feat: Transfer ownership (#396)
* feat: Transfer ownership Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com> * Allow privileged users to change ownership Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com> * Require TOTP Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com> * Require TOTP or password Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com> --------- Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com> Signed-off-by: Tom <iamtomahawkx@gmail.com> Co-authored-by: Tom <iamtomahawkx@gmail.com>
This commit is contained in:
@@ -252,6 +252,9 @@ auto_derived!(
|
|||||||
/// Must be enabled in order to show up on [Revolt Discover](https://rvlt.gg).
|
/// Must be enabled in order to show up on [Revolt Discover](https://rvlt.gg).
|
||||||
pub analytics: Option<bool>,
|
pub analytics: Option<bool>,
|
||||||
|
|
||||||
|
/// User id of the new owner
|
||||||
|
pub owner: Option<String>,
|
||||||
|
|
||||||
/// Fields to remove from server object
|
/// Fields to remove from server object
|
||||||
#[cfg_attr(feature = "serde", serde(default))]
|
#[cfg_attr(feature = "serde", serde(default))]
|
||||||
pub remove: Vec<FieldsServer>,
|
pub remove: Vec<FieldsServer>,
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
use std::collections::HashSet;
|
use std::collections::HashSet;
|
||||||
|
|
||||||
|
use authifier::models::{totp::Totp, Account, ValidatedTicket};
|
||||||
use revolt_database::{
|
use revolt_database::{
|
||||||
util::{permissions::DatabasePermissionQuery, reference::Reference},
|
util::{permissions::DatabasePermissionQuery, reference::Reference},
|
||||||
Database, File, PartialServer, User,
|
Database, File, PartialServer, User,
|
||||||
@@ -7,7 +8,7 @@ use revolt_database::{
|
|||||||
use revolt_models::v0;
|
use revolt_models::v0;
|
||||||
use revolt_permissions::{calculate_server_permissions, ChannelPermission};
|
use revolt_permissions::{calculate_server_permissions, ChannelPermission};
|
||||||
use revolt_result::{create_error, Result};
|
use revolt_result::{create_error, Result};
|
||||||
use rocket::{serde::json::Json, State};
|
use rocket::{serde::json::Json, Request, State};
|
||||||
use validator::Validate;
|
use validator::Validate;
|
||||||
|
|
||||||
/// # Edit Server
|
/// # Edit Server
|
||||||
@@ -17,9 +18,11 @@ use validator::Validate;
|
|||||||
#[patch("/<target>", data = "<data>")]
|
#[patch("/<target>", data = "<data>")]
|
||||||
pub async fn edit(
|
pub async fn edit(
|
||||||
db: &State<Database>,
|
db: &State<Database>,
|
||||||
|
account: Account,
|
||||||
user: User,
|
user: User,
|
||||||
target: Reference<'_>,
|
target: Reference<'_>,
|
||||||
data: Json<v0::DataEditServer>,
|
data: Json<v0::DataEditServer>,
|
||||||
|
validated_ticket: Option<ValidatedTicket>,
|
||||||
) -> Result<Json<v0::Server>> {
|
) -> Result<Json<v0::Server>> {
|
||||||
let data = data.into_inner();
|
let data = data.into_inner();
|
||||||
data.validate().map_err(|error| {
|
data.validate().map_err(|error| {
|
||||||
@@ -43,6 +46,7 @@ pub async fn edit(
|
|||||||
&& data.flags.is_none()
|
&& data.flags.is_none()
|
||||||
&& data.analytics.is_none()
|
&& data.analytics.is_none()
|
||||||
&& data.discoverable.is_none()
|
&& data.discoverable.is_none()
|
||||||
|
&& data.owner.is_none()
|
||||||
&& data.remove.is_empty()
|
&& data.remove.is_empty()
|
||||||
{
|
{
|
||||||
return Ok(Json(server.into()));
|
return Ok(Json(server.into()));
|
||||||
@@ -57,6 +61,17 @@ pub async fn edit(
|
|||||||
permissions.throw_if_lacking_channel_permission(ChannelPermission::ManageServer)?;
|
permissions.throw_if_lacking_channel_permission(ChannelPermission::ManageServer)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check we are the server owner or privileged if changing sensitive fields
|
||||||
|
if data.owner.is_some() {
|
||||||
|
if user.id != server.owner && !user.privileged {
|
||||||
|
return Err(create_error!(NotOwner));
|
||||||
|
}
|
||||||
|
|
||||||
|
if validated_ticket.is_none() {
|
||||||
|
return Err(create_error!(InvalidCredentials));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check we are privileged if changing sensitive fields
|
// Check we are privileged if changing sensitive fields
|
||||||
if (data.flags.is_some() /*|| data.nsfw.is_some()*/ || data.discoverable.is_some())
|
if (data.flags.is_some() /*|| data.nsfw.is_some()*/ || data.discoverable.is_some())
|
||||||
&& !user.privileged
|
&& !user.privileged
|
||||||
@@ -80,6 +95,7 @@ pub async fn edit(
|
|||||||
// nsfw,
|
// nsfw,
|
||||||
discoverable,
|
discoverable,
|
||||||
analytics,
|
analytics,
|
||||||
|
owner,
|
||||||
remove,
|
remove,
|
||||||
} = data;
|
} = data;
|
||||||
|
|
||||||
@@ -92,6 +108,7 @@ pub async fn edit(
|
|||||||
// nsfw,
|
// nsfw,
|
||||||
discoverable,
|
discoverable,
|
||||||
analytics,
|
analytics,
|
||||||
|
owner: owner.clone(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -146,6 +163,21 @@ pub async fn edit(
|
|||||||
server.banner = partial.banner.clone();
|
server.banner = partial.banner.clone();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 5. Transfer ownership
|
||||||
|
if let Some(owner) = owner {
|
||||||
|
let owner_reference = Reference { id: owner.clone() };
|
||||||
|
// Check if member exists
|
||||||
|
owner_reference.as_member(db, &server.id).await?;
|
||||||
|
let owner_user = owner_reference.as_user(db).await?;
|
||||||
|
|
||||||
|
if owner_user.bot.is_some() {
|
||||||
|
return Err(create_error!(InvalidOperation));
|
||||||
|
}
|
||||||
|
|
||||||
|
server.owner = owner;
|
||||||
|
partial.owner = Some(server.owner.clone());
|
||||||
|
}
|
||||||
|
|
||||||
server
|
server
|
||||||
.update(db, partial, remove.into_iter().map(Into::into).collect())
|
.update(db, partial, remove.into_iter().map(Into::into).collect())
|
||||||
.await?;
|
.await?;
|
||||||
|
|||||||
Reference in New Issue
Block a user