feat(perms): consistently throw correct permissions

This commit is contained in:
Paul Makles
2022-02-22 21:41:12 +00:00
parent 7befd77c5b
commit 4c40c6c2cc
33 changed files with 134 additions and 264 deletions

View File

@@ -32,14 +32,11 @@ pub async fn invite_bot(
match dest.into_inner() { match dest.into_inner() {
Destination::Server { server } => { Destination::Server { server } => {
let server = db.fetch_server(&server).await?; let server = db.fetch_server(&server).await?;
if !perms(&user)
perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageServer)
.await .await?;
.can_manage_server()
{
return Error::from_permission(Permission::ManageServer);
}
let member = Member { let member = Member {
id: MemberCompositeKey { id: MemberCompositeKey {
@@ -53,14 +50,11 @@ pub async fn invite_bot(
} }
Destination::Group { group } => { Destination::Group { group } => {
let channel = db.fetch_channel(&group).await?; let channel = db.fetch_channel(&group).await?;
if !perms(&user)
perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::InviteOthers)
.await .await?;
.can_invite_others()
{
return Error::from_permission(Permission::InviteOthers);
}
if let Channel::Group { id, .. } = channel { if let Channel::Group { id, .. } = channel {
db.add_user_to_group(&id, &bot.id) db.add_user_to_group(&id, &bot.id)

View File

@@ -1,16 +1,12 @@
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result}; use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
#[put("/<target>/ack/<message>")] #[put("/<target>/ack/<message>")]
pub async fn req(db: &Db, user: User, target: Ref, message: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref, message: Ref) -> Result<EmptyResponse> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission(db, Permission::ViewChannel)
.await .await?;
.can_view_channel()
{
return Err(Error::NotFound);
}
channel channel
.ack(db, &user.id, &message.id) .ack(db, &user.id, &message.id)

View File

@@ -6,11 +6,8 @@ use revolt_quark::{
#[delete("/<target>")] #[delete("/<target>")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
let perm = perms(&user).channel(&channel).calc(db).await; let mut perms = perms(&user).channel(&channel);
perms.throw_permission(db, Permission::ViewChannel).await?;
if !perm.can_view_channel() {
return Err(Error::NotFound);
}
match &channel { match &channel {
Channel::SavedMessages { .. } => Err(Error::NoEffect), Channel::SavedMessages { .. } => Err(Error::NoEffect),
@@ -30,11 +27,11 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
.await .await
.map(|_| EmptyResponse), .map(|_| EmptyResponse),
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => { Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => {
if perm.can_manage_channel() { perms
.throw_permission(db, Permission::ManageChannel)
.await?;
channel.delete(db).await.map(|_| EmptyResponse) channel.delete(db).await.map(|_| EmptyResponse)
} else {
Error::from_permission(Permission::ManageChannel)
}
} }
} }
} }

View File

@@ -38,14 +38,10 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let mut channel = target.as_channel(db).await?; let mut channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::ManageChannel)
.await .await?;
.can_manage_channel()
{
return Error::from_permission(Permission::ManageChannel);
}
if data.name.is_none() if data.name.is_none()
&& data.description.is_none() && data.description.is_none()

View File

@@ -1,22 +1,17 @@
use revolt_quark::{ use revolt_quark::{
models::{Channel, User}, models::{Channel, User},
perms, Database, Error, Permission, Ref, Result, perms, Database, Permission, Ref, Result,
}; };
use rocket::{serde::json::Json, State}; use rocket::{serde::json::Json, State};
#[get("/<target>")] #[get("/<target>")]
pub async fn req(db: &State<Database>, user: User, target: Ref) -> Result<Json<Channel>> { pub async fn req(db: &State<Database>, user: User, target: Ref) -> Result<Json<Channel>> {
let target = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
perms(&user)
.channel(&channel)
.throw_permission(db, Permission::ViewChannel)
.await?;
if perms(&user) Ok(Json(channel))
.channel(&target)
.calc(db)
.await
.can_view_channel()
{
Ok(Json(target))
} else {
Error::from_permission(Permission::ViewChannel)
}
} }

