feat(perms): consistently throw correct permissions
This commit is contained in:
@@ -32,14 +32,11 @@ pub async fn invite_bot(
|
|||||||
match dest.into_inner() {
|
match dest.into_inner() {
|
||||||
Destination::Server { server } => {
|
Destination::Server { server } => {
|
||||||
let server = db.fetch_server(&server).await?;
|
let server = db.fetch_server(&server).await?;
|
||||||
if !perms(&user)
|
|
||||||
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageServer)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_server()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageServer);
|
|
||||||
}
|
|
||||||
|
|
||||||
let member = Member {
|
let member = Member {
|
||||||
id: MemberCompositeKey {
|
id: MemberCompositeKey {
|
||||||
@@ -53,14 +50,11 @@ pub async fn invite_bot(
|
|||||||
}
|
}
|
||||||
Destination::Group { group } => {
|
Destination::Group { group } => {
|
||||||
let channel = db.fetch_channel(&group).await?;
|
let channel = db.fetch_channel(&group).await?;
|
||||||
if !perms(&user)
|
|
||||||
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::InviteOthers)
|
||||||
.await
|
.await?;
|
||||||
.can_invite_others()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::InviteOthers);
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Channel::Group { id, .. } = channel {
|
if let Channel::Group { id, .. } = channel {
|
||||||
db.add_user_to_group(&id, &bot.id)
|
db.add_user_to_group(&id, &bot.id)
|
||||||
|
|||||||
@@ -1,16 +1,12 @@
|
|||||||
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result};
|
use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
|
||||||
|
|
||||||
#[put("/<target>/ack/<message>")]
|
#[put("/<target>/ack/<message>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, message: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref, message: Ref) -> Result<EmptyResponse> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ViewChannel)
|
||||||
.await
|
.await?;
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
channel
|
channel
|
||||||
.ack(db, &user.id, &message.id)
|
.ack(db, &user.id, &message.id)
|
||||||
|
|||||||
@@ -6,11 +6,8 @@ use revolt_quark::{
|
|||||||
#[delete("/<target>")]
|
#[delete("/<target>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
let perm = perms(&user).channel(&channel).calc(db).await;
|
let mut perms = perms(&user).channel(&channel);
|
||||||
|
perms.throw_permission(db, Permission::ViewChannel).await?;
|
||||||
if !perm.can_view_channel() {
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
match &channel {
|
match &channel {
|
||||||
Channel::SavedMessages { .. } => Err(Error::NoEffect),
|
Channel::SavedMessages { .. } => Err(Error::NoEffect),
|
||||||
@@ -30,11 +27,11 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
|||||||
.await
|
.await
|
||||||
.map(|_| EmptyResponse),
|
.map(|_| EmptyResponse),
|
||||||
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => {
|
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => {
|
||||||
if perm.can_manage_channel() {
|
perms
|
||||||
channel.delete(db).await.map(|_| EmptyResponse)
|
.throw_permission(db, Permission::ManageChannel)
|
||||||
} else {
|
.await?;
|
||||||
Error::from_permission(Permission::ManageChannel)
|
|
||||||
}
|
channel.delete(db).await.map(|_| EmptyResponse)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,14 +38,10 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let mut channel = target.as_channel(db).await?;
|
let mut channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::ManageChannel)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_channel()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageChannel);
