From fd837776e2aaf30f4ea973d65c9dfe0979988371 Mon Sep 17 00:00:00 2001 From: Vyr Cossont Date: Wed, 31 Jul 2024 09:26:09 -0700 Subject: [PATCH] [feature] Implement Mastodon-compatible roles (#3136) * Implement Mastodon-compatible roles - `Account.role` should only be available through verify_credentials for checking current user's permissions - `Account.role` now carries a Mastodon-compatible permissions bitmap and a marker for whether it should be shown to the public - `Account.roles` added for *public* display roles (undocumented but stable since Mastodon 4.1) - Web template now uses only public display roles (no user-visible change here, we already special-cased the `user` role) * Handle verify_credentials case for default role * Update JSON exact-match tests * Address review comments * Add blocks bit to admin permissions bitmap --- docs/api/swagger.yaml | 64 +++++ .../api/client/accounts/accountget_test.go | 118 ++++++++++ .../api/client/accounts/accountverify_test.go | 72 +++++- .../api/client/admin/accountsgetv2_test.go | 85 +++++-- internal/api/client/admin/reportsget_test.go | 100 +++++--- .../api/client/instance/instancepatch_test.go | 60 +++-- .../api/client/statuses/statushistory_test.go | 5 +- .../api/client/statuses/statusmute_test.go | 10 +- internal/api/model/account.go | 131 ++++++++++- internal/typeutils/internaltofrontend.go | 101 +++++--- internal/typeutils/internaltofrontend_test.go | 222 +++++++++++------- web/template/profile.tmpl | 6 +- 12 files changed, 765 insertions(+), 209 deletions(-) create mode 100644 internal/api/client/accounts/accountget_test.go diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml index 102a00fbd..1d5b80ed1 100644 --- a/docs/api/swagger.yaml +++ b/docs/api/swagger.yaml @@ -304,6 +304,15 @@ definitions: x-go-name: Note role: $ref: '#/definitions/accountRole' + roles: + description: |- + Roles lists the public roles of the account on this instance. + Unlike Role, this is always available, but never includes permissions details. + Key/value omitted for remote accounts. + items: + $ref: '#/definitions/accountDisplayRole' + type: array + x-go-name: Roles source: $ref: '#/definitions/Source' statuses_count: @@ -333,6 +342,29 @@ definitions: type: object x-go-name: Account x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model + accountDisplayRole: + description: This is a subset of AccountRole. + properties: + color: + description: |- + Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color. + Since GotoSocial doesn't use role colors, we leave this empty. + type: string + x-go-name: Color + id: + description: |- + ID of the role. + Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID. + type: string + x-go-name: ID + name: + description: Name of the role. + type: string + x-go-name: Name + title: AccountDisplayRole models a public, displayable role of an account. + type: object + x-go-name: AccountDisplayRole + x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model accountExportStats: description: |- AccountExportStats models an account's stats @@ -448,9 +480,32 @@ definitions: x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model accountRole: properties: + color: + description: |- + Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color. + Since GotoSocial doesn't use role colors, we leave this empty. + type: string + x-go-name: Color + highlighted: + description: |- + Highlighted indicates whether the role is publicly visible on the user profile. + This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise. + type: boolean + x-go-name: Highlighted + id: + description: |- + ID of the role. + Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID. + type: string + x-go-name: ID name: + description: Name of the role. type: string x-go-name: Name + permissions: + description: Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform. + type: string + x-go-name: Permissions title: AccountRole models the role of an account. type: object x-go-name: AccountRole @@ -2209,6 +2264,15 @@ definitions: x-go-name: Note role: $ref: '#/definitions/accountRole' + roles: + description: |- + Roles lists the public roles of the account on this instance. + Unlike Role, this is always available, but never includes permissions details. + Key/value omitted for remote accounts. + items: + $ref: '#/definitions/accountDisplayRole' + type: array + x-go-name: Roles source: $ref: '#/definitions/Source' statuses_count: diff --git a/internal/api/client/accounts/accountget_test.go b/internal/api/client/accounts/accountget_test.go new file mode 100644 index 000000000..421de0d64 --- /dev/null +++ b/internal/api/client/accounts/accountget_test.go @@ -0,0 +1,118 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package accounts_test + +import ( + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/client/accounts" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" +) + +type AccountGetTestSuite struct { + AccountStandardTestSuite +} + +// accountVerifyGet calls the get account API method for a given account fixture name. +func (suite *AccountGetTestSuite) getAccount(id