName]
apimodelAccount := suite.accountVerifyGet(fixtureName)
if suite.NotNil(apimodelAccount.Role) {
switch {
case *testUser.Admin:
suite.Equal("admin", string(apimodelAccount.Role.Name))
suite.NotZero(apimodelAccount.Role.Permissions)
suite.True(apimodelAccount.Role.Highlighted)
case *testUser.Moderator:
suite.Equal("moderator", string(apimodelAccount.Role.Name))
suite.Zero(apimodelAccount.Role.Permissions)
suite.True(apimodelAccount.Role.Highlighted)
default:
suite.Equal("user", string(apimodelAccount.Role.Name))
suite.Zero(apimodelAccount.Role.Permissions)
suite.False(apimodelAccount.Role.Highlighted)
}
}
}
// We should see a role for a normal user, and that role should not have any permissions.
func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleUser() {
suite.testAccountVerifyGetRole("local_account_1")
}
// We should see a role for an admin user, and that role should have some permissions.
func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleAdmin() {
suite.testAccountVerifyGetRole("admin_account")
}
func TestAccountVerifyTestSuite(t *testing.T) {
suite.Run(t, new(AccountVerifyTestSuite))
}

85
internal/api/client/admin/accountsgetv2_test.go
View file

@ -70,7 +70,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -109,10 +113,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"verified_at": null
}
],
"hide_collections": true,
"role": {
"name": "user"
}
"hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -127,7 +128,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": null,
"role": {
"name": "admin"
"id": "admin",
"name": "admin",
"color": "",
"permissions": "546033",
"highlighted": true
},
"confirmed": true,
"approved": true,
@ -156,9 +161,13 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@ -173,7 +182,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -214,7 +227,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": "I wanna be on this damned webbed site so bad! Please! Wow",
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -244,10 +261,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "user"
}
"enable_rss": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -262,7 +276,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "en",
"invite_request": "hi, please let me in! I'm looking for somewhere neato bombeato to hang out.",
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -289,10 +307,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"statuses_count": 0,
"last_status_at": null,
"emojis": [],
"fields": [],
"role": {
"name": "user"
}
"fields": []
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -307,7 +322,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -348,7 +367,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -389,7 +412,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -431,7 +458,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -511,7 +542,11 @@ func (suite *AccountsGetTestSuite) TestAccountsMinID() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,

100
internal/api/client/admin/reportsget_test.go
View file

@ -157,7 +157,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -198,7 +202,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -237,10 +245,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"verified_at": null
}
],
"hide_collections": true,
"role": {
"name": "user"
}
"hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -255,7 +260,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
"name": "admin"
"id": "admin",
"name": "admin",
"color": "",
"permissions": "546033",
"highlighted": true
},
"confirmed": true,
"approved": true,
@ -284,9 +293,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@ -301,7 +314,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
"name": "admin"
"id": "admin",
"name": "admin",
"color": "",
"permissions": "546033",
"highlighted": true
},
"confirmed": true,
"approved": true,
@ -330,9 +347,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F"
},
@ -360,7 +381,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "en",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -399,10 +424,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"verified_at": null
}
],
"hide_collections": true,
"role": {
"name": "user"
}
"hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -417,7 +439,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -605,7 +631,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"locale": "en",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -644,10 +674,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"verified_at": null
}
],
"hide_collections": true,
"role": {
"name": "user"
}
"hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -662,7 +689,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,
@ -850,7 +881,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"locale": "en",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": true,
"approved": true,
@ -889,10 +924,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"verified_at": null
}
],
"hide_collections": true,
"role": {
"name": "user"
}
"hide_collections": true
},
"created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG"
},
@ -907,7 +939,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() {
"locale": "",
"invite_request": null,
"role": {
"name": "user"
"id": "user",
"name": "user",
"color": "",
"permissions": "0",
"highlighted": false
},
"confirmed": false,
"approved": false,

