diff --git a/src/routes/channels/delete_channel.rs b/src/routes/channels/delete_channel.rs index 9fd0881f..7fc65de1 100644 --- a/src/routes/channels/delete_channel.rs +++ b/src/routes/channels/delete_channel.rs @@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> { .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } match &target { diff --git a/src/routes/channels/fetch_channel.rs b/src/routes/channels/fetch_channel.rs index d5e68674..75a7d5b0 100644 --- a/src/routes/channels/fetch_channel.rs +++ b/src/routes/channels/fetch_channel.rs @@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result { .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } Ok(json!(target)) diff --git a/src/routes/channels/group_add_member.rs b/src/routes/channels/group_add_member.rs index 4ff36fd9..e925fd92 100644 --- a/src/routes/channels/group_add_member.rs +++ b/src/routes/channels/group_add_member.rs @@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> { .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } if let Channel::Group { id, recipients, .. } = &channel { diff --git a/src/routes/channels/group_remove_member.rs b/src/routes/channels/group_remove_member.rs index 08bd4e31..e12414bf 100644 --- a/src/routes/channels/group_remove_member.rs +++ b/src/routes/channels/group_remove_member.rs @@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> { { if &user.id != owner { // figure out if we want to use perm system here - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } if recipients.iter().find(|x| *x == &member.id).is_none() { diff --git a/src/routes/channels/message_delete.rs b/src/routes/channels/message_delete.rs index 85bdfed9..fa794d77 100644 --- a/src/routes/channels/message_delete.rs +++ b/src/routes/channels/message_delete.rs @@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> { .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } let message = msg.fetch_message(&channel).await?; diff --git a/src/routes/channels/message_edit.rs b/src/routes/channels/message_edit.rs index dc559c20..15cdc48d 100644 --- a/src/routes/channels/message_edit.rs +++ b/src/routes/channels/message_edit.rs @@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json) -> Result< .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } let message = msg.fetch_message(&channel).await?; diff --git a/src/routes/channels/message_fetch.rs b/src/routes/channels/message_fetch.rs index 162e48db..d308c84a 100644 --- a/src/routes/channels/message_fetch.rs +++ b/src/routes/channels/message_fetch.rs @@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result { .for_channel() .await?; if !perm.get_view() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } let message = msg.fetch_message(&channel).await?; diff --git a/src/routes/channels/message_query.rs b/src/routes/channels/message_query.rs index c30967f8..dadf8b54 100644 --- a/src/routes/channels/message_query.rs +++ b/src/routes/channels/message_query.rs @@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form) -> Result/messages/stale", data = "")] pub async fn req(user: User, target: Ref, data: Json) -> Result { if data.ids.len() > 150 { - return Err(Error::LabelMe); + return Err(Error::TooManyIds); } let target = target.fetch_channel().await?; @@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json) -> Result) -> Result Result { .await?; if !perm.get_access() { - Err(Error::LabelMe)? + Err(Error::MissingPermission)? } Ok(json!(target.from(&user).with(perm))) diff --git a/src/routes/users/find_mutual.rs b/src/routes/users/find_mutual.rs index 7b3f1f64..2a31d4bd 100644 --- a/src/routes/users/find_mutual.rs +++ b/src/routes/users/find_mutual.rs @@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result { .find( doc! { "$and": [ - { "relations.id": &user.id }, - { "relations.id": &target.id } + { "relations._id": &user.id }, + { "relations._id": &target.id } ] }, FindOptions::builder().projection(doc! { "_id": 1 }).build(), diff --git a/src/util/result.rs b/src/util/result.rs index e69c48a5..0a1e982c 100644 --- a/src/util/result.rs +++ b/src/util/result.rs @@ -50,6 +50,8 @@ pub enum Error { NotInGroup, // ? General errors. + #[snafu(display("Trying to fetch too much data."))] + TooManyIds, #[snafu(display("Failed to validate fields."))] FailedValidation { error: ValidationErrors }, #[snafu(display("Encountered a database error."))] @@ -59,6 +61,8 @@ pub enum Error { }, #[snafu(display("Internal server error."))] InternalError, + #[snafu(display("Missing permission."))] + MissingPermission, #[snafu(display("Operation cannot be performed on this object."))] InvalidOperation, #[snafu(display("Already created an object with this nonce."))] @@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error { Error::FailedValidation { .. } => Status::UnprocessableEntity, Error::DatabaseError { .. } => Status::InternalServerError, Error::InternalError => Status::InternalServerError, + Error::MissingPermission => Status::Forbidden, Error::InvalidOperation => Status::BadRequest, + Error::TooManyIds => Status::BadRequest, Error::DuplicateNonce => Status::Conflict, Error::NoEffect => Status::Ok, };