Add role write:admin:create-account
Some checks failed
Lint / pnpm_install (pull_request) Successful in 1m43s
Publish Docker image / Build (pull_request) Successful in 5m18s
Test (production install and build) / production (20.16.0) (pull_request) Successful in 1m11s
Test (backend) / unit (20.16.0) (pull_request) Successful in 8m12s
Lint / lint (backend) (pull_request) Successful in 2m35s
Lint / lint (frontend) (pull_request) Successful in 2m19s
Lint / lint (frontend-embed) (pull_request) Successful in 2m32s
Lint / lint (frontend-shared) (pull_request) Successful in 2m24s
Test (backend) / e2e (20.16.0) (pull_request) Failing after 12m4s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m31s
Lint / lint (misskey-js) (pull_request) Successful in 2m13s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m21s
Lint / lint (sw) (pull_request) Successful in 2m28s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m27s
Lint / typecheck (backend) (pull_request) Successful in 2m38s
Lint / typecheck (sw) (pull_request) Successful in 1m36s

This commit is contained in:
ゆめ 2024-11-14 09:24:52 -06:00
commit 2748c91800
No known key found for this signature in database
8 changed files with 11 additions and 5 deletions

View file

@ -2119,6 +2119,7 @@ _permissions:
"read:flash-likes": "View list of liked Plays" "read:flash-likes": "View list of liked Plays"
"write:flash-likes": "Edit list of liked Plays" "write:flash-likes": "Edit list of liked Plays"
"read:admin:abuse-user-reports": "View user reports" "read:admin:abuse-user-reports": "View user reports"
"write:admin:create-account": "Create user account"
"write:admin:delete-account": "Delete user account" "write:admin:delete-account": "Delete user account"
"write:admin:delete-all-files-of-a-user": "Delete all files of a user" "write:admin:delete-all-files-of-a-user": "Delete all files of a user"
"read:admin:index-stats": "View database index stats" "read:admin:index-stats": "View database index stats"

View file

@ -2163,6 +2163,7 @@ _permissions:
"read:flash-likes": "Playのいいねを見る" "read:flash-likes": "Playのいいねを見る"
"write:flash-likes": "Playのいいねを操作する" "write:flash-likes": "Playのいいねを操作する"
"read:admin:abuse-user-reports": "ユーザーからの通報を見る" "read:admin:abuse-user-reports": "ユーザーからの通報を見る"
"write:admin:create-account": "ユーザーアカウントを作成する"
"write:admin:delete-account": "ユーザーアカウントを削除する" "write:admin:delete-account": "ユーザーアカウントを削除する"
"write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する" "write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する"
"read:admin:index-stats": "データベースインデックスに関する情報を見る" "read:admin:index-stats": "データベースインデックスに関する情報を見る"

View file

@ -92,6 +92,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) { } else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) {
// 管理者でない場合 // 管理者でない場合
throw new ApiError(meta.errors.accessDenied); throw new ApiError(meta.errors.accessDenied);
} else if (!(token?.permission.includes('write:admin:create-account')) && !(me?.token === token?.token)) {
// 作成権限がない場合
throw new ApiError(meta.errors.accessDenied);
} }
const { account, secret } = await this.signupService.signup({ const { account, secret } = await this.signupService.signup({

View file

@ -64,7 +64,7 @@ describe('Admin Create User', () => {
test('Revoking Admin Role', async () => { test('Revoking Admin Role', async () => {
const res = await api('admin/roles/delete', {roleId: formerAdminRole.id}, admin); const res = await api('admin/roles/delete', {roleId: formerAdminRole.id}, admin);
assert.strictEqual(res.status, 200); assert.strictEqual(res.status, 204);
const res2 = await api('admin/roles/delete', {roleId: adminRole.id}, formerAdmin); const res2 = await api('admin/roles/delete', {roleId: adminRole.id}, formerAdmin);
assert.strictEqual(res2.status, 403); assert.strictEqual(res2.status, 403);

View file

@ -2876,7 +2876,7 @@ type PartialRolePolicyOverride = Partial<{
}>; }>;
// @public (undocumented) // @public (undocumented)
export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"]; export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:create-account", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"];
// @public (undocumented) // @public (undocumented)
type PingResponse = operations['ping']['responses']['200']['content']['application/json']; type PingResponse = operations['ping']['responses']['200']['content']['application/json'];

View file

@ -88,7 +88,7 @@ declare module '../api.js' {
/** /**
* No description provided. * No description provided.
* *
* **Credential required**: *No* * **Credential required**: *No* / **Permission**: *write:admin:create-account*
*/ */
request<E extends 'admin/accounts/create', P extends Endpoints[E]['req']>( request<E extends 'admin/accounts/create', P extends Endpoints[E]['req']>(
endpoint: E, endpoint: E,

View file

@ -85,7 +85,7 @@ export type paths = {
* admin/accounts/create * admin/accounts/create
* @description No description provided. * @description No description provided.
* *
* **Credential required**: *No* * **Credential required**: *No* / **Permission**: *write:admin:create-account*
*/ */
post: operations['admin___accounts___create']; post: operations['admin___accounts___create'];
}; };
@ -5659,7 +5659,7 @@ export type operations = {
* admin/accounts/create * admin/accounts/create
* @description No description provided. * @description No description provided.
* *
* **Credential required**: *No* * **Credential required**: *No* / **Permission**: *write:admin:create-account*
*/ */
admin___accounts___create: { admin___accounts___create: {
requestBody: { requestBody: {

View file

@ -64,6 +64,7 @@ export const permissions = [
'read:flash-likes', 'read:flash-likes',
'write:flash-likes', 'write:flash-likes',
'read:admin:abuse-user-reports', 'read:admin:abuse-user-reports',
'write:admin:create-account',
'write:admin:delete-account', 'write:admin:delete-account',
'write:admin:delete-all-files-of-a-user', 'write:admin:delete-all-files-of-a-user',
'read:admin:index-stats', 'read:admin:index-stats',