|
|
||||||
}
|
|
||||||
|
|
||||||
if data.name.is_none()
|
if data.name.is_none()
|
||||||
&& data.description.is_none()
|
&& data.description.is_none()
|
||||||
|
|||||||
@@ -1,22 +1,17 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Channel, User},
|
models::{Channel, User},
|
||||||
perms, Database, Error, Permission, Ref, Result,
|
perms, Database, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::{serde::json::Json, State};
|
use rocket::{serde::json::Json, State};
|
||||||
|
|
||||||
#[get("/<target>")]
|
#[get("/<target>")]
|
||||||
pub async fn req(db: &State<Database>, user: User, target: Ref) -> Result<Json<Channel>> {
|
pub async fn req(db: &State<Database>, user: User, target: Ref) -> Result<Json<Channel>> {
|
||||||
let target = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
|
perms(&user)
|
||||||
|
.channel(&channel)
|
||||||
|
.throw_permission(db, Permission::ViewChannel)
|
||||||
|
.await?;
|
||||||
|
|
||||||
if perms(&user)
|
Ok(Json(channel))
|
||||||
.channel(&target)
|
|
||||||
.calc(db)
|
|
||||||
.await
|
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
Ok(Json(target))
|
|
||||||
} else {
|
|
||||||
Error::from_permission(Permission::ViewChannel)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,14 +6,10 @@ use revolt_quark::{
|
|||||||
#[put("/<target>/recipients/<member>")]
|
#[put("/<target>/recipients/<member>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::InviteOthers)
|
||||||
.await
|
.await?;
|
||||||
.can_invite_others()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::InviteOthers);
|
|
||||||
}
|
|
||||||
|
|
||||||
match &channel {
|
match &channel {
|
||||||
Channel::Group { .. } => {
|
Channel::Group { .. } => {
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Invite, User},
|
models::{Invite, User},
|
||||||
perms, Db, Error, Permission, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -8,15 +8,10 @@ use rocket::serde::json::Json;
|
|||||||
#[post("/<target>/invites")]
|
#[post("/<target>/invites")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Invite>> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Invite>> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
|
perms(&user)
|
||||||
if !perms(&user)
|
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::InviteOthers)
|
||||||
.await
|
.await?;
|
||||||
.can_invite_others()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::InviteOthers);
|
|
||||||
}
|
|
||||||
|
|
||||||
Invite::create(db, &user, &channel).await.map(Json)
|
Invite::create(db, &user, &channel).await.map(Json)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Channel, User},
|
models::{Channel, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -8,14 +8,10 @@ use rocket::serde::json::Json;
|
|||||||
#[get("/<target>/members")]
|
#[get("/<target>/members")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<User>>> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<User>>> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ViewChannel)
|
||||||
.await
|
.await?;
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Channel::Group { recipients, .. } = channel {
|
if let Channel::Group { recipients, .. } = channel {
|
||||||
Ok(Json(
|
Ok(Json(
|
||||||
|
|||||||
@@ -11,9 +11,8 @@ pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<EmptyResp
|
|||||||
|| !{
|
|| !{
|
||||||
perms(&user)
|
perms(&user)
|
||||||
.channel(&target.as_channel(db).await?)
|
.channel(&target.as_channel(db).await?)
|
||||||
.calc(db)
|
.has_permission(db, Permission::ManageMessages)
|
||||||
.await
|
.await?
