forked from jmug/stoatchat
feat: add webhook permissions
This commit is contained in:
@@ -2,6 +2,7 @@ use revolt_database::{Database, Webhook};
|
||||
use revolt_quark::{
|
||||
models::{Channel, User},
|
||||
perms, Db, Error, Permission, Ref, Result,
|
||||
DEFAULT_WEBHOOK_PERMISSIONS,
|
||||
};
|
||||
use rocket::{serde::json::Json, State};
|
||||
use serde::{Deserialize, Serialize};
|
||||
@@ -60,6 +61,7 @@ pub async fn req(
|
||||
name: data.name,
|
||||
avatar,
|
||||
channel_id: channel.id().to_string(),
|
||||
permissions: *DEFAULT_WEBHOOK_PERMISSIONS,
|
||||
token: Some(nanoid::nanoid!(64)),
|
||||
};
|
||||
|
||||
|
||||
@@ -35,11 +35,13 @@ pub async fn webhook_edit(
|
||||
let DataEditWebhook {
|
||||
name,
|
||||
avatar,
|
||||
permissions,
|
||||
remove,
|
||||
} = data;
|
||||
|
||||
let mut partial = PartialWebhook {
|
||||
name,
|
||||
permissions,
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
|
||||
@@ -33,11 +33,13 @@ pub async fn webhook_edit_token(
|
||||
let DataEditWebhook {
|
||||
name,
|
||||
avatar,
|
||||
remove,
|
||||
permissions,
|
||||
remove
|
||||
} = data;
|
||||
|
||||
let mut partial = PartialWebhook {
|
||||
name,
|
||||
permissions,
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
|
||||
@@ -29,8 +29,7 @@ pub async fn webhook_execute(
|
||||
let webhook = webhook_id.as_webhook(db).await.map_err(Error::from_core)?;
|
||||
webhook.assert_token(&token).map_err(Error::from_core)?;
|
||||
|
||||
// TODO: webhooks can currently always send masquerades, files, embeds, reactions (interactions)
|
||||
// TODO: they can also mention anyone
|
||||
data.validate_webhook_permissions(webhook.permissions)?;
|
||||
|
||||
let channel = legacy_db.fetch_channel(&webhook.channel_id).await?;
|
||||
let message = channel
|
||||
|
||||
Reference in New Issue
Block a user