Label permission errors, and too many ids for /stale.

This commit is contained in:
Paul
2021-02-19 13:26:04 +00:00
parent 64d2707366
commit 10cac358a9
13 changed files with 20 additions and 14 deletions

View File

@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
match &target {

View File

@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
Ok(json!(target))

View File

@@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
if let Channel::Group { id, recipients, .. } = &channel {

View File

@@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
{
if &user.id != owner {
// figure out if we want to use perm system here
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
if recipients.iter().find(|x| *x == &member.id).is_none() {

View File

@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;

View File

@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json<Data>) -> Result<
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;

View File

@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;

View File

@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form<Options>) -> Result<Json
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
let mut query = doc! { "channel": target.id() };

View File

@@ -14,7 +14,7 @@ pub struct Options {
#[post("/<target>/messages/stale", data = "<data>")]
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
if data.ids.len() > 150 {
return Err(Error::LabelMe);
return Err(Error::TooManyIds);
}
let target = target.fetch_channel().await?;
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_view() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
let mut cursor = get_collection("messages")

View File

@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, message: Json<Data>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_send_message() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
if get_collection("messages")

View File

@@ -13,7 +13,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.await?;
if !perm.get_access() {
Err(Error::LabelMe)?
Err(Error::MissingPermission)?
}
Ok(json!(target.from(&user).with(perm)))

View File

@@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.find(
doc! {
"$and": [
{ "relations.id": &user.id },
{ "relations.id": &target.id }
{ "relations._id": &user.id },
{ "relations._id": &target.id }
]
},
FindOptions::builder().projection(doc! { "_id": 1 }).build(),

View File

@@ -50,6 +50,8 @@ pub enum Error {
NotInGroup,
// ? General errors.
#[snafu(display("Trying to fetch too much data."))]
TooManyIds,
#[snafu(display("Failed to validate fields."))]
FailedValidation { error: ValidationErrors },
#[snafu(display("Encountered a database error."))]
@@ -59,6 +61,8 @@ pub enum Error {
},
#[snafu(display("Internal server error."))]
InternalError,
#[snafu(display("Missing permission."))]
MissingPermission,
#[snafu(display("Operation cannot be performed on this object."))]
InvalidOperation,
#[snafu(display("Already created an object with this nonce."))]
@@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error {
Error::FailedValidation { .. } => Status::UnprocessableEntity,
Error::DatabaseError { .. } => Status::InternalServerError,
Error::InternalError => Status::InternalServerError,
Error::MissingPermission => Status::Forbidden,
Error::InvalidOperation => Status::BadRequest,
Error::TooManyIds => Status::BadRequest,
Error::DuplicateNonce => Status::Conflict,
Error::NoEffect => Status::Ok,
};