View File

@@ -6,14 +6,10 @@ use revolt_quark::{
#[put("/<target>/recipients/<member>")] #[put("/<target>/recipients/<member>")]
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::InviteOthers)
.await .await?;
.can_invite_others()
{
return Error::from_permission(Permission::InviteOthers);
}
match &channel { match &channel {
Channel::Group { .. } => { Channel::Group { .. } => {

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{Invite, User}, models::{Invite, User},
perms, Db, Error, Permission, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -8,15 +8,10 @@ use rocket::serde::json::Json;
#[post("/<target>/invites")] #[post("/<target>/invites")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Invite>> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Invite>> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
perms(&user)
if !perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::InviteOthers)
.await .await?;
.can_invite_others()
{
return Error::from_permission(Permission::InviteOthers);
}
Invite::create(db, &user, &channel).await.map(Json) Invite::create(db, &user, &channel).await.map(Json)
} }

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{Channel, User}, models::{Channel, User},
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -8,14 +8,10 @@ use rocket::serde::json::Json;
#[get("/<target>/members")] #[get("/<target>/members")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<User>>> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<User>>> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission(db, Permission::ViewChannel)
.await .await?;
.can_view_channel()
{
return Err(Error::NotFound);
}
if let Channel::Group { recipients, .. } = channel { if let Channel::Group { recipients, .. } = channel {
Ok(Json( Ok(Json(

View File

@@ -11,9 +11,8 @@ pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<EmptyResp
|| !{ || !{
perms(&user) perms(&user)
.channel(&target.as_channel(db).await?) .channel(&target.as_channel(db).await?)
.calc(db) .has_permission(db, Permission::ManageMessages)
.await .await?
.can_manage_messages()
} }
{ {
return Error::from_permission(Permission::ManageMessages); return Error::from_permission(Permission::ManageMessages);

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{Message, User}, models::{Message, User},
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -8,14 +8,10 @@ use rocket::serde::json::Json;
#[get("/<target>/messages/<msg>")] #[get("/<target>/messages/<msg>")]
pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<Json<Message>> { pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<Json<Message>> {
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission(db, Permission::ViewChannel)
.await .await?;
.can_view_channel()
{
return Err(Error::NotFound);
}
let message = msg.as_message(db).await?; let message = msg.as_message(db).await?;
if message.channel != channel.as_id() { if message.channel != channel.as_id() {

View File

@@ -3,7 +3,7 @@ use revolt_quark::{
message::{BulkMessageResponse, MessageSort}, message::{BulkMessageResponse, MessageSort},
User, User,
}, },
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@@ -42,14 +42,10 @@ pub async fn req(
} }
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::ReadMessageHistory)
.await .await?;
.can_view_channel()
{
return Err(Error::NotFound);
}
let Options { let Options {
limit, limit,

View File

@@ -3,7 +3,7 @@ use revolt_quark::{
message::{BulkMessageResponse, MessageSort}, message::{BulkMessageResponse, MessageSort},
User, User,
}, },
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -39,14 +39,10 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::ReadMessageHistory)
.await .await?;
.can_view_channel()
{
return Err(Error::NotFound);
}
let Options { let Options {
query, query,

