Compare commits

...

10 Commits

Author SHA1 Message Date
Paul Makles
deffe663cb feat: add ability to leave groups / servers silently 2022-09-02 15:32:11 +01:00
Paul Makles
e7f6433d77 fix: actually transfer group ownership 2022-09-01 09:45:17 +01:00
Paul Makles
345e4d5f13 fix: validate categories 2022-09-01 09:41:00 +01:00
Sophie L
81fc3e7760 fix: set the cap to 100 2022-09-01 09:01:43 +01:00
Paul Makles
ca8d2e6118 fix: reaction ordering by using indexmap 2022-08-14 11:47:30 +02:00
Paul Makles
c1227e8e33 fix: check React permission on interactions 2022-08-14 11:31:36 +02:00
Paul Makles
0e0c6f2c3a fix: validate number of reactions on message when adding more 2022-08-13 20:26:09 +02:00
Paul Makles
fa82be74b5 fix: adjust permission checks for member_edit 2022-07-26 14:06:53 +01:00
Paul Makles
8491ced13d fix: ensure list matches 2022-07-18 12:46:33 +01:00
Paul Makles
229d4e2e1d fix: correct ordering for creating ownership change event 2022-07-15 21:46:41 +01:00
16 changed files with 174 additions and 81 deletions

7
Cargo.lock generated
View File

@@ -1454,12 +1454,12 @@ checksum = "90f97a5f38dd3ccfbe7aa80f4a0c00930f21b922c74195be0201c51028f22dcf"
[[package]]
name = "indexmap"
version = "1.8.2"
version = "1.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6012d540c5baa3589337a98ce73408de9b5a25ec9fc2c6fd6be8f0d39e0ca5a"
checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e"
dependencies = [
"autocfg 1.1.0",
"hashbrown 0.11.2",
"hashbrown 0.12.1",
"serde",
]
@@ -2783,6 +2783,7 @@ dependencies = [
"dotenv",
"futures",
"impl_ops",
"indexmap",
"iso8601-timestamp",
"lazy_static",
"linkify 0.8.1",

View File

@@ -2,13 +2,27 @@ use revolt_quark::{
models::{channel::PartialChannel, Channel, User},
perms, Db, EmptyResponse, Error, Permission, Ref, Result,
};
use serde::{Deserialize, Serialize};
use validator::Validate;
/// # Query Parameters
#[derive(Validate, Serialize, Deserialize, JsonSchema, FromForm)]
pub struct OptionsChannelDelete {
/// Whether to not send a leave message
leave_silently: Option<bool>,
}
/// # Close Channel
///
/// Deletes a server channel, leaves a group or closes a group.
#[openapi(tag = "Channel Information")]
#[delete("/<target>")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
#[delete("/<target>?<options..>")]
pub async fn req(
db: &Db,
user: User,
target: Ref,
options: OptionsChannelDelete,
) -> Result<EmptyResponse> {
let mut channel = target.as_channel(db).await?;
let mut perms = perms(&user).channel(&channel);
perms.throw_permission(db, Permission::ViewChannel).await?;
@@ -27,7 +41,12 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
.await
.map(|_| EmptyResponse),
Channel::Group { .. } => channel
.remove_user_from_group(db, &user.id, None)
.remove_user_from_group(
db,
&user.id,
None,
options.leave_silently.unwrap_or_default(),
)
.await
.map(|_| EmptyResponse),
Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => {

View File

@@ -29,6 +29,8 @@ pub struct DataEditChannel {
icon: Option<String>,
/// Whether this channel is age-restricted
nsfw: Option<bool>,
/// Whether this channel is archived
archived: Option<bool>,
#[validate(length(min = 1))]
remove: Option<Vec<FieldsChannel>>,
}
@@ -83,11 +85,12 @@ pub async fn req(
}
// Transfer ownership
*owner = new_owner.to_string();
partial.owner = Some(new_owner.to_string());
let old_owner = std::mem::replace(owner, new_owner.to_string());
// Notify clients
SystemMessage::ChannelOwnershipChanged {
from: owner.to_string(),
from: old_owner,
to: new_owner,
}
} else {

