Label permission errors, and too many ids for /stale.
This commit is contained in:
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
match &target {
|
match &target {
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(json!(target))
|
Ok(json!(target))
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Channel::Group { id, recipients, .. } = &channel {
|
if let Channel::Group { id, recipients, .. } = &channel {
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
|
|||||||
{
|
{
|
||||||
if &user.id != owner {
|
if &user.id != owner {
|
||||||
// figure out if we want to use perm system here
|
// figure out if we want to use perm system here
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
if recipients.iter().find(|x| *x == &member.id).is_none() {
|
if recipients.iter().find(|x| *x == &member.id).is_none() {
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> {
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
let message = msg.fetch_message(&channel).await?;
|
let message = msg.fetch_message(&channel).await?;
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json<Data>) -> Result<
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
let message = msg.fetch_message(&channel).await?;
|
let message = msg.fetch_message(&channel).await?;
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<JsonValue> {
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
let message = msg.fetch_message(&channel).await?;
|
let message = msg.fetch_message(&channel).await?;
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form<Options>) -> Result<Json
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut query = doc! { "channel": target.id() };
|
let mut query = doc! { "channel": target.id() };
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ pub struct Options {
|
|||||||
#[post("/<target>/messages/stale", data = "<data>")]
|
#[post("/<target>/messages/stale", data = "<data>")]
|
||||||
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
|
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
|
||||||
if data.ids.len() > 150 {
|
if data.ids.len() > 150 {
|
||||||
return Err(Error::LabelMe);
|
return Err(Error::TooManyIds);
|
||||||
}
|
}
|
||||||
|
|
||||||
let target = target.fetch_channel().await?;
|
let target = target.fetch_channel().await?;
|
||||||
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonVal
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_view() {
|
if !perm.get_view() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut cursor = get_collection("messages")
|
let mut cursor = get_collection("messages")
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, message: Json<Data>) -> Result<JsonVal
|
|||||||
.for_channel()
|
.for_channel()
|
||||||
.await?;
|
.await?;
|
||||||
if !perm.get_send_message() {
|
if !perm.get_send_message() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
if get_collection("messages")
|
if get_collection("messages")
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
|||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
if !perm.get_access() {
|
if !perm.get_access() {
|
||||||
Err(Error::LabelMe)?
|
Err(Error::MissingPermission)?
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(json!(target.from(&user).with(perm)))
|
Ok(json!(target.from(&user).with(perm)))
|
||||||
|
|||||||
@@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
|
|||||||
.find(
|
.find(
|
||||||
doc! {
|
doc! {
|
||||||
"$and": [
|
"$and": [
|
||||||
{ "relations.id": &user.id },
|
{ "relations._id": &user.id },
|
||||||
{ "relations.id": &target.id }
|
{ "relations._id": &target.id }
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
FindOptions::builder().projection(doc! { "_id": 1 }).build(),
|
FindOptions::builder().projection(doc! { "_id": 1 }).build(),
|
||||||
|
|||||||
@@ -50,6 +50,8 @@ pub enum Error {
|
|||||||
NotInGroup,
|
NotInGroup,
|
||||||
|
|
||||||
// ? General errors.
|
// ? General errors.
|
||||||
|
#[snafu(display("Trying to fetch too much data."))]
|
||||||
|
TooManyIds,
|
||||||
#[snafu(display("Failed to validate fields."))]
|
#[snafu(display("Failed to validate fields."))]
|
||||||
FailedValidation { error: ValidationErrors },
|
FailedValidation { error: ValidationErrors },
|
||||||
#[snafu(display("Encountered a database error."))]
|
#[snafu(display("Encountered a database error."))]
|
||||||
@@ -59,6 +61,8 @@ pub enum Error {
|
|||||||
},
|
},
|
||||||
#[snafu(display("Internal server error."))]
|
#[snafu(display("Internal server error."))]
|
||||||
InternalError,
|
InternalError,
|
||||||
|
#[snafu(display("Missing permission."))]
|
||||||
|
MissingPermission,
|
||||||
#[snafu(display("Operation cannot be performed on this object."))]
|
#[snafu(display("Operation cannot be performed on this object."))]
|
||||||
InvalidOperation,
|
InvalidOperation,
|
||||||
#[snafu(display("Already created an object with this nonce."))]
|
#[snafu(display("Already created an object with this nonce."))]
|
||||||
@@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error {
|
|||||||
Error::FailedValidation { .. } => Status::UnprocessableEntity,
|
Error::FailedValidation { .. } => Status::UnprocessableEntity,
|
||||||
Error::DatabaseError { .. } => Status::InternalServerError,
|
Error::DatabaseError { .. } => Status::InternalServerError,
|
||||||
Error::InternalError => Status::InternalServerError,
|
Error::InternalError => Status::InternalServerError,
|
||||||
|
Error::MissingPermission => Status::Forbidden,
|
||||||
Error::InvalidOperation => Status::BadRequest,
|
Error::InvalidOperation => Status::BadRequest,
|
||||||
|
Error::TooManyIds => Status::BadRequest,
|
||||||
Error::DuplicateNonce => Status::Conflict,
|
Error::DuplicateNonce => Status::Conflict,
|
||||||
Error::NoEffect => Status::Ok,
|
Error::NoEffect => Status::Ok,
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user