View File

@@ -51,11 +51,10 @@ pub async fn message_send(
idempotency.consume_nonce(data.nonce).await?; idempotency.consume_nonce(data.nonce).await?;
let channel = target.as_channel(db).await?; let channel = target.as_channel(db).await?;
let permissions = perms(&user).channel(&channel).calc(db).await; let mut permissions = perms(&user).channel(&channel);
permissions
if !permissions.can_send_message() { .throw_permission_and_view_channel(db, Permission::SendMessage)
return Error::from_permission(Permission::SendMessage); .await?;
}
if data.content.is_empty() if data.content.is_empty()
&& (data.attachments.is_none() || data.attachments.as_ref().unwrap().is_empty()) && (data.attachments.is_none() || data.attachments.as_ref().unwrap().is_empty())
@@ -66,8 +65,8 @@ pub async fn message_send(
let message_id = Ulid::new().to_string(); let message_id = Ulid::new().to_string();
let mut message = Message { let mut message = Message {
id: message_id.clone(), id: message_id.clone(),
channel: channel.as_id(), channel: channel.id().to_string(),
author: user.id, author: user.id.clone(),
..Default::default() ..Default::default()
}; };
@@ -80,8 +79,10 @@ pub async fn message_send(
} }
// 2. Verify permissions for masquerade. // 2. Verify permissions for masquerade.
if data.masquerade.is_some() && !permissions.can_masquerade() { if data.masquerade.is_some() {
return Error::from_permission(Permission::Masquerade); permissions
.throw_permission(db, Permission::Masquerade)
.await?;
} }
// 3. Verify replies are valid. // 3. Verify replies are valid.
@@ -117,8 +118,10 @@ pub async fn message_send(
// 4. Add attachments to message. // 4. Add attachments to message.
let mut attachments = vec![]; let mut attachments = vec![];
if let Some(ids) = &data.attachments { if let Some(ids) = &data.attachments {
if !ids.is_empty() && !permissions.can_upload_files() { if !ids.is_empty() {
return Error::from_permission(Permission::UploadFiles); permissions
.throw_permission(db, Permission::UploadFiles)
.await?;
} }
// ! FIXME: move this to app config // ! FIXME: move this to app config

View File

@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
use revolt_quark::{ use revolt_quark::{
models::{Channel, User}, models::{Channel, User},
perms, Db, Error, Permission, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@@ -20,14 +20,10 @@ pub async fn req(
data: Json<Data>, data: Json<Data>,
) -> Result<Json<Channel>> { ) -> Result<Json<Channel>> {
let mut channel = target.as_channel(db).await?; let mut channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::ManagePermissions)
.await .await?;
.can_manage_permissions()
{
return Error::from_permission(Permission::ManageChannel);
}
// ! FIXME_PERMISSIONS // ! FIXME_PERMISSIONS

View File

@@ -14,14 +14,10 @@ pub struct Data {
#[put("/<target>/permissions/default", data = "<data>", rank = 1)] #[put("/<target>/permissions/default", data = "<data>", rank = 1)]
pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<Json<Channel>> { pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<Json<Channel>> {
let mut channel = target.as_channel(db).await?; let mut channel = target.as_channel(db).await?;
if !perms(&user) perms(&user)
.channel(&channel) .channel(&channel)
.calc(db) .throw_permission_and_view_channel(db, Permission::ManagePermissions)
.await .await?;
.can_manage_permissions()
{
return Error::from_permission(Permission::ManagePermissions);
}
match &channel { match &channel {
Channel::Group { .. } => { Channel::Group { .. } => {

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{Invite, User}, models::{Invite, User},
perms, Db, EmptyResponse, Error, Permission, Ref, Result, perms, Db, EmptyResponse, Permission, Ref, Result,
}; };
#[delete("/<target>")] #[delete("/<target>")]
@@ -13,14 +13,10 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
match invite { match invite {
Invite::Server { code, server, .. } => { Invite::Server { code, server, .. } => {
let server = db.fetch_server(&server).await?; let server = db.fetch_server(&server).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageServer)
.await .await?;
.can_manage_server()
{
return Error::from_permission(Permission::ManageServer);
}
db.delete_invite(&code).await db.delete_invite(&code).await
} }

View File

@@ -26,14 +26,10 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let server = server.as_server(db).await?; let server = server.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::BanMembers)
.await .await?;
.can_ban_members()
{
return Error::from_permission(Permission::BanMembers);
}
let member = target.as_member(db, &server.id).await?; let member = target.as_member(db, &server.id).await?;
// ! FIXME_PERMISSIONS // ! FIXME_PERMISSIONS