View File

@@ -33,7 +33,7 @@ pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyR
}
channel
.remove_user_from_group(db, &member.id, Some(&user.id))
.remove_user_from_group(db, &member.id, Some(&user.id), false)
.await
.map(|_| EmptyResponse)
}

View File

@@ -116,7 +116,7 @@ pub async fn message_send(
}
// 3. Ensure interactions information is correct
message.interactions.validate(db).await?;
message.interactions.validate(db, &mut permissions).await?;
// 4. Verify replies are valid.
let mut replies = HashSet::new();

View File

@@ -55,7 +55,7 @@ pub async fn create_emoji(
// Check that there are no more than 100 emoji
// ! FIXME: hardcoded upper limit
let emojis = db.fetch_emoji_by_parent_id(&server.id).await?;
if emojis.len() > 100 {
if emojis.len() > 99 {
return Err(Error::TooManyEmoji);
}
}

View File

@@ -91,6 +91,16 @@ pub async fn req(
required.push(Permission::AssignRoles);
}
if data.timeout.is_some()
|| data
.remove
.as_ref()
.map(|x| x.contains(&FieldsMember::Timeout))
.unwrap_or_default()
{
required.push(Permission::TimeoutMembers);
}
for permission in required {
permissions.throw_permission(db, permission).await?;
}

View File

@@ -34,7 +34,7 @@ pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result<EmptyR
}
server
.remove_member(db, member, RemovalIntention::Kick)
.remove_member(db, member, RemovalIntention::Kick, false)
.await
.map(|_| EmptyResponse)
}

View File

@@ -2,13 +2,27 @@ use revolt_quark::{
models::{server_member::RemovalIntention, User},
Db, EmptyResponse, Ref, Result,
};
use serde::{Deserialize, Serialize};
use validator::Validate;
/// # Query Parameters
#[derive(Validate, Serialize, Deserialize, JsonSchema, FromForm)]
pub struct OptionsServerDelete {
/// Whether to not send a leave message
leave_silently: Option<bool>,
}
/// # Delete / Leave Server
///
/// Deletes a server if owner otherwise leaves.
#[openapi(tag = "Server Information")]
#[delete("/<target>")]
pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
#[delete("/<target>?<options..>")]
pub async fn req(
db: &Db,
user: User,
target: Ref,
options: OptionsServerDelete,
) -> Result<EmptyResponse> {
let server = target.as_server(db).await?;
let member = db.fetch_member(&target.id, &user.id).await?;
@@ -16,7 +30,12 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result<EmptyResponse> {
server.delete(db).await
} else {
server
.remove_member(db, member, RemovalIntention::Leave)
.remove_member(
db,
member,
RemovalIntention::Leave,
options.leave_silently.unwrap_or_default(),
)
.await
}
.map(|_| EmptyResponse)

View File

@@ -1,3 +1,5 @@
use std::collections::HashSet;
use revolt_quark::{
models::{
server::{Category, FieldsServer, PartialServer, SystemMessageChannels},
@@ -135,29 +137,43 @@ pub async fn req(
}
}
// 2. Apply new icon
// 2. Validate changes
let mut unknown_channels = HashSet::new();
if let Some(system_messages) = &partial.system_messages {
unknown_channels = system_messages.clone().into_channel_ids();
}
if let Some(categories) = &partial.categories {
let mut channel_ids = HashSet::new();
for category in categories {
for channel in &category.channels {
if channel_ids.contains(channel) {
return Err(Error::InvalidOperation);
}
channel_ids.insert(channel.to_string());
}
}
unknown_channels.extend(channel_ids);
}
if !db.check_channels_exist(&unknown_channels).await? {
return Err(Error::NotFound);
}
// 3. Apply new icon
if let Some(icon) = icon {
partial.icon = Some(File::use_server_icon(db, &icon, &server.id).await?);
server.icon = partial.icon.clone();
}
// 3. Apply new banner
// 4. Apply new banner
if let Some(banner) = banner {
partial.banner = Some(File::use_banner(db, &banner, &server.id).await?);
server.banner = partial.banner.clone();
}
// 4. Validate changes
if let Some(system_messages) = &partial.system_messages {
let channels = system_messages.clone().into_channel_ids();
if !db
.check_channels_exist(&channels.into_iter().collect())
.await?
{
return Err(Error::NotFound);
}
}
server
.update(db, partial, remove.unwrap_or_default())
.await?;