string) *apimodel.Account { + recorder := httptest.NewRecorder() + ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.BasePath+"/"+id, "") + ctx.Params = gin.Params{ + gin.Param{ + Key: accounts.IDKey, + Value: id, + }, + } + + // call the handler + suite.accountsModule.AccountGETHandler(ctx) + + // 1. we should have OK because our request was valid + suite.Equal(http.StatusOK, recorder.Code) + + // 2. we should have no error message in the result body + result := recorder.Result() + defer result.Body.Close() + + // check the response + b, err := io.ReadAll(result.Body) + if err != nil { + suite.FailNow(err.Error()) + } + + // unmarshal the returned account + apimodelAccount := &apimodel.Account{} + err = json.Unmarshal(b, apimodelAccount) + if err != nil { + suite.FailNow(err.Error()) + } + + return apimodelAccount +} + +// Fetching the currently logged-in account shows extra info, +// so we should see permissions, but this account is a regular user and should have no display role. +func (suite *AccountGetTestSuite) TestGetDisplayRoleForSelf() { + apimodelAccount := suite.getAccount(suite.testAccounts["local_account_1"].ID) + + // Role should be set, but permissions should be empty. + if suite.NotNil(apimodelAccount.Role) { + role := apimodelAccount.Role + suite.Equal("user", string(role.Name)) + suite.Zero(role.Permissions) + } + + // Roles should not have anything in it. + suite.Empty(apimodelAccount.Roles) +} + +// We should not see a display role for an ordinary local account. +func (suite *AccountGetTestSuite) TestGetDisplayRoleForUserAccount() { + apimodelAccount := suite.getAccount(suite.testAccounts["local_account_2"].ID) + + // Role should not be set. + suite.Nil(apimodelAccount.Role) + + // Roles should not have anything in it. + suite.Empty(apimodelAccount.Roles) +} + +// We should be able to get a display role for an admin account. +func (suite *AccountGetTestSuite) TestGetDisplayRoleForAdminAccount() { + apimodelAccount := suite.getAccount(suite.testAccounts["admin_account"].ID) + + // Role should not be set. + suite.Nil(apimodelAccount.Role) + + // Roles should have exactly one display role. + if suite.Len(apimodelAccount.Roles, 1) { + role := apimodelAccount.Roles[0] + suite.Equal("admin", string(role.Name)) + suite.NotEmpty(role.ID) + } +} + +func TestAccountGetTestSuite(t *testing.T) { + suite.Run(t, new(AccountGetTestSuite)) +} diff --git a/internal/api/client/accounts/accountverify_test.go b/internal/api/client/accounts/accountverify_test.go index 9308cc92a..af8c2346c 100644 --- a/internal/api/client/accounts/accountverify_test.go +++ b/internal/api/client/accounts/accountverify_test.go @@ -19,30 +19,35 @@ package accounts_test import ( "encoding/json" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" "time" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/api/client/accounts" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/oauth" ) type AccountVerifyTestSuite struct { AccountStandardTestSuite } -func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() { - testAccount := suite.testAccounts["local_account_1"] - +// accountVerifyGet calls the verify_credentials API method for a given account fixture name. +// Assumes token and user fixture names are the same as the account fixture name. +func (suite *AccountVerifyTestSuite) accountVerifyGet(fixtureName string) *apimodel.Account { // set up the request recorder := httptest.NewRecorder() ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.VerifyPath, "") + // override the account that we're authenticated as + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[fixtureName]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[fixtureName])) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[fixtureName]) + // call the handler suite.accountsModule.AccountVerifyGETHandler(ctx) @@ -54,13 +59,27 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() { defer result.Body.Close() // check the response - b, err := ioutil.ReadAll(result.Body) - assert.NoError(suite.T(), err) + b, err := io.ReadAll(result.Body) + if err != nil { + suite.FailNow(err.Error()) + } // unmarshal the returned account apimodelAccount := &apimodel.Account{} err = json.Unmarshal(b, apimodelAccount) - suite.NoError(err) + if err != nil { + suite.FailNow(err.Error()) + } + + return apimodelAccount +} + +// We should see public account information and profile source for a normal user. +func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() { + fixtureName := "local_account_1" + testAccount := suite.testAccounts[fixtureName] + + apimodelAccount := suite.accountVerifyGet(fixtureName) createdAt, err := time.Parse(time.RFC3339, apimodelAccount.CreatedAt) suite.NoError(err) @@ -85,6 +104,43 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() { suite.Equal(testAccount.NoteRaw, apimodelAccount.Source.Note) } +// testAccountVerifyGetRole calls the verify_credentials API method for a given account fixture name, +// and checks the response for permissions appropriate to the role. +func (suite *AccountVerifyTestSuite) testAccountVerifyGetRole(fixtureName