feat: add webhook permissions

This commit is contained in:
Zomatree
2023-06-11 23:02:53 +01:00
committed by Paul Makles
parent 6e4798f1d4
commit 54878e8e8d
11 changed files with 81 additions and 4 deletions

View File

@@ -2,6 +2,7 @@ use revolt_database::{Database, Webhook};
use revolt_quark::{
models::{Channel, User},
perms, Db, Error, Permission, Ref, Result,
DEFAULT_WEBHOOK_PERMISSIONS,
};
use rocket::{serde::json::Json, State};
use serde::{Deserialize, Serialize};
@@ -60,6 +61,7 @@ pub async fn req(
name: data.name,
avatar,
channel_id: channel.id().to_string(),
permissions: *DEFAULT_WEBHOOK_PERMISSIONS,
token: Some(nanoid::nanoid!(64)),
};

View File

@@ -35,11 +35,13 @@ pub async fn webhook_edit(
let DataEditWebhook {
name,
avatar,
permissions,
remove,
} = data;
let mut partial = PartialWebhook {
name,
permissions,
..Default::default()
};

View File

@@ -33,11 +33,13 @@ pub async fn webhook_edit_token(
let DataEditWebhook {
name,
avatar,
remove,
permissions,
remove
} = data;
let mut partial = PartialWebhook {
name,
permissions,
..Default::default()
};

View File

@@ -29,8 +29,7 @@ pub async fn webhook_execute(
let webhook = webhook_id.as_webhook(db).await.map_err(Error::from_core)?;
webhook.assert_token(&token).map_err(Error::from_core)?;
// TODO: webhooks can currently always send masquerades, files, embeds, reactions (interactions)
// TODO: they can also mention anyone
data.validate_webhook_permissions(webhook.permissions)?;
let channel = legacy_db.fetch_channel(&webhook.channel_id).await?;
let message = channel