feat(permissions): apply permissions on set channel routes
This commit is contained in:
@@ -1,35 +1,51 @@
|
|||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::Deserialize;
|
||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Channel, User},
|
models::{Channel, User},
|
||||||
perms, Db, OverrideField, Permission, Ref, Result,
|
perms, Db, Error, Override, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Deserialize)]
|
||||||
pub struct Data {
|
pub struct Data {
|
||||||
permissions: OverrideField,
|
permissions: Override,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[put("/<target>/permissions/<role>", data = "<data>", rank = 2)]
|
#[put("/<target>/permissions/<role_id>", data = "<data>", rank = 2)]
|
||||||
pub async fn req(
|
pub async fn req(
|
||||||
db: &Db,
|
db: &Db,
|
||||||
user: User,
|
user: User,
|
||||||
target: Ref,
|
target: Ref,
|
||||||
role: String,
|
role_id: String,
|
||||||
data: Json<Data>,
|
data: Json<Data>,
|
||||||
) -> Result<Json<Channel>> {
|
) -> Result<Json<Channel>> {
|
||||||
let mut channel = target.as_channel(db).await?;
|
let mut channel = target.as_channel(db).await?;
|
||||||
perms(&user)
|
let mut permissions = perms(&user).channel(&channel);
|
||||||
.channel(&channel)
|
|
||||||
|
permissions
|
||||||
.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
// ! FIXME_PERMISSIONS
|
if let Some(server) = permissions.server.get() {
|
||||||
|
if let Some(role) = server.roles.get(&role_id) {
|
||||||
|
if role.rank <= permissions.get_member_rank().unwrap_or(i64::MIN) {
|
||||||
|
return Err(Error::NotElevated);
|
||||||
|
}
|
||||||
|
|
||||||
channel
|
let current_value: Override = role.permissions.into();
|
||||||
.set_role_permission(db, &role, data.permissions)
|
permissions
|
||||||
.await?;
|
.throw_permission_override(db, current_value, data.permissions)
|
||||||
|
.await?;
|
||||||
|
|
||||||
Ok(Json(channel))
|
channel
|
||||||
|
.set_role_permission(db, &role_id, data.permissions.into())
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
Ok(Json(channel))
|
||||||
|
} else {
|
||||||
|
Err(Error::NotFound)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(Error::InvalidOperation)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::Deserialize;
|
||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{channel::PartialChannel, Channel, User},
|
models::{channel::PartialChannel, Channel, User},
|
||||||
perms, Db, Error, Override, Permission, Ref, Result,
|
perms, Db, Error, Override, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Deserialize)]
|
||||||
#[serde(untagged)]
|
#[serde(untagged)]
|
||||||
pub enum Data {
|
pub enum Data {
|
||||||
Value { permissions: u64 },
|
Value { permissions: u64 },
|
||||||
@@ -18,9 +18,9 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
|
|||||||
let data = data.into_inner();
|
let data = data.into_inner();
|
||||||
|
|
||||||
let mut channel = target.as_channel(db).await?;
|
let mut channel = target.as_channel(db).await?;
|
||||||
perms(&user)
|
let mut perm = perms(&user).channel(&channel);
|
||||||
.channel(&channel)
|
|
||||||
.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
perm.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
match &channel {
|
match &channel {
|
||||||
@@ -40,10 +40,22 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
|
|||||||
return Err(Error::InvalidOperation);
|
return Err(Error::InvalidOperation);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => {
|
Channel::TextChannel {
|
||||||
// ! FIXME_PERMISSIONS
|
default_permissions,
|
||||||
|
..
|
||||||
|
}
|
||||||
|
| Channel::VoiceChannel {
|
||||||
|
default_permissions,
|
||||||
|
..
|
||||||
|
} => {
|
||||||
if let Data::Field { permissions } = data {
|
if let Data::Field { permissions } = data {
|
||||||
|
perm.throw_permission_override(
|
||||||
|
db,
|
||||||
|
default_permissions.map(|x| x.into()),
|
||||||
|
permissions,
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
|
||||||
channel
|
channel
|
||||||
.update(
|
.update(
|
||||||
db,
|
db,
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::Deserialize;
|
||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Server, User},
|
models::{Server, User},
|
||||||
perms, Db, Error, Override, Permission, Ref, Result,
|
perms, Db, Error, Override, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Deserialize)]
|
||||||
pub struct Data {
|
pub struct Data {
|
||||||
permissions: Override,
|
permissions: Override,
|
||||||
}
|
}
|
||||||
@@ -34,20 +34,10 @@ pub async fn req(
|
|||||||
return Err(Error::NotElevated);
|
return Err(Error::NotElevated);
|
||||||
}
|
}
|
||||||
|
|
||||||
if !permissions
|
|
||||||
.has_permission_value(db, data.permissions.allows())
|
|
||||||
.await?
|
|
||||||
{
|
|
||||||
return Err(Error::CannotGiveMissingPermissions);
|
|
||||||
}
|
|
||||||
|
|
||||||
let current_value: Override = current_value.into();
|
let current_value: Override = current_value.into();
|
||||||
if !permissions
|
permissions
|
||||||
.has_permission_value(db, current_value.denies() & (!data.permissions.denies()))
|
.throw_permission_override(db, current_value, data.permissions)
|
||||||
.await?
|
.await?;
|
||||||
{
|
|
||||||
return Err(Error::CannotGiveMissingPermissions);
|
|
||||||
}
|
|
||||||
|
|
||||||
server
|
server
|
||||||
.set_role_permission(db, &role_id, data.permissions.into())
|
.set_role_permission(db, &role_id, data.permissions.into())
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::Deserialize;
|
||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{server::PartialServer, Server, User},
|
models::{server::PartialServer, Server, User},
|
||||||
perms, Db, Error, Permission, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Deserialize)]
|
||||||
pub struct Data {
|
pub struct Data {
|
||||||
permissions: u64,
|
permissions: u64,
|
||||||
}
|
}
|
||||||
@@ -22,12 +22,9 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
|
|||||||
.throw_permission(db, Permission::ManagePermissions)
|
.throw_permission(db, Permission::ManagePermissions)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
if !permissions
|
permissions
|
||||||
.has_permission_value(db, data.permissions)
|
.throw_permission_value(db, data.permissions)
|
||||||
.await?
|
.await?;
|
||||||
{
|
|
||||||
return Err(Error::CannotGiveMissingPermissions);
|
|
||||||
}
|
|
||||||
|
|
||||||
server
|
server
|
||||||
.update(
|
.update(
|
||||||
|
|||||||
Reference in New Issue
Block a user