60
internal/api/client/instance/instancepatch_test.go
View file

@ -176,9 +176,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch1() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [
@ -312,9 +316,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch2() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [
@ -448,9 +456,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch3() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [
@ -635,9 +647,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch6() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [
@ -797,9 +813,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch8() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [
@ -970,9 +990,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch9() {
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "admin"
}
"roles": [
{
"id": "admin",
"name": "admin",
"color": ""
}
]
},
"max_toot_chars": 5000,
"rules": [

5
internal/api/client/statuses/statushistory_test.go
View file

@ -118,10 +118,7 @@ func (suite *StatusHistoryTestSuite) TestGetHistory() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "user"
}
"enable_rss": true
},
"poll": null,
"media_attachments": [],

10
internal/api/client/statuses/statusmute_test.go
View file

@ -136,10 +136,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "user"
}
"enable_rss": true
},
"media_attachments": [],
"mentions": [],
@ -224,10 +221,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
"last_status_at": "2024-01-10T09:24:00.000Z",
"emojis": [],
"fields": [],
"enable_rss": true,
"role": {
"name": "user"
}
"enable_rss": true
},
"media_attachments": [],
"mentions": [],

131
internal/api/model/account.go
View file

@ -18,8 +18,11 @@
package model
import (
"encoding/json"
"errors"
"mime/multipart"
"net"
"strconv"
)
// Account models a fediverse account.
@ -105,8 +108,13 @@ type Account struct {
// Key/value omitted if false.
HideCollections bool `json:"hide_collections,omitempty"`
// Role of the account on this instance.
// Only available through the `verify_credentials` API method.
// Key/value omitted for remote accounts.
Role *AccountRole `json:"role,omitempty"`
// Roles lists the public roles of the account on this instance.
// Unlike Role, this is always available, but never includes permissions details.
// Key/value omitted for remote accounts.
Roles []AccountDisplayRole `json:"roles,omitempty"`
// If set, indicates that this account is currently inactive, and has migrated to the given account.
// Key/value omitted for accounts that haven't moved, and for suspended accounts.
Moved *Account `json:"moved,omitempty"`
@ -286,11 +294,35 @@ type AccountAliasRequest struct {
AlsoKnownAsURIs []string `form:"also_known_as_uris" json:"also_known_as_uris" xml:"also_known_as_uris"`
}
// AccountDisplayRole models a public, displayable role of an account.
// This is a subset of AccountRole.
//
// swagger:model accountDisplayRole
type AccountDisplayRole struct {
// ID of the role.
// Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
ID string `json:"id"`
// Name of the role.
Name AccountRoleName `json:"name"`
// Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
// Since GotoSocial doesn't use role colors, we leave this empty.
Color string `json:"color"`
}
// AccountRole models the role of an account.
//
// swagger:model accountRole
type AccountRole struct {
Name AccountRoleName `json:"name"`
AccountDisplayRole
// Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
Permissions AccountRolePermissions `json:"permissions"`
// Highlighted indicates whether the role is publicly visible on the user profile.
// This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
Highlighted bool `json:"highlighted"`
}
// AccountRoleName represent the name of the role of an account.
@ -305,6 +337,103 @@ const (
AccountRoleUnknown AccountRoleName = "" // We don't know / remote account
)
// AccountRolePermissions is a bitmap representing a set of user permissions.
// It's used for Mastodon API compatibility: internally, GotoSocial only tracks admins and moderators.
//
// swagger:type string
type AccountRolePermissions int
