feat(permissions): apply permissions on set channel routes

This commit is contained in:
Paul Makles
2022-02-23 17:51:36 +00:00
parent fcbaab7bcb
commit 0553ce5587
4 changed files with 60 additions and 45 deletions

View File

@@ -1,35 +1,51 @@
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::Deserialize;
use revolt_quark::{ use revolt_quark::{
models::{Channel, User}, models::{Channel, User},
perms, Db, OverrideField, Permission, Ref, Result, perms, Db, Error, Override, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Deserialize)]
pub struct Data { pub struct Data {
permissions: OverrideField, permissions: Override,
} }
#[put("/<target>/permissions/<role>", data = "<data>", rank = 2)] #[put("/<target>/permissions/<role_id>", data = "<data>", rank = 2)]
pub async fn req( pub async fn req(
db: &Db, db: &Db,
user: User, user: User,
target: Ref, target: Ref,
role: String, role_id: String,
data: Json<Data>, data: Json<Data>,
) -> Result<Json<Channel>> { ) -> Result<Json<Channel>> {
let mut channel = target.as_channel(db).await?; let mut channel = target.as_channel(db).await?;
perms(&user) let mut permissions = perms(&user).channel(&channel);
.channel(&channel)
permissions
.throw_permission_and_view_channel(db, Permission::ManagePermissions) .throw_permission_and_view_channel(db, Permission::ManagePermissions)
.await?; .await?;
// ! FIXME_PERMISSIONS if let Some(server) = permissions.server.get() {
if let Some(role) = server.roles.get(&role_id) {
if role.rank <= permissions.get_member_rank().unwrap_or(i64::MIN) {
return Err(Error::NotElevated);
}
channel let current_value: Override = role.permissions.into();
.set_role_permission(db, &role, data.permissions) permissions
.await?; .throw_permission_override(db, current_value, data.permissions)
.await?;
Ok(Json(channel)) channel
.set_role_permission(db, &role_id, data.permissions.into())
.await?;
Ok(Json(channel))
} else {
Err(Error::NotFound)
}
} else {
Err(Error::InvalidOperation)
}
} }

View File

@@ -1,12 +1,12 @@
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::Deserialize;
use revolt_quark::{ use revolt_quark::{
models::{channel::PartialChannel, Channel, User}, models::{channel::PartialChannel, Channel, User},
perms, Db, Error, Override, Permission, Ref, Result, perms, Db, Error, Override, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Deserialize)]
#[serde(untagged)] #[serde(untagged)]
pub enum Data { pub enum Data {
Value { permissions: u64 }, Value { permissions: u64 },
@@ -18,9 +18,9 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
let data = data.into_inner(); let data = data.into_inner();
let mut channel = target.as_channel(db).await?; let mut channel = target.as_channel(db).await?;
perms(&user) let mut perm = perms(&user).channel(&channel);
.channel(&channel)
.throw_permission_and_view_channel(db, Permission::ManagePermissions) perm.throw_permission_and_view_channel(db, Permission::ManagePermissions)
.await?; .await?;
match &channel { match &channel {
@@ -40,10 +40,22 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
return Err(Error::InvalidOperation); return Err(Error::InvalidOperation);
} }
} }
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => { Channel::TextChannel {
// ! FIXME_PERMISSIONS default_permissions,
..
}
| Channel::VoiceChannel {
default_permissions,
..
} => {
if let Data::Field { permissions } = data { if let Data::Field { permissions } = data {
perm.throw_permission_override(
db,
default_permissions.map(|x| x.into()),
permissions,
)
.await?;
channel channel
.update( .update(
db, db,

View File

@@ -1,12 +1,12 @@
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::Deserialize;
use revolt_quark::{ use revolt_quark::{
models::{Server, User}, models::{Server, User},
perms, Db, Error, Override, Permission, Ref, Result, perms, Db, Error, Override, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Deserialize)]
pub struct Data { pub struct Data {
permissions: Override, permissions: Override,
} }
@@ -34,20 +34,10 @@ pub async fn req(
return Err(Error::NotElevated); return Err(Error::NotElevated);
} }
if !permissions
.has_permission_value(db, data.permissions.allows())
.await?
{
return Err(Error::CannotGiveMissingPermissions);
}
let current_value: Override = current_value.into(); let current_value: Override = current_value.into();
if !permissions permissions
.has_permission_value(db, current_value.denies() & (!data.permissions.denies())) .throw_permission_override(db, current_value, data.permissions)
.await? .await?;
{
return Err(Error::CannotGiveMissingPermissions);
}
server server
.set_role_permission(db, &role_id, data.permissions.into()) .set_role_permission(db, &role_id, data.permissions.into())

View File

@@ -1,12 +1,12 @@
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::{Deserialize, Serialize}; use serde::Deserialize;
use revolt_quark::{ use revolt_quark::{
models::{server::PartialServer, Server, User}, models::{server::PartialServer, Server, User},
perms, Db, Error, Permission, Ref, Result, perms, Db, Permission, Ref, Result,
}; };
#[derive(Serialize, Deserialize)] #[derive(Deserialize)]
pub struct Data { pub struct Data {
permissions: u64, permissions: u64,
} }
@@ -22,12 +22,9 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
.throw_permission(db, Permission::ManagePermissions) .throw_permission(db, Permission::ManagePermissions)
.await?; .await?;
if !permissions permissions
.has_permission_value(db, data.permissions) .throw_permission_value(db, data.permissions)
.await? .await?;
{
return Err(Error::CannotGiveMissingPermissions);
}
server server
.update( .update(