View File

@@ -1,5 +1,5 @@
use revolt_quark::models::{File, ServerBan, User}; use revolt_quark::models::{File, ServerBan, User};
use revolt_quark::{perms, Db, Error, Permission, Ref, Result}; use revolt_quark::{perms, Db, Permission, Ref, Result};
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@@ -14,14 +14,10 @@ struct BannedUser {
#[get("/<target>/bans")] #[get("/<target>/bans")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<ServerBan>>> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<ServerBan>>> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::BanMembers)
.await .await?;
.can_ban_members()
{
return Error::from_permission(Permission::BanMembers);
}
db.fetch_bans(&server.id).await.map(Json) db.fetch_bans(&server.id).await.map(Json)
} }

View File

@@ -1,16 +1,12 @@
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result}; use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
#[delete("/<server>/bans/<target>")] #[delete("/<server>/bans/<target>")]
pub async fn req(db: &Db, user: User, server: Ref, target: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, server: Ref, target: Ref) -> Result<EmptyResponse> {
let server = server.as_server(db).await?; let server = server.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::BanMembers)
.await .await?;
.can_ban_members()
{
return Error::from_permission(Permission::BanMembers);
}
let ban = target.as_ban(db, &server.id).await?; let ban = target.as_ban(db, &server.id).await?;
db.delete_ban(&ban.id).await.map(|_| EmptyResponse) db.delete_ban(&ban.id).await.map(|_| EmptyResponse)

View File

@@ -41,14 +41,10 @@ pub async fn req(db: &Db, user: User, target: Ref, info: Json<Data>) -> Result<J
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageChannel)
.await .await?;
.can_manage_channel()
{
return Error::from_permission(Permission::ManageChannel);
}
let id = Ulid::new().to_string(); let id = Ulid::new().to_string();
let mut channels = server.channels.clone(); let mut channels = server.channels.clone();

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{Invite, User}, models::{Invite, User},
perms, Db, Error, Permission, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -17,14 +17,10 @@ pub struct ServerInvite {
#[get("/<target>/invites")] #[get("/<target>/invites")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<Invite>>> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<Invite>>> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageServer)
.await .await?;
.can_manage_server()
{
return Error::from_permission(Permission::ManageServer);
}
db.fetch_invites_for_server(&server.id).await.map(Json) db.fetch_invites_for_server(&server.id).await.map(Json)
} }

View File

@@ -33,10 +33,7 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let server = server.as_server(db).await?; let server = server.as_server(db).await?;
let permissions = perms(&user).server(&server).calc(db).await; perms(&user).server(&server).calc(db).await?;
if !permissions.can_view_channel() {
return Err(Error::NotFound);
}
let mut member = target.as_member(db, &server.id).await?; let mut member = target.as_member(db, &server.id).await?;

View File

@@ -1,20 +1,13 @@
use revolt_quark::{ use revolt_quark::{
models::{Member, User}, models::{Member, User},
perms, Db, Error, Ref, Result, perms, Db, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
#[get("/<target>/members/<member>")] #[get("/<target>/members/<member>")]
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<Json<Member>> { pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<Json<Member>> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user).server(&server).calc(db).await?;
.server(&server)
.calc(db)
.await
.can_view_channel()
{
return Err(Error::NotFound);
}
member.as_member(db, &server.id).await.map(Json) member.as_member(db, &server.id).await.map(Json)
} }

View File

@@ -1,18 +1,11 @@
use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Error, Ref, Result}; use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Ref, Result};
use rocket::serde::json::Value; use rocket::serde::json::Value;
#[get("/<target>/members")] #[get("/<target>/members")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Value> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Value> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user).server(&server).calc(db).await?;
.server(&server)
.calc(db)
.await
.can_view_channel()
{
return Err(Error::NotFound);
}
let members = db.fetch_all_members(&server.id).await?; let members = db.fetch_all_members(&server.id).await?;

View File

@@ -1,16 +1,12 @@
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result}; use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
#[delete("/<target>/members/<member>")] #[delete("/<target>/members/<member>")]
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::KickMembers)
.await .await?;
.can_kick_members()
{
return Error::from_permission(Permission::KickMembers);
}
let member = member.as_member(db, &server.id).await?; let member = member.as_member(db, &server.id).await?;
// ! FIXME_PERMISSIONS // ! FIXME_PERMISSIONS