string) { + testUser := suite.testUsers[fixtureName] + + apimodelAccount := suite.accountVerifyGet(fixtureName) + + if suite.NotNil(apimodelAccount.Role) { + switch { + case *testUser.Admin: + suite.Equal("admin", string(apimodelAccount.Role.Name)) + suite.NotZero(apimodelAccount.Role.Permissions) + suite.True(apimodelAccount.Role.Highlighted) + + case *testUser.Moderator: + suite.Equal("moderator", string(apimodelAccount.Role.Name)) + suite.Zero(apimodelAccount.Role.Permissions) + suite.True(apimodelAccount.Role.Highlighted) + + default: + suite.Equal("user", string(apimodelAccount.Role.Name)) + suite.Zero(apimodelAccount.Role.Permissions) + suite.False(apimodelAccount.Role.Highlighted) + } + } +} + +// We should see a role for a normal user, and that role should not have any permissions. +func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleUser() { + suite.testAccountVerifyGetRole("local_account_1") +} + +// We should see a role for an admin user, and that role should have some permissions. +func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleAdmin() { + suite.testAccountVerifyGetRole("admin_account") +} + func TestAccountVerifyTestSuite(t *testing.T) { suite.Run(t, new(AccountVerifyTestSuite)) } diff --git a/internal/api/client/admin/accountsgetv2_test.go b/internal/api/client/admin/accountsgetv2_test.go index 15eb8534b..83f394803 100644 --- a/internal/api/client/admin/accountsgetv2_test.go +++ b/internal/api/client/admin/accountsgetv2_test.go @@ -70,7 +70,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -109,10 +113,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -127,7 +128,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -156,9 +161,13 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -173,7 +182,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -214,7 +227,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "en", "invite_request": "I wanna be on this damned webbed site so bad! Please! Wow", "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -244,10 +261,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -262,7 +276,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "en", "invite_request": "hi, please let me in! I'm looking for somewhere neato bombeato to hang out.", "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -289,10 +307,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "statuses_count": 0, "last_status_at": null, "emojis": [], - "fields": [], - "role": { - "name": "user" - } + "fields": [] }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -307,7 +322,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -348,7 +367,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -389,7 +412,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -431,7 +458,11 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -511,7 +542,11 @@ func (suite *AccountsGetTestSuite) TestAccountsMinID() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, diff --git a/internal/api/client/admin/reportsget_test.go b/internal/api/client/admin/reportsget_test.go index 5dead789a..5213dd574 100644 --- a/internal/api/client/admin/reportsget_test.go +++ b/internal/api/client/admin/reportsget_test.go @@ -157,7 +157,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -198,7 +202,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -237,10 +245,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -255,7 +260,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -284,9 +293,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -301,7 +314,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -330,9 +347,13 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -360,7 +381,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -399,10 +424,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -417,7 +439,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetAll() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -605,7 +631,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -644,10 +674,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -662,7 +689,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetCreatedByAccount() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -850,7 +881,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -889,10 +924,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -907,7 +939,11 @@ func (suite *ReportsGetTestSuite) TestReportsGetTargetAccount() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, diff --git a/internal/api/client/instance/instancepatch_test.go b/internal/api/client/instance/instancepatch_test.go index 095e2e543..f12638f82 100644 --- a/internal/api/client/instance/instancepatch_test.go +++ b/internal/api/client/instance/instancepatch_test.go @@ -176,9 +176,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch1() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ @@ -312,9 +316,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch2() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ @@ -448,9 +456,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch3() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ @@ -635,9 +647,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch6() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ @@ -797,9 +813,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch8() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ @@ -970,9 +990,13 @@ func (suite *InstancePatchTestSuite) TestInstancePatch9() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [ diff --git a/internal/api/client/statuses/statushistory_test.go b/internal/api/client/statuses/statushistory_test.go index cadf3cb72..bcbeeba7d 100644 --- a/internal/api/client/statuses/statushistory_test.go +++ b/internal/api/client/statuses/statushistory_test.go @@ -118,10 +118,7 @@ func (suite *StatusHistoryTestSuite) TestGetHistory() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "poll": null, "media_attachments": [], diff --git a/internal/api/client/statuses/statusmute_test.go b/internal/api/client/statuses/statusmute_test.go index 62be671fa..e506f8717 100644 --- a/internal/api/client/statuses/statusmute_test.go +++ b/internal/api/client/statuses/statusmute_test.go @@ -136,10 +136,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "media_attachments": [], "mentions": [], @@ -224,10 +221,7 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "media_attachments": [], "mentions": [], diff --git a/internal/api/model/account.go b/internal/api/model/account.go index c5b629db0..0eaf52734 100644 --- a/internal/api/model/account.go +++ b/internal/api/model/account.go @@ -18,8 +18,11 @@ package model import ( + "encoding/json" + "errors" "mime/multipart" "net" + "strconv" ) // Account models a fediverse account. @@ -105,8 +108,13 @@ type Account struct { // Key/value omitted if false. HideCollections bool `json:"hide_collections,omitempty"` // Role of the account on this instance. + // Only available through the `verify_credentials` API method. // Key/value omitted for remote accounts. Role *AccountRole `json:"role,omitempty"` + // Roles lists the public roles of the account on this instance. + // Unlike Role, this is always available, but never includes permissions details. + // Key/value omitted for remote accounts. + Roles []AccountDisplayRole `json:"roles,omitempty"` // If set, indicates that this account is currently inactive, and has migrated to the given account. // Key/value omitted for accounts that haven't moved, and for suspended accounts. Moved *Account `json:"moved,omitempty"` @@ -286,11 +294,35 @@ type AccountAliasRequest struct { AlsoKnownAsURIs []string `form:"also_known_as_uris" json:"also_known_as_uris" xml:"also_known_as_uris"` } +// AccountDisplayRole models a public, displayable role of an account. +// This is a subset of AccountRole. +// +// swagger:model accountDisplayRole +type AccountDisplayRole struct { + // ID of the role. + // Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID. + ID string `json:"id"` + + // Name of the role. + Name AccountRoleName `json:"name"` + + // Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color. + // Since GotoSocial doesn't use role colors, we leave this empty. + Color string `json:"color"` +} + // AccountRole models the role of an account. // // swagger:model accountRole type AccountRole struct { - Name AccountRoleName `json:"name"` + AccountDisplayRole + + // Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform. + Permissions AccountRolePermissions `json:"permissions"` + + // Highlighted indicates whether the role is publicly visible on the user profile. + // This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise. + Highlighted bool `json:"highlighted"` } // AccountRoleName represent the name of the role of an account. @@ -305,6 +337,103 @@ const ( AccountRoleUnknown AccountRoleName = "" // We don't know / remote account ) +// AccountRolePermissions is a bitmap representing a set of user permissions. +// It's used for Mastodon API compatibility: internally, GotoSocial only tracks admins and moderators. +// +// swagger:type string +type AccountRolePermissions int + +// MarshalJSON serializes an AccountRolePermissions as a numeric string. +func (a *AccountRolePermissions) MarshalJSON() ([]byte, error) { + return json.Marshal(strconv.Itoa(int(*a))) +} + +// UnmarshalJSON deserializes an AccountRolePermissions from a number or numeric string. +func (a *AccountRolePermissions) UnmarshalJSON(b []byte) error { + if string(b) == "null" { + return nil + } + + i := 0 + if err := json.Unmarshal(b, &i); err != nil { + s := "" + if err := json.Unmarshal(b, &s); err != nil { + return errors.New("not a number or string") + } + + i, err = strconv.Atoi(s) + if err != nil { + return errors.New("not a numeric string") + } + } + + *a = AccountRolePermissions(i) + return nil +} + +const ( + // AccountRolePermissionsNone represents an empty set of permissions. + AccountRolePermissionsNone AccountRolePermissions = 0 + // AccountRolePermissionsAdministrator ignores all permission checks. + AccountRolePermissionsAdministrator AccountRolePermissions = 1 << (iota - 1) + // AccountRolePermissionsDevops is not used by GotoSocial. + AccountRolePermissionsDevops + // AccountRolePermissionsViewAuditLog