// MarshalJSON serializes an AccountRolePermissions as a numeric string.
func (a *AccountRolePermissions) MarshalJSON() ([]byte, error) {
return json.Marshal(strconv.Itoa(int(*a)))
}
// UnmarshalJSON deserializes an AccountRolePermissions from a number or numeric string.
func (a *AccountRolePermissions) UnmarshalJSON(b []byte) error {
if string(b) == "null" {
return nil
}
i := 0
if err := json.Unmarshal(b, &i); err != nil {
s := ""
if err := json.Unmarshal(b, &s); err != nil {
return errors.New("not a number or string")
}
i, err = strconv.Atoi(s)
if err != nil {
return errors.New("not a numeric string")
}
}
*a = AccountRolePermissions(i)
return nil
}
const (
// AccountRolePermissionsNone represents an empty set of permissions.
AccountRolePermissionsNone AccountRolePermissions = 0
// AccountRolePermissionsAdministrator ignores all permission checks.
AccountRolePermissionsAdministrator AccountRolePermissions = 1 << (iota - 1)
// AccountRolePermissionsDevops is not used by GotoSocial.
AccountRolePermissionsDevops
// AccountRolePermissionsViewAuditLog is not used by GotoSocial.
AccountRolePermissionsViewAuditLog
// AccountRolePermissionsViewDashboard is not used by GotoSocial.
AccountRolePermissionsViewDashboard
// AccountRolePermissionsManageReports indicates that the user can view and resolve reports.
AccountRolePermissionsManageReports
// AccountRolePermissionsManageFederation indicates that the user can edit federation allows and blocks.
AccountRolePermissionsManageFederation
// AccountRolePermissionsManageSettings indicates that the user can edit instance metadata.
AccountRolePermissionsManageSettings
// AccountRolePermissionsManageBlocks indicates that the user can manage non-federation blocks, currently including HTTP header blocks.
AccountRolePermissionsManageBlocks
// AccountRolePermissionsManageTaxonomies is not used by GotoSocial.
AccountRolePermissionsManageTaxonomies
// AccountRolePermissionsManageAppeals is not used by GotoSocial.
AccountRolePermissionsManageAppeals
// AccountRolePermissionsManageUsers indicates that the user can view user details and perform user moderation actions.
AccountRolePermissionsManageUsers
// AccountRolePermissionsManageInvites is not used by GotoSocial.
AccountRolePermissionsManageInvites
// AccountRolePermissionsManageRules indicates that the user can edit instance rules.
AccountRolePermissionsManageRules
// AccountRolePermissionsManageAnnouncements is not used by GotoSocial.
AccountRolePermissionsManageAnnouncements
// AccountRolePermissionsManageCustomEmojis indicates that the user can edit custom emoji.
AccountRolePermissionsManageCustomEmojis
// AccountRolePermissionsManageWebhooks is not used by GotoSocial.
AccountRolePermissionsManageWebhooks
// AccountRolePermissionsInviteUsers is not used by GotoSocial.
AccountRolePermissionsInviteUsers
// AccountRolePermissionsManageRoles is not used by GotoSocial.
AccountRolePermissionsManageRoles
// AccountRolePermissionsManageUserAccess is not used by GotoSocial.
AccountRolePermissionsManageUserAccess
// AccountRolePermissionsDeleteUserData indicates that the user can permanently delete user data.
AccountRolePermissionsDeleteUserData
// FUTURE: If we decide to assign our own permissions bits,
// they should start at the other end of the int to avoid conflicts with future Mastodon permissions.
// AccountRolePermissionsForAdminRole includes all of the permissions assigned to GotoSocial's built-in administrator role.
AccountRolePermissionsForAdminRole = AccountRolePermissionsAdministrator |
AccountRolePermissionsManageReports |
AccountRolePermissionsManageFederation |
AccountRolePermissionsManageSettings |
AccountRolePermissionsManageBlocks |
AccountRolePermissionsManageUsers |
AccountRolePermissionsManageRules |
AccountRolePermissionsManageCustomEmojis |
AccountRolePermissionsDeleteUserData
// AccountRolePermissionsForModeratorRole includes all of the permissions assigned to GotoSocial's built-in moderator role.
// (Currently, there aren't any.)
AccountRolePermissionsForModeratorRole = AccountRolePermissionsNone
)
// AccountNoteRequest models a request to update the private note for an account.
//
// swagger:ignore