|
||||||
.can_manage_messages()
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
return Error::from_permission(Permission::ManageMessages);
|
return Error::from_permission(Permission::ManageMessages);
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Message, User},
|
models::{Message, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -8,14 +8,10 @@ use rocket::serde::json::Json;
|
|||||||
#[get("/<target>/messages/<msg>")]
|
#[get("/<target>/messages/<msg>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<Json<Message>> {
|
pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result<Json<Message>> {
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ViewChannel)
|
||||||
.await
|
.await?;
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let message = msg.as_message(db).await?;
|
let message = msg.as_message(db).await?;
|
||||||
if message.channel != channel.as_id() {
|
if message.channel != channel.as_id() {
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use revolt_quark::{
|
|||||||
message::{BulkMessageResponse, MessageSort},
|
message::{BulkMessageResponse, MessageSort},
|
||||||
User,
|
User,
|
||||||
},
|
},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
@@ -42,14 +42,10 @@ pub async fn req(
|
|||||||
}
|
}
|
||||||
|
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::ReadMessageHistory)
|
||||||
.await
|
.await?;
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let Options {
|
let Options {
|
||||||
limit,
|
limit,
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use revolt_quark::{
|
|||||||
message::{BulkMessageResponse, MessageSort},
|
message::{BulkMessageResponse, MessageSort},
|
||||||
User,
|
User,
|
||||||
},
|
},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -39,14 +39,10 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::ReadMessageHistory)
|
||||||
.await
|
.await?;
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let Options {
|
let Options {
|
||||||
query,
|
query,
|
||||||
|
|||||||
@@ -51,11 +51,10 @@ pub async fn message_send(
|
|||||||
idempotency.consume_nonce(data.nonce).await?;
|
idempotency.consume_nonce(data.nonce).await?;
|
||||||
|
|
||||||
let channel = target.as_channel(db).await?;
|
let channel = target.as_channel(db).await?;
|
||||||
let permissions = perms(&user).channel(&channel).calc(db).await;
|
let mut permissions = perms(&user).channel(&channel);
|
||||||
|
permissions
|
||||||
if !permissions.can_send_message() {
|
.throw_permission_and_view_channel(db, Permission::SendMessage)
|
||||||
return Error::from_permission(Permission::SendMessage);
|
.await?;
|
||||||
}
|
|
||||||
|
|
||||||
if data.content.is_empty()
|
if data.content.is_empty()
|
||||||
&& (data.attachments.is_none() || data.attachments.as_ref().unwrap().is_empty())
|
&& (data.attachments.is_none() || data.attachments.as_ref().unwrap().is_empty())
|
||||||
@@ -66,8 +65,8 @@ pub async fn message_send(
|
|||||||
let message_id = Ulid::new().to_string();
|
let message_id = Ulid::new().to_string();
|
||||||
let mut message = Message {
|
let mut message = Message {
|
||||||
id: message_id.clone(),
|
id: message_id.clone(),
|
||||||
channel: channel.as_id(),
|
channel: channel.id().to_string(),
|
||||||
author: user.id,
|
author: user.id.clone(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -80,8 +79,10 @@ pub async fn message_send(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 2. Verify permissions for masquerade.
|
// 2. Verify permissions for masquerade.
|
||||||
if data.masquerade.is_some() && !permissions.can_masquerade() {
|
if data.masquerade.is_some() {
|
||||||
return Error::from_permission(Permission::Masquerade);
|
permissions
|
||||||
|
.throw_permission(db, Permission::Masquerade)
|
||||||
|
.await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. Verify replies are valid.
|
// 3. Verify replies are valid.
|
||||||
@@ -117,8 +118,10 @@ pub async fn message_send(
|
|||||||
// 4. Add attachments to message.
|
// 4. Add attachments to message.
|
||||||
let mut attachments = vec![];
|
let mut attachments = vec![];
|
||||||
if let Some(ids) = &data.attachments {
|
if let Some(ids) = &data.attachments {
|
||||||
if !ids.is_empty() && !permissions.can_upload_files() {
|
if !ids.is_empty() {
|
||||||
return Error::from_permission(Permission::UploadFiles);
|
permissions
|
||||||
|
.throw_permission(db, Permission::UploadFiles)
|
||||||
|
.await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ! FIXME: move this to app config
|
// ! FIXME: move this to app config
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
|
|||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Channel, User},
|
models::{Channel, User},
|
||||||
perms, Db, Error, Permission, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Serialize, Deserialize)]