is not used by GotoSocial. + AccountRolePermissionsViewAuditLog + // AccountRolePermissionsViewDashboard is not used by GotoSocial. + AccountRolePermissionsViewDashboard + // AccountRolePermissionsManageReports indicates that the user can view and resolve reports. + AccountRolePermissionsManageReports + // AccountRolePermissionsManageFederation indicates that the user can edit federation allows and blocks. + AccountRolePermissionsManageFederation + // AccountRolePermissionsManageSettings indicates that the user can edit instance metadata. + AccountRolePermissionsManageSettings + // AccountRolePermissionsManageBlocks indicates that the user can manage non-federation blocks, currently including HTTP header blocks. + AccountRolePermissionsManageBlocks + // AccountRolePermissionsManageTaxonomies is not used by GotoSocial. + AccountRolePermissionsManageTaxonomies + // AccountRolePermissionsManageAppeals is not used by GotoSocial. + AccountRolePermissionsManageAppeals + // AccountRolePermissionsManageUsers indicates that the user can view user details and perform user moderation actions. + AccountRolePermissionsManageUsers + // AccountRolePermissionsManageInvites is not used by GotoSocial. + AccountRolePermissionsManageInvites + // AccountRolePermissionsManageRules indicates that the user can edit instance rules. + AccountRolePermissionsManageRules + // AccountRolePermissionsManageAnnouncements is not used by GotoSocial. + AccountRolePermissionsManageAnnouncements + // AccountRolePermissionsManageCustomEmojis indicates that the user can edit custom emoji. + AccountRolePermissionsManageCustomEmojis + // AccountRolePermissionsManageWebhooks is not used by GotoSocial. + AccountRolePermissionsManageWebhooks + // AccountRolePermissionsInviteUsers is not used by GotoSocial. + AccountRolePermissionsInviteUsers + // AccountRolePermissionsManageRoles is not used by GotoSocial. + AccountRolePermissionsManageRoles + // AccountRolePermissionsManageUserAccess is not used by GotoSocial. + AccountRolePermissionsManageUserAccess + // AccountRolePermissionsDeleteUserData indicates that the user can permanently delete user data. + AccountRolePermissionsDeleteUserData + + // FUTURE: If we decide to assign our own permissions bits, + // they should start at the other end of the int to avoid conflicts with future Mastodon permissions. + + // AccountRolePermissionsForAdminRole includes all of the permissions assigned to GotoSocial's built-in administrator role. + AccountRolePermissionsForAdminRole = AccountRolePermissionsAdministrator | + AccountRolePermissionsManageReports | + AccountRolePermissionsManageFederation | + AccountRolePermissionsManageSettings | + AccountRolePermissionsManageBlocks | + AccountRolePermissionsManageUsers | + AccountRolePermissionsManageRules | + AccountRolePermissionsManageCustomEmojis | + AccountRolePermissionsDeleteUserData + + // AccountRolePermissionsForModeratorRole includes all of the permissions assigned to GotoSocial's built-in moderator role. + // (Currently, there aren't any.) + AccountRolePermissionsForModeratorRole = AccountRolePermissionsNone +) + // AccountNoteRequest models a request to update the private note for an account. // // swagger:ignore diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go index 70230cd89..b85d24eee 100644 --- a/internal/typeutils/internaltofrontend.go +++ b/internal/typeutils/internaltofrontend.go @@ -100,13 +100,13 @@ func (c *Converter) UserToAPIUser(ctx context.Context, u *gtsmodel.User) *apimod return user } -// AppToAPIAppSensitive takes a db model application as a param, and returns a populated apitype application, or an error +// AccountToAPIAccountSensitive takes a db model application as a param, and returns a populated apitype application, or an error // if something goes wrong. The returned application should be ready to serialize on an API level, and may have sensitive fields // (such as client id and client secret), so serve it only to an authorized user who should have permission to see it. func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) { // We can build this sensitive account model // by first getting the public account, and - // then adding the Source object to it. + // then adding the Source object and role permissions bitmap to it. apiAccount, err := c.AccountToAPIAccountPublic(ctx, a) if err != nil { return nil, err @@ -122,6 +122,13 @@ func (c *Converter) AccountToAPIAccountSensitive(ctx context.Context, a *gtsmode } } + // Populate the account's role permissions bitmap and highlightedness from its public role. + if len(apiAccount.Roles) > 0 { + apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(&apiAccount.Roles[0]) + } else { + apiAccount.Role = c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil) + } + statusContentType := string(apimodel.StatusContentTypeDefault) if a.Settings.StatusContentType != "" { statusContentType = a.Settings.StatusContentType @@ -299,7 +306,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A var ( acct string - role *apimodel.AccountRole + roles []apimodel.AccountDisplayRole enableRSS bool