feat: restrict permissions for users in timeout

This commit is contained in:
Paul Makles
2022-07-15 13:55:55 +01:00
parent 741b8ee8fd
commit 4f73e43a03
4 changed files with 40 additions and 3 deletions

View File

@@ -1,3 +1,5 @@
use iso8601_timestamp::Timestamp;
use crate::{
events::client::EventV1,
models::{
@@ -48,6 +50,15 @@ impl Member {
value
}
/// Check whether this member is in timeout
pub fn in_timeout(&self) -> bool {
if let Some(timeout) = self.timeout {
*timeout > *Timestamp::now_utc()
} else {
false
}
}
pub fn remove(&mut self, field: &FieldsMember) {
match field {
FieldsMember::Avatar => self.avatar = None,

View File

@@ -45,8 +45,23 @@ impl Override {
impl PermissionValue {
/// Apply a given override to this value
pub fn apply(&mut self, v: Override) {
self.0 |= v.allow;
self.0 &= !v.deny;
self.allow(v.allow);
self.revoke(v.deny);
}
/// Allow given permissions
pub fn allow(&mut self, v: u64) {
self.0 |= v;
}
/// Revoke given permissions
pub fn revoke(&mut self, v: u64) {
self.0 &= !v;
}
/// Restrict to given permissions
pub fn restrict(&mut self, v: u64) {
self.0 &= v;
}
}

View File

@@ -98,6 +98,7 @@ impl_op_ex!(+ |a: &Permission, b: &Permission| -> u64 { *a as u64 | *b as u64 })
impl_op_ex_commutative!(+ |a: &u64, b: &Permission| -> u64 { *a | *b as u64 });
lazy_static! {
pub static ref ALLOW_IN_TIMEOUT: u64 = Permission::ViewChannel + Permission::ReadMessageHistory;
pub static ref DEFAULT_PERMISSION_VIEW_ONLY: u64 =
Permission::ViewChannel + Permission::ReadMessageHistory;
pub static ref DEFAULT_PERMISSION: u64 = *DEFAULT_PERMISSION_VIEW_ONLY

View File

@@ -2,7 +2,7 @@ use std::collections::HashSet;
use crate::{
models::Channel, permissions::PermissionCalculator, Override, Permission, PermissionValue,
Permissions, Perms, Result, DEFAULT_PERMISSION_DIRECT_MESSAGE,
Permissions, Perms, Result, ALLOW_IN_TIMEOUT, DEFAULT_PERMISSION_DIRECT_MESSAGE,
DEFAULT_PERMISSION_SAVED_MESSAGES, DEFAULT_PERMISSION_VIEW_ONLY,
};
@@ -76,6 +76,11 @@ async fn calculate_server_permission(
}
}
// 5. Revoke permissions if member is timed out.
if member.in_timeout() {
permissions.restrict(*ALLOW_IN_TIMEOUT);
}
Ok(permissions)
}
@@ -206,6 +211,11 @@ async fn calculate_channel_permission(
}
}
// 5. Revoke permissions if member is timed out.
if member.in_timeout() {
permissions.restrict(*ALLOW_IN_TIMEOUT);
}
permissions
} else {
(Permission::GrantAllSafe as u64).into()