View File

@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
use revolt_quark::{ use revolt_quark::{
models::{Server, User}, models::{Server, User},
perms, Db, Error, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@@ -26,16 +26,12 @@ pub async fn req(
data: Json<Data>, data: Json<Data>,
) -> Result<Json<Server>> { ) -> Result<Json<Server>> {
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManagePermissions)
.await .await?;
.can_manage_permissions()
{
return Err(Error::NotFound);
}
// ! FIXME: calculate permission against role // ! FIXME_PERMISSIONS
server server
.set_role_permission( .set_role_permission(

View File

@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
use revolt_quark::{ use revolt_quark::{
models::{server::PartialServer, Server, User}, models::{server::PartialServer, Server, User},
perms, Db, Error, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@@ -22,14 +22,12 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
let data = data.into_inner(); let data = data.into_inner();
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManagePermissions)
.await .await?;
.can_manage_permissions()
{ // ! FIXME_PERMISSIONS
return Err(Error::NotFound);
}
server server
.update( .update(

View File

@@ -1,6 +1,6 @@
use revolt_quark::{ use revolt_quark::{
models::{server::Role, User}, models::{server::Role, User},
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::{Json, Value}; use rocket::serde::json::{Json, Value};
@@ -20,14 +20,10 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<V
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageRole)
.await .await?;
.can_manage_roles()
{
return Err(Error::NotFound);
}
let role = Role { let role = Role {
name: data.name, name: data.name,

View File

@@ -1,16 +1,12 @@
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result}; use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result};
#[delete("/<target>/roles/<role_id>")] #[delete("/<target>/roles/<role_id>")]
pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> {
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageRole)
.await .await?;
.can_manage_roles()
{
return Err(Error::NotFound);
}
// ! FIXME_PERMISSIONS // ! FIXME_PERMISSIONS

View File

@@ -3,7 +3,7 @@ use revolt_quark::{
server::{FieldsRole, PartialRole, Role}, server::{FieldsRole, PartialRole, Role},
User, User,
}, },
perms, Db, Error, Ref, Result, perms, Db, Error, Permission, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
@@ -35,14 +35,10 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
if !perms(&user) perms(&user)
.server(&server) .server(&server)
.calc(db) .throw_permission(db, Permission::ManageRole)
.await .await?;
.can_manage_roles()
{
return Err(Error::NotFound);
}
if let Some(mut role) = server.roles.remove(&role_id) { if let Some(mut role) = server.roles.remove(&role_id) {
let Data { let Data {

View File

@@ -1,16 +1,9 @@
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result}; use revolt_quark::{models::User, perms, Db, EmptyResponse, Ref, Result};
#[put("/<target>/ack")] #[put("/<target>/ack")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user).server(&server).calc(db).await?;
.server(&server)
.calc(db)
.await
.can_view_channel()
{
return Err(Error::NotFound);
}
db.acknowledge_channels(&user.id, &server.channels) db.acknowledge_channels(&user.id, &server.channels)
.await .await

View File

@@ -38,7 +38,7 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
let permissions = perms(&user).server(&server).calc(db).await; let permissions = perms(&user).server(&server).calc(db).await?;
if !permissions.can_view_channel() { if !permissions.can_view_channel() {
return Err(Error::NotFound); return Err(Error::NotFound);
} }

View File

@@ -1,20 +1,13 @@
use revolt_quark::{ use revolt_quark::{
models::{Server, User}, models::{Server, User},
perms, Db, Error, Ref, Result, perms, Db, Ref, Result,
}; };
use rocket::serde::json::Json; use rocket::serde::json::Json;
#[get("/<target>")] #[get("/<target>")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Server>> { pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Server>> {
let server = target.as_server(db).await?; let server = target.as_server(db).await?;
if !perms(&user) perms(&user).server(&server).calc(db).await?;
.server(&server)
.calc(db)
.await
.can_view_channel()
{
return Err(Error::NotFound);
}
Ok(Json(server)) Ok(Json(server))
} }