theme string customCSS string @@ -324,14 +331,8 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A if err != nil { return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err) } - - switch { - case *user.Admin: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin} - case *user.Moderator: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator} - default: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser} + if role := c.UserToAPIAccountDisplayRole(user); role != nil { + roles = append(roles, *role) } enableRSS = *a.Settings.EnableRSS @@ -380,7 +381,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A CustomCSS: customCSS, EnableRSS: enableRSS, HideCollections: hideCollections, - Role: role, + Roles: roles, } // Bodge default avatar + header in, @@ -391,6 +392,56 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A return accountFrontend, nil } +// UserToAPIAccountDisplayRole returns the API representation of a user's display role. +// This will accept a nil user but does not always return a value: +// the default "user" role is considered uninteresting and not returned. +func (c *Converter) UserToAPIAccountDisplayRole(user *gtsmodel.User) *apimodel.AccountDisplayRole { + switch { + case user == nil: + return nil + case *user.Admin: + return &apimodel.AccountDisplayRole{ + ID: string(apimodel.AccountRoleAdmin), + Name: apimodel.AccountRoleAdmin, + } + case *user.Moderator: + return &apimodel.AccountDisplayRole{ + ID: string(apimodel.AccountRoleModerator), + Name: apimodel.AccountRoleModerator, + } + default: + return nil + } +} + +// APIAccountDisplayRoleToAPIAccountRoleSensitive returns the API representation of a user's role, +// with permission bitmap. This will accept a nil display role and always returns a value. +func (c *Converter) APIAccountDisplayRoleToAPIAccountRoleSensitive(display *apimodel.AccountDisplayRole) *apimodel.AccountRole { + // Default to user role. + role := &apimodel.AccountRole{ + AccountDisplayRole: apimodel.AccountDisplayRole{ + ID: string(apimodel.AccountRoleUser), + Name: apimodel.AccountRoleUser, + }, + Permissions: apimodel.AccountRolePermissionsNone, + Highlighted: false, + } + + // If there's a display role, use that instead. + if display != nil { + role.AccountDisplayRole = *display + role.Highlighted = true + switch display.Name { + case apimodel.AccountRoleAdmin: + role.Permissions = apimodel.AccountRolePermissionsForAdminRole + case apimodel.AccountRoleModerator: + role.Permissions = apimodel.AccountRolePermissionsForModeratorRole + } + } + + return role +} + func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field { fields := make([]apimodel.Field, len(f)) @@ -416,8 +467,8 @@ func (c *Converter) fieldsToAPIFields(f []*gtsmodel.Field) []apimodel.Field { // when someone wants to view an account they've blocked. func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.Account) (*apimodel.Account, error) { var ( - acct string - role *apimodel.AccountRole + acct string + roles []apimodel.AccountDisplayRole ) if a.IsRemote() { @@ -438,14 +489,8 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel. if err != nil { return nil, gtserror.Newf("error getting user from database for account id %s: %w", a.ID, err) } - - switch { - case *user.Admin: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleAdmin} - case *user.Moderator: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleModerator} - default: - role = &apimodel.AccountRole{Name: apimodel.AccountRoleUser} + if role := c.UserToAPIAccountDisplayRole(user); role != nil { + roles = append(roles, *role) } } @@ -464,7 +509,7 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel. // Empty array (not nillable). Fields: make([]apimodel.Field, 0), Suspended: !a.SuspendedAt.IsZero(), - Role: role, + Roles: roles, } // Don't show the account's actual @@ -487,7 +532,7 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac inviteRequest *string approved bool disabled bool - role = apimodel.AccountRole{Name: apimodel.AccountRoleUser} // assume user by default + role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive(nil) createdByApplicationID string ) @@ -527,11 +572,9 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac inviteRequest = &user.Reason } - if *user.Admin { - role.Name = apimodel.AccountRoleAdmin - } else if *user.Moderator { - role.Name = apimodel.AccountRoleModerator - } + role = *c.APIAccountDisplayRoleToAPIAccountRoleSensitive( + c.UserToAPIAccountDisplayRole(user), + ) confirmed = !user.ConfirmedAt.IsZero() approved = *user.Approved diff --git a/internal/typeutils/internaltofrontend_test.go b/internal/typeutils/internaltofrontend_test.go index 46f6c2455..307b5f163 100644 --- a/internal/typeutils/internaltofrontend_test.go +++ b/internal/typeutils/internaltofrontend_test.go @@ -68,10 +68,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontend() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }`, string(b)) } @@ -135,7 +132,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved() }, "enable_rss": true, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "moved": { "id": "01F8MH5NBDF2MV7CTC4Q5128HF", @@ -169,10 +170,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendAliasedAndMoved() "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true } }`, string(b)) } @@ -222,10 +220,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiStruct() } ], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }`, string(b)) } @@ -272,10 +267,7 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendWithEmojiIDs() { } ], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }`, string(b)) } @@ -321,7 +313,11 @@ func (suite *InternalToFrontendTestSuite) TestAccountToFrontendSensitive() { }, "enable_rss": true, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false } }`, string(b)) } @@ -494,9 +490,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontend() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "media_attachments": [ { @@ -667,9 +667,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredStatusToFrontend() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "media_attachments": [ { @@ -849,10 +853,7 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() { "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "media_attachments": [ { @@ -980,9 +981,13 @@ func (suite *InternalToFrontendTestSuite) TestWarnFilteredBoostToFrontend() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "media_attachments": [], "mentions": [], @@ -1518,9 +1523,13 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendUnknownLanguage() "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "media_attachments": [ { @@ -1657,10 +1666,7 @@ func (suite *InternalToFrontendTestSuite) TestStatusToFrontendPartialInteraction "last_status_at": "2024-01-10T09:24:00.000Z", "emojis": [], "fields": [], - "enable_rss": true, - "role": { - "name": "user" - } + "enable_rss": true }, "media_attachments": [], "mentions": [], @@ -1853,9 +1859,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV1ToFrontend() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "max_toot_chars": 5000, "rules": [], @@ -1989,9 +1999,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] } }, "rules": [], @@ -2158,10 +2172,7 @@ func (suite *InternalToFrontendTestSuite) TestReportToFrontend2() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true } }`, string(b)) } @@ -2194,7 +2205,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -2235,7 +2250,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -2274,10 +2293,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -2292,7 +2308,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -2321,9 +2341,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -2338,7 +2362,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -2367,9 +2395,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend1() { "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -2407,7 +2439,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() { "locale": "en", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -2446,10 +2482,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() { "verified_at": null } ], - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true }, "created_by_application_id": "01F8MGY43H3N2C8EWPR2FPYEXG" }, @@ -2464,7 +2497,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontend2() { "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -2665,7 +2702,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": false, "approved": false, @@ -2706,7 +2747,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "locale": "", "invite_request": null, "role": { - "name": "user" + "id": "user", + "name": "user", + "color": "", + "permissions": "0", + "highlighted": false }, "confirmed": true, "approved": true, @@ -2735,10 +2780,7 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "emojis": [], "fields": [], "suspended": true, - "hide_collections": true, - "role": { - "name": "user" - } + "hide_collections": true } }, "assigned_account": { @@ -2752,7 +2794,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -2781,9 +2827,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, @@ -2798,7 +2848,11 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "locale": "en", "invite_request": null, "role": { - "name": "admin" + "id": "admin", + "name": "admin", + "color": "", + "permissions": "546033", + "highlighted": true }, "confirmed": true, "approved": true, @@ -2827,9 +2881,13 @@ func (suite *InternalToFrontendTestSuite) TestAdminReportToFrontendSuspendedLoca "emojis": [], "fields": [], "enable_rss": true, - "role": { - "name": "admin" - } + "roles": [ + { + "id": "admin", + "name": "admin", + "color": "" + } + ] }, "created_by_application_id": "01F8MGXQRHYF5QPMTMXP78QC2F" }, diff --git a/web/template/profile.tmpl b/web/template/profile.tmpl index adeb83f3e..bf58d660b 100644 --- a/web/template/profile.tmpl +++ b/web/template/profile.tmpl @@ -173,9 +173,11 @@
Username
@{{- .account.Username -}}@{{- .instance.AccountDomain -}}
- {{- if and (.account.Role) (ne .account.Role.Name "user") }} + {{- if .account.Roles }}
Role
-
{{- .account.Role.Name -}}
+ {{- range .account.Roles }} +
{{- .Name -}}
+ {{- end }} {{- end }}