|
||||||
@@ -20,14 +20,10 @@ pub async fn req(
|
|||||||
data: Json<Data>,
|
data: Json<Data>,
|
||||||
) -> Result<Json<Channel>> {
|
) -> Result<Json<Channel>> {
|
||||||
let mut channel = target.as_channel(db).await?;
|
let mut channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_permissions()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageChannel);
|
|
||||||
}
|
|
||||||
|
|
||||||
// ! FIXME_PERMISSIONS
|
// ! FIXME_PERMISSIONS
|
||||||
|
|
||||||
|
|||||||
@@ -14,14 +14,10 @@ pub struct Data {
|
|||||||
#[put("/<target>/permissions/default", data = "<data>", rank = 1)]
|
#[put("/<target>/permissions/default", data = "<data>", rank = 1)]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<Json<Channel>> {
|
pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<Json<Channel>> {
|
||||||
let mut channel = target.as_channel(db).await?;
|
let mut channel = target.as_channel(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.channel(&channel)
|
.channel(&channel)
|
||||||
.calc(db)
|
.throw_permission_and_view_channel(db, Permission::ManagePermissions)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_permissions()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManagePermissions);
|
|
||||||
}
|
|
||||||
|
|
||||||
match &channel {
|
match &channel {
|
||||||
Channel::Group { .. } => {
|
Channel::Group { .. } => {
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Invite, User},
|
models::{Invite, User},
|
||||||
perms, Db, EmptyResponse, Error, Permission, Ref, Result,
|
perms, Db, EmptyResponse, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[delete("/<target>")]
|
#[delete("/<target>")]
|
||||||
@@ -13,14 +13,10 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
|||||||
match invite {
|
match invite {
|
||||||
Invite::Server { code, server, .. } => {
|
Invite::Server { code, server, .. } => {
|
||||||
let server = db.fetch_server(&server).await?;
|
let server = db.fetch_server(&server).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageServer)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_server()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageServer);
|
|
||||||
}
|
|
||||||
|
|
||||||
db.delete_invite(&code).await
|
db.delete_invite(&code).await
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -26,14 +26,10 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let server = server.as_server(db).await?;
|
let server = server.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::BanMembers)
|
||||||
.await
|
.await?;
|
||||||
.can_ban_members()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::BanMembers);
|
|
||||||
}
|
|
||||||
|
|
||||||
let member = target.as_member(db, &server.id).await?;
|
let member = target.as_member(db, &server.id).await?;
|
||||||
// ! FIXME_PERMISSIONS
|
// ! FIXME_PERMISSIONS
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
use revolt_quark::models::{File, ServerBan, User};
|
use revolt_quark::models::{File, ServerBan, User};
|
||||||
use revolt_quark::{perms, Db, Error, Permission, Ref, Result};
|
use revolt_quark::{perms, Db, Permission, Ref, Result};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
@@ -14,14 +14,10 @@ struct BannedUser {
|
|||||||
#[get("/<target>/bans")]
|
#[get("/<target>/bans")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<ServerBan>>> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<ServerBan>>> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::BanMembers)
|
||||||
.await
|
.await?;
|
||||||
.can_ban_members()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::BanMembers);
|
|
||||||
}
|
|
||||||
|
|
||||||
db.fetch_bans(&server.id).await.map(Json)
|
db.fetch_bans(&server.id).await.map(Json)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,16 +1,12 @@
|
|||||||
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result};
|
use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
|
||||||
|
|
||||||
#[delete("/<server>/bans/<target>")]
|
#[delete("/<server>/bans/<target>")]
|
||||||
pub async fn req(db: &Db, user: User, server: Ref, target: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, server: Ref, target: Ref) -> Result<EmptyResponse> {
|
||||||
let server = server.as_server(db).await?;
|
let server = server.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::BanMembers)
|
||||||
.await
|
.await?;
|
||||||
.can_ban_members()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::BanMembers);
|
|
||||||
}
|
|
||||||
|
|
||||||
let ban = target.as_ban(db, &server.id).await?;
|
let ban = target.as_ban(db, &server.id).await?;
|
||||||
db.delete_ban(&ban.id).await.map(|_| EmptyResponse)
|
db.delete_ban(&ban.id).await.map(|_| EmptyResponse)
|
||||||
|
|||||||
