Implement Mastodon-compatible roles

- Account.role should only be available through verify_credentials for checking current user's permissions
- Account.role now carries a Mastodon-compatible permissions bitmap and a marker for whether it should be shown to the public
- Account.roles added for public display roles (undocumented but stable since Mastodon 4.1)
- Web template now uses only public display roles (no user-visible change here, we already special-cased the `user` role)

docs/api/swagger.yaml

@@ -304,6 +304,15 @@ definitions:
                 x-go-name: Note
             role:
                 $ref: '#/definitions/accountRole'
+            roles:
+                description: |-
+                    Roles lists the public roles of the account on this instance.
+                    Unlike Role, this is always available, but never includes permissions details.
+                    Key/value omitted for remote accounts.
+                items:
+                    $ref: '#/definitions/accountDisplayRole'
+                type: array
+                x-go-name: Roles
             source:
                 $ref: '#/definitions/Source'
             statuses_count:
@@ -333,6 +342,29 @@ definitions:
         type: object
         x-go-name: Account
         x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
+    accountDisplayRole:
+        description: This is a subset of AccountRole.
+        properties:
+            color:
+                description: |-
+                    Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
+                    Since GotoSocial doesn't use role colors, we leave this empty.
+                type: string
+                x-go-name: Color
+            id:
+                description: |-
+                    ID of the role.
+                    Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
+                type: string
+                x-go-name: ID
+            name:
+                description: Name of the role.
+                type: string
+                x-go-name: Name
+        title: AccountDisplayRole models a public, displayable role of an account.
+        type: object
+        x-go-name: AccountDisplayRole
+        x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
     accountRelationship:
         properties:
             blocked_by:
@@ -398,9 +430,32 @@ definitions:
         x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
     accountRole:
         properties:
+            color:
+                description: |-
+                    Color is a 6-digit CSS-style hex color code with leading `#`, or an empty string if this role has no color.
+                    Since GotoSocial doesn't use role colors, we leave this empty.
+                type: string
+                x-go-name: Color
+            highlighted:
+                description: |-
+                    Highlighted indicates whether the role is publicly visible on the user profile.
+                    This is always true for GotoSocial's built-in admin and moderator roles, and false otherwise.
+                type: boolean
+                x-go-name: Highlighted
+            id:
+                description: |-
+                    ID of the role.
+                    Not used by GotoSocial, but we set it to the role name, just in case a client expects a unique ID.
+                type: string
+                x-go-name: ID
             name:
+                description: Name of the role.
                 type: string
                 x-go-name: Name
+            permissions:
+                description: Permissions is a bitmap serialized as a numeric string, indicating which admin/moderation actions a user can perform.
+                type: string
+                x-go-name: Permissions
         title: AccountRole models the role of an account.
         type: object
         x-go-name: AccountRole
@@ -2159,6 +2214,15 @@ definitions:
                 x-go-name: Note
             role:
                 $ref: '#/definitions/accountRole'
+            roles:
+                description: |-
+                    Roles lists the public roles of the account on this instance.
+                    Unlike Role, this is always available, but never includes permissions details.
+                    Key/value omitted for remote accounts.
+                items:
+                    $ref: '#/definitions/accountDisplayRole'
+                type: array
+                x-go-name: Roles
             source:
                 $ref: '#/definitions/Source'
             statuses_count:

internal/api/client/accounts/accountget_test.go

@@ -0,0 +1,102 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors [email protected]
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts_test
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+)
+
+type AccountGetTestSuite struct {
+	AccountStandardTestSuite
+}
+
+// accountVerifyGet calls the get account API method for a given account fixture name.
+func (suite *AccountGetTestSuite) getAccount(id string) *apimodel.Account {
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.BasePath+"/"+id, "")
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   accounts.IDKey,
+			Value: id,
+		},
+	}
+
+	// call the handler
+	suite.accountsModule.AccountGETHandler(ctx)
+
+	// 1. we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	// 2. we should have no error message in the result body
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	// check the response
+	b, err := io.ReadAll(result.Body)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	// unmarshal the returned account
+	apimodelAccount := &apimodel.Account{}
+	err = json.Unmarshal(b, apimodelAccount)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	return apimodelAccount
+}
+
+// We should not see a display role for an ordinary local account.
+func (suite *AccountGetTestSuite) TestGetDisplayRoleForUserAccount() {
+	apimodelAccount := suite.getAccount(suite.testAccounts["local_account_1"].ID)
+
+	// Role should not be set.
+	suite.Nil(apimodelAccount.Role)
+
+	// Roles should not have anything in it.
+	suite.Empty(apimodelAccount.Roles)
+}
+
+// We should be able to get a display role for an admin account.
+func (suite *AccountGetTestSuite) TestGetDisplayRoleForAdminAccount() {
+	apimodelAccount := suite.getAccount(suite.testAccounts["admin_account"].ID)
+
+	// Role should not be set.
+	suite.Nil(apimodelAccount.Role)
+
+	// Roles should have exactly one display role.
+	if suite.Len(apimodelAccount.Roles, 1) {
+		role := apimodelAccount.Roles[0]
+		suite.Equal("admin", string(role.Name))
+		suite.NotEmpty(role.ID)
+	}
+}
+
+func TestAccountGetTestSuite(t *testing.T) {
+	suite.Run(t, new(AccountGetTestSuite))
+}

