mirror of
https://github.com/stoatchat/stoatchat.git
synced 2026-07-14 05:26:59 +00:00
Label permission errors, and too many ids for /stale.
This commit is contained in:
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
match &target {
|
||||
|
||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
Ok(json!(target))
|
||||
|
||||
@@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
if let Channel::Group { id, recipients, .. } = &channel {
|
||||
|
||||
@@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
|
||||
{
|
||||
if &user.id != owner {
|
||||
// figure out if we want to use perm system here
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
if recipients.iter().find(|x| *x == &member.id).is_none() {
|
||||
|
||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> {
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
let message = msg.fetch_message(&channel).await?;
|
||||
|
||||
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json<Data>) -> Result<
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
let message = msg.fetch_message(&channel).await?;
|
||||
|
||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<JsonValue> {
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
let message = msg.fetch_message(&channel).await?;
|
||||
|
||||
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form<Options>) -> Result<Json
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
let mut query = doc! { "channel": target.id() };
|
||||
|
||||
@@ -14,7 +14,7 @@ pub struct Options {
|
||||
#[post("/<target>/messages/stale", data = "<data>")]
|
||||
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
|
||||
if data.ids.len() > 150 {
|
||||
return Err(Error::LabelMe);
|
||||
return Err(Error::TooManyIds);
|
||||
}
|
||||
|
||||
let target = target.fetch_channel().await?;
|
||||
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonVal
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_view() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
let mut cursor = get_collection("messages")
|
||||
|
||||
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, message: Json<Data>) -> Result<JsonVal
|
||||
.for_channel()
|
||||
.await?;
|
||||
if !perm.get_send_message() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
if get_collection("messages")
|
||||
|
||||
@@ -13,7 +13,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
||||
.await?;
|
||||
|
||||
if !perm.get_access() {
|
||||
Err(Error::LabelMe)?
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
Ok(json!(target.from(&user).with(perm)))
|
||||
|
||||
@@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
||||
.find(
|
||||
doc! {
|
||||
"$and": [
|
||||
{ "relations.id": &user.id },
|
||||
{ "relations.id": &target.id }
|
||||
{ "relations._id": &user.id },
|
||||
{ "relations._id": &target.id }
|
||||
]
|
||||
},
|
||||
FindOptions::builder().projection(doc! { "_id": 1 }).build(),
|
||||
|
||||
@@ -50,6 +50,8 @@ pub enum Error {
|
||||
NotInGroup,
|
||||
|
||||
// ? General errors.
|
||||
#[snafu(display("Trying to fetch too much data."))]
|
||||
TooManyIds,
|
||||
#[snafu(display("Failed to validate fields."))]
|
||||
FailedValidation { error: ValidationErrors },
|
||||
#[snafu(display("Encountered a database error."))]
|
||||
@@ -59,6 +61,8 @@ pub enum Error {
|
||||
},
|
||||
#[snafu(display("Internal server error."))]
|
||||
InternalError,
|
||||
#[snafu(display("Missing permission."))]
|
||||
MissingPermission,
|
||||
#[snafu(display("Operation cannot be performed on this object."))]
|
||||
InvalidOperation,
|
||||
#[snafu(display("Already created an object with this nonce."))]
|
||||
@@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error {
|
||||
Error::FailedValidation { .. } => Status::UnprocessableEntity,
|
||||
Error::DatabaseError { .. } => Status::InternalServerError,
|
||||
Error::InternalError => Status::InternalServerError,
|
||||
Error::MissingPermission => Status::Forbidden,
|
||||
Error::InvalidOperation => Status::BadRequest,
|
||||
Error::TooManyIds => Status::BadRequest,
|
||||
Error::DuplicateNonce => Status::Conflict,
|
||||
Error::NoEffect => Status::Ok,
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user