diff --git a/locales/en-US.yml b/locales/en-US.yml index 8570addfa2..313126d669 100644 --- a/locales/en-US.yml +++ b/locales/en-US.yml @@ -2119,6 +2119,7 @@ _permissions: "read:flash-likes": "View list of liked Plays" "write:flash-likes": "Edit list of liked Plays" "read:admin:abuse-user-reports": "View user reports" + "write:admin:create-account": "Create user account" "write:admin:delete-account": "Delete user account" "write:admin:delete-all-files-of-a-user": "Delete all files of a user" "read:admin:index-stats": "View database index stats" diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index 5d8e1a5e72..fdc2ce045b 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -2163,6 +2163,7 @@ _permissions: "read:flash-likes": "Playのいいねを見る" "write:flash-likes": "Playのいいねを操作する" "read:admin:abuse-user-reports": "ユーザーからの通報を見る" + "write:admin:create-account": "ユーザーアカウントを作成する" "write:admin:delete-account": "ユーザーアカウントを削除する" "write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する" "read:admin:index-stats": "データベースインデックスに関する情報を見る" diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index 29e1ddd5a0..798328739a 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -92,6 +92,9 @@ export default class extends Endpoint { // eslint- } else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) { // 管理者でない場合 throw new ApiError(meta.errors.accessDenied); + } else if (!(token?.permission.includes('write:admin:create-account')) && !(me?.token === token?.token)) { + // 作成権限がない場合 + throw new ApiError(meta.errors.accessDenied); } const { account, secret } = await this.signupService.signup({ diff --git a/packages/backend/test/e2e/admin-create-account.ts b/packages/backend/test/e2e/admin-create-account.ts index 357d624d3d..830ec52935 100644 --- a/packages/backend/test/e2e/admin-create-account.ts +++ b/packages/backend/test/e2e/admin-create-account.ts @@ -64,7 +64,7 @@ describe('Admin Create User', () => { test('Revoking Admin Role', async () => { const res = await api('admin/roles/delete', {roleId: formerAdminRole.id}, admin); - assert.strictEqual(res.status, 200); + assert.strictEqual(res.status, 204); const res2 = await api('admin/roles/delete', {roleId: adminRole.id}, formerAdmin); assert.strictEqual(res2.status, 403); diff --git a/packages/misskey-js/etc/misskey-js.api.md b/packages/misskey-js/etc/misskey-js.api.md index 8ac48678ed..2457783311 100644 --- a/packages/misskey-js/etc/misskey-js.api.md +++ b/packages/misskey-js/etc/misskey-js.api.md @@ -2876,7 +2876,7 @@ type PartialRolePolicyOverride = Partial<{ }>; // @public (undocumented) -export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"]; +export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:create-account", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"]; // @public (undocumented) type PingResponse = operations['ping']['responses']['200']['content']['application/json']; diff --git a/packages/misskey-js/src/autogen/apiClientJSDoc.ts b/packages/misskey-js/src/autogen/apiClientJSDoc.ts index e2c7cbba52..236eb87131 100644 --- a/packages/misskey-js/src/autogen/apiClientJSDoc.ts +++ b/packages/misskey-js/src/autogen/apiClientJSDoc.ts @@ -88,7 +88,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *No* + * **Credential required**: *No* / **Permission**: *write:admin:create-account* */ request( endpoint: E, diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts index 5f9b4316f3..227a9c5377 100644 --- a/packages/misskey-js/src/autogen/types.ts +++ b/packages/misskey-js/src/autogen/types.ts @@ -85,7 +85,7 @@ export type paths = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* + * **Credential required**: *No* / **Permission**: *write:admin:create-account* */ post: operations['admin___accounts___create']; }; @@ -5659,7 +5659,7 @@ export type operations = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* + * **Credential required**: *No* / **Permission**: *write:admin:create-account* */ admin___accounts___create: { requestBody: { diff --git a/packages/misskey-js/src/consts.ts b/packages/misskey-js/src/consts.ts index c5911a70eb..40cc44763f 100644 --- a/packages/misskey-js/src/consts.ts +++ b/packages/misskey-js/src/consts.ts @@ -64,6 +64,7 @@ export const permissions = [ 'read:flash-likes', 'write:flash-likes', 'read:admin:abuse-user-reports', + 'write:admin:create-account', 'write:admin:delete-account', 'write:admin:delete-all-files-of-a-user', 'read:admin:index-stats',