internal/api/client/accounts/accountverify_test.go

@@ -19,30 +19,35 @@ package accounts_test
 
 import (
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"
 
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 type AccountVerifyTestSuite struct {
 	AccountStandardTestSuite
 }
 
-func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
-	testAccount := suite.testAccounts["local_account_1"]
-
+// accountVerifyGet calls the verify_credentials API method for a given account fixture name.
+// Assumes token and user fixture names are the same as the account fixture name.
+func (suite *AccountVerifyTestSuite) accountVerifyGet(fixtureName string) *apimodel.Account {
 	// set up the request
 	recorder := httptest.NewRecorder()
 	ctx := suite.newContext(recorder, http.MethodGet, nil, accounts.VerifyPath, "")
 
+	// override the account that we're authenticated as
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[fixtureName])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[fixtureName]))
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[fixtureName])
+
 	// call the handler
 	suite.accountsModule.AccountVerifyGETHandler(ctx)
 
@@ -54,13 +59,27 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
 	defer result.Body.Close()
 
 	// check the response
-	b, err := ioutil.ReadAll(result.Body)
-	assert.NoError(suite.T(), err)
+	b, err := io.ReadAll(result.Body)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
 
 	// unmarshal the returned account
 	apimodelAccount := &apimodel.Account{}
 	err = json.Unmarshal(b, apimodelAccount)
-	suite.NoError(err)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	return apimodelAccount
+}
+
+// We should see public account information and profile source for a normal user.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
+	fixtureName := "local_account_1"
+	testAccount := suite.testAccounts[fixtureName]
+
+	apimodelAccount := suite.accountVerifyGet(fixtureName)
 
 	createdAt, err := time.Parse(time.RFC3339, apimodelAccount.CreatedAt)
 	suite.NoError(err)
@@ -85,6 +104,43 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
 	suite.Equal(testAccount.NoteRaw, apimodelAccount.Source.Note)
 }
 
+// testAccountVerifyGetRole calls the verify_credentials API method for a given account fixture name,
+// and checks the response for permissions appropriate to the role.
+func (suite *AccountVerifyTestSuite) testAccountVerifyGetRole(fixtureName string) {
+	testUser := suite.testUsers[fixtureName]
+
+	apimodelAccount := suite.accountVerifyGet(fixtureName)
+
+	if suite.NotNil(apimodelAccount.Role) {
+		switch {
+		case *testUser.Admin:
+			suite.Equal("admin", string(apimodelAccount.Role.Name))
+			suite.NotZero(apimodelAccount.Role.Permissions)
+			suite.True(apimodelAccount.Role.Highlighted)
+
+		case *testUser.Moderator:
+			suite.Equal("moderator", string(apimodelAccount.Role.Name))
+			suite.Zero(apimodelAccount.Role.Permissions)
+			suite.True(apimodelAccount.Role.Highlighted)
+
+		default:
+			suite.Equal("user", string(apimodelAccount.Role.Name))
+			suite.Zero(apimodelAccount.Role.Permissions)
+			suite.False(apimodelAccount.Role.Highlighted)
+		}
+	}
+}
+
+// We should see a role for a normal user, and that role should not have any permissions.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleUser() {
+	suite.testAccountVerifyGetRole("local_account_1")
+}
+
+// We should see a role for an admin user, and that role should have some permissions.
+func (suite *AccountVerifyTestSuite) TestAccountVerifyGetRoleAdmin() {
+	suite.testAccountVerifyGetRole("admin_account")
+}
+
 func TestAccountVerifyTestSuite(t *testing.T) {
 	suite.Run(t, new(AccountVerifyTestSuite))
 }