@@ -41,14 +41,10 @@ pub async fn req(db: &Db, user: User, target: Ref, info: Json<Data>) -> Result<J
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageChannel)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_channel()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageChannel);
|
|
||||||
}
|
|
||||||
|
|
||||||
let id = Ulid::new().to_string();
|
let id = Ulid::new().to_string();
|
||||||
let mut channels = server.channels.clone();
|
let mut channels = server.channels.clone();
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Invite, User},
|
models::{Invite, User},
|
||||||
perms, Db, Error, Permission, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -17,14 +17,10 @@ pub struct ServerInvite {
|
|||||||
#[get("/<target>/invites")]
|
#[get("/<target>/invites")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<Invite>>> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Vec<Invite>>> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageServer)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_server()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::ManageServer);
|
|
||||||
}
|
|
||||||
|
|
||||||
db.fetch_invites_for_server(&server.id).await.map(Json)
|
db.fetch_invites_for_server(&server.id).await.map(Json)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -33,10 +33,7 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let server = server.as_server(db).await?;
|
let server = server.as_server(db).await?;
|
||||||
let permissions = perms(&user).server(&server).calc(db).await;
|
perms(&user).server(&server).calc(db).await?;
|
||||||
if !permissions.can_view_channel() {
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut member = target.as_member(db, &server.id).await?;
|
let mut member = target.as_member(db, &server.id).await?;
|
||||||
|
|
||||||
|
|||||||
@@ -1,20 +1,13 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Member, User},
|
models::{Member, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Ref, Result,
|
||||||
};
|
};
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
|
|
||||||
#[get("/<target>/members/<member>")]
|
#[get("/<target>/members/<member>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<Json<Member>> {
|
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<Json<Member>> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user).server(&server).calc(db).await?;
|
||||||
.server(&server)
|
|
||||||
.calc(db)
|
|
||||||
.await
|
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
member.as_member(db, &server.id).await.map(Json)
|
member.as_member(db, &server.id).await.map(Json)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,18 +1,11 @@
|
|||||||
use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Error, Ref, Result};
|
use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Ref, Result};
|
||||||
|
|
||||||
use rocket::serde::json::Value;
|
use rocket::serde::json::Value;
|
||||||
|
|
||||||
#[get("/<target>/members")]
|
#[get("/<target>/members")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Value> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Value> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user).server(&server).calc(db).await?;
|
||||||
.server(&server)
|
|
||||||
.calc(db)
|
|
||||||
.await
|
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let members = db.fetch_all_members(&server.id).await?;
|
let members = db.fetch_all_members(&server.id).await?;
|
||||||
|
|
||||||
|
|||||||
@@ -1,16 +1,12 @@
|
|||||||
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result};
|
use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result};
|
||||||
|
|
||||||
#[delete("/<target>/members/<member>")]
|
#[delete("/<target>/members/<member>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyResponse> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::KickMembers)
|
||||||
.await
|
.await?;
|
||||||
.can_kick_members()
|
|
||||||
{
|
|
||||||
return Error::from_permission(Permission::KickMembers);
|
|
||||||
}
|
|
||||||
|
|
||||||
let member = member.as_member(db, &server.id).await?;
|
let member = member.as_member(db, &server.id).await?;
|
||||||
// ! FIXME_PERMISSIONS
|
// ! FIXME_PERMISSIONS
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
|
|||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Server, User},
|
models::{Server, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Serialize, Deserialize)]
|
||||||
@@ -26,16 +26,12 @@ pub async fn req(
|
|||||||
data: Json<Data>,
|
data: Json<Data>,
|
||||||
) -> Result<Json<Server>> {
|
) -> Result<Json<Server>> {
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManagePermissions)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_permissions()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
// ! FIXME: calculate permission against role
