From 4f73e43a03c9b76c5cb0535f01fc7581fd15e899 Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Fri, 15 Jul 2022 13:55:55 +0100 Subject: [PATCH] feat: restrict permissions for users in timeout --- .../src/impl/generic/servers/server_member.rs | 11 +++++++++++ crates/quark/src/permissions/defn/mod.rs | 19 +++++++++++++++++-- .../quark/src/permissions/defn/permission.rs | 1 + .../quark/src/permissions/impl/permission.rs | 12 +++++++++++- 4 files changed, 40 insertions(+), 3 deletions(-) diff --git a/crates/quark/src/impl/generic/servers/server_member.rs b/crates/quark/src/impl/generic/servers/server_member.rs index bb9154b9..8ec6ea83 100644 --- a/crates/quark/src/impl/generic/servers/server_member.rs +++ b/crates/quark/src/impl/generic/servers/server_member.rs @@ -1,3 +1,5 @@ +use iso8601_timestamp::Timestamp; + use crate::{ events::client::EventV1, models::{ @@ -48,6 +50,15 @@ impl Member { value } + /// Check whether this member is in timeout + pub fn in_timeout(&self) -> bool { + if let Some(timeout) = self.timeout { + *timeout > *Timestamp::now_utc() + } else { + false + } + } + pub fn remove(&mut self, field: &FieldsMember) { match field { FieldsMember::Avatar => self.avatar = None, diff --git a/crates/quark/src/permissions/defn/mod.rs b/crates/quark/src/permissions/defn/mod.rs index f2a7866e..6f46254f 100644 --- a/crates/quark/src/permissions/defn/mod.rs +++ b/crates/quark/src/permissions/defn/mod.rs @@ -45,8 +45,23 @@ impl Override { impl PermissionValue { /// Apply a given override to this value pub fn apply(&mut self, v: Override) { - self.0 |= v.allow; - self.0 &= !v.deny; + self.allow(v.allow); + self.revoke(v.deny); + } + + /// Allow given permissions + pub fn allow(&mut self, v: u64) { + self.0 |= v; + } + + /// Revoke given permissions + pub fn revoke(&mut self, v: u64) { + self.0 &= !v; + } + + /// Restrict to given permissions + pub fn restrict(&mut self, v: u64) { + self.0 &= v; } } diff --git a/crates/quark/src/permissions/defn/permission.rs b/crates/quark/src/permissions/defn/permission.rs index 881fcd71..86d74199 100644 --- a/crates/quark/src/permissions/defn/permission.rs +++ b/crates/quark/src/permissions/defn/permission.rs @@ -98,6 +98,7 @@ impl_op_ex!(+ |a: &Permission, b: &Permission| -> u64 { *a as u64 | *b as u64 }) impl_op_ex_commutative!(+ |a: &u64, b: &Permission| -> u64 { *a | *b as u64 }); lazy_static! { + pub static ref ALLOW_IN_TIMEOUT: u64 = Permission::ViewChannel + Permission::ReadMessageHistory; pub static ref DEFAULT_PERMISSION_VIEW_ONLY: u64 = Permission::ViewChannel + Permission::ReadMessageHistory; pub static ref DEFAULT_PERMISSION: u64 = *DEFAULT_PERMISSION_VIEW_ONLY diff --git a/crates/quark/src/permissions/impl/permission.rs b/crates/quark/src/permissions/impl/permission.rs index d1107b34..6baca00f 100644 --- a/crates/quark/src/permissions/impl/permission.rs +++ b/crates/quark/src/permissions/impl/permission.rs @@ -2,7 +2,7 @@ use std::collections::HashSet; use crate::{ models::Channel, permissions::PermissionCalculator, Override, Permission, PermissionValue, - Permissions, Perms, Result, DEFAULT_PERMISSION_DIRECT_MESSAGE, + Permissions, Perms, Result, ALLOW_IN_TIMEOUT, DEFAULT_PERMISSION_DIRECT_MESSAGE, DEFAULT_PERMISSION_SAVED_MESSAGES, DEFAULT_PERMISSION_VIEW_ONLY, }; @@ -76,6 +76,11 @@ async fn calculate_server_permission( } } + // 5. Revoke permissions if member is timed out. + if member.in_timeout() { + permissions.restrict(*ALLOW_IN_TIMEOUT); + } + Ok(permissions) } @@ -206,6 +211,11 @@ async fn calculate_channel_permission( } } + // 5. Revoke permissions if member is timed out. + if member.in_timeout() { + permissions.restrict(*ALLOW_IN_TIMEOUT); + } + permissions } else { (Permission::GrantAllSafe as u64).into()