|
// ! FIXME_PERMISSIONS
|
||||||
|
|
||||||
server
|
server
|
||||||
.set_role_permission(
|
.set_role_permission(
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
|
|||||||
|
|
||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{server::PartialServer, Server, User},
|
models::{server::PartialServer, Server, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Serialize, Deserialize)]
|
||||||
@@ -22,14 +22,12 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
|
|||||||
let data = data.into_inner();
|
let data = data.into_inner();
|
||||||
|
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManagePermissions)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_permissions()
|
|
||||||
{
|
// ! FIXME_PERMISSIONS
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
server
|
server
|
||||||
.update(
|
.update(
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{server::Role, User},
|
models::{server::Role, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::{Json, Value};
|
use rocket::serde::json::{Json, Value};
|
||||||
@@ -20,14 +20,10 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<V
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageRole)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_roles()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
let role = Role {
|
let role = Role {
|
||||||
name: data.name,
|
name: data.name,
|
||||||
|
|||||||
@@ -1,16 +1,12 @@
|
|||||||
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result};
|
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result};
|
||||||
|
|
||||||
#[delete("/<target>/roles/<role_id>")]
|
#[delete("/<target>/roles/<role_id>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> {
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageRole)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_roles()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
// ! FIXME_PERMISSIONS
|
// ! FIXME_PERMISSIONS
|
||||||
|
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use revolt_quark::{
|
|||||||
server::{FieldsRole, PartialRole, Role},
|
server::{FieldsRole, PartialRole, Role},
|
||||||
User,
|
User,
|
||||||
},
|
},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Error, Permission, Ref, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
@@ -35,14 +35,10 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user)
|
||||||
.server(&server)
|
.server(&server)
|
||||||
.calc(db)
|
.throw_permission(db, Permission::ManageRole)
|
||||||
.await
|
.await?;
|
||||||
.can_manage_roles()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Some(mut role) = server.roles.remove(&role_id) {
|
if let Some(mut role) = server.roles.remove(&role_id) {
|
||||||
let Data {
|
let Data {
|
||||||
|
|||||||
@@ -1,16 +1,9 @@
|
|||||||
use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result};
|
use revolt_quark::{models::User, perms, Db, EmptyResponse, Ref, Result};
|
||||||
|
|
||||||
#[put("/<target>/ack")]
|
#[put("/<target>/ack")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user).server(&server).calc(db).await?;
|
||||||
.server(&server)
|
|
||||||
.calc(db)
|
|
||||||
.await
|
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
db.acknowledge_channels(&user.id, &server.channels)
|
db.acknowledge_channels(&user.id, &server.channels)
|
||||||
.await
|
.await
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json<Data>) -> Result<J
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
let permissions = perms(&user).server(&server).calc(db).await;
|
let permissions = perms(&user).server(&server).calc(db).await?;
|
||||||
if !permissions.can_view_channel() {
|
if !permissions.can_view_channel() {
|
||||||
return Err(Error::NotFound);
|
return Err(Error::NotFound);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,20 +1,13 @@
|
|||||||
use revolt_quark::{
|
use revolt_quark::{
|
||||||
models::{Server, User},
|
models::{Server, User},
|
||||||
perms, Db, Error, Ref, Result,
|
perms, Db, Ref, Result,
|
||||||
};
|
};
|
||||||
use rocket::serde::json::Json;
|
use rocket::serde::json::Json;
|
||||||
|
|
||||||
#[get("/<target>")]
|
#[get("/<target>")]
|
||||||
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Server>> {
|
pub async fn req(db: &Db, user: User, target: Ref) -> Result<Json<Server>> {
|
||||||
let server = target.as_server(db).await?;
|
let server = target.as_server(db).await?;
|
||||||
if !perms(&user)
|
perms(&user).server(&server).calc(db).await?;
|
||||||
.server(&server)
|
|
||||||
.calc(db)
|
|
||||||
.await
|
|
||||||
.can_view_channel()
|
|
||||||
{
|
|
||||||
return Err(Error::NotFound);
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(Json(server))
|
Ok(Json(server))
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user