View File

@@ -64,6 +64,7 @@ regex = "1.5.5"
nanoid = "0.4.0"
linkify = "0.8.1"
dotenv = "0.15.0"
indexmap = "1.9.1"
impl_ops = "0.1.1"
num_enum = "0.5.6"
reqwest = "0.11.10"

View File

@@ -286,6 +286,7 @@ impl Channel {
db: &Database,
user: &str,
by: Option<&str>,
silent: bool,
) -> Result<()> {
match &self {
Channel::Group {
@@ -329,20 +330,22 @@ impl Channel {
.p(id.to_string())
.await;
if let Some(by) = by {
SystemMessage::UserRemove {
id: user.to_string(),
by: by.to_string(),
}
} else {
SystemMessage::UserLeft {
id: user.to_string(),
if !silent {
if let Some(by) = by {
SystemMessage::UserRemove {
id: user.to_string(),
by: by.to_string(),
}
} else {
SystemMessage::UserLeft {
id: user.to_string(),
}
}
.into_message(id.to_string())
.create(db, self, None)
.await
.ok();
}
.into_message(id.to_string())
.create(db, self, None)
.await
.ok();
Ok(())
}

View File

@@ -13,13 +13,14 @@ use crate::{
},
Channel, Emoji, Message, User,
},
permissions::PermissionCalculator,
presence::presence_filter_online,
tasks::ack::AckEvent,
types::{
january::{Embed, Text},
push::PushNotification,
},
Database, Error, Result,
Database, Error, Permission, Result,
};
impl Message {
@@ -195,6 +196,11 @@ impl Message {
/// Add a reaction to a message
pub async fn add_reaction(&self, db: &Database, user: &User, emoji: &str) -> Result<()> {
// Check how many reactions are already on the message
if self.reactions.len() >= 20 {
return Err(Error::InvalidOperation);
}
// Check if the emoji is whitelisted
if !self.interactions.can_use(emoji) {
return Err(Error::InvalidOperation);
@@ -401,8 +407,14 @@ impl BulkMessageResponse {
impl Interactions {
/// Validate interactions info is correct
pub async fn validate(&self, db: &Database) -> Result<()> {
pub async fn validate(
&self,
db: &Database,
permissions: &mut PermissionCalculator<'_>,
) -> Result<()> {
if let Some(reactions) = &self.reactions {
permissions.throw_permission(db, Permission::React).await?;
if reactions.len() > 20 {
return Err(Error::InvalidOperation);
}

View File

@@ -1,3 +1,5 @@
use std::collections::HashSet;
use iso8601_timestamp::Timestamp;
use ulid::Ulid;
@@ -254,6 +256,7 @@ impl Server {
db: &Database,
member: Member,
intention: RemovalIntention,
silent: bool,
) -> Result<()> {
db.delete_member(&member.id).await?;
@@ -264,20 +267,22 @@ impl Server {
.p(member.id.server)
.await;
if let Some(id) = self.system_messages.as_ref().and_then(|x| match intention {
RemovalIntention::Leave => x.user_left.as_ref(),
RemovalIntention::Kick => x.user_kicked.as_ref(),
RemovalIntention::Ban => x.user_banned.as_ref(),
}) {
match intention {
RemovalIntention::Leave => SystemMessage::UserLeft { id: member.id.user },
RemovalIntention::Kick => SystemMessage::UserKicked { id: member.id.user },
RemovalIntention::Ban => SystemMessage::UserBanned { id: member.id.user },
if !silent {
if let Some(id) = self.system_messages.as_ref().and_then(|x| match intention {
RemovalIntention::Leave => x.user_left.as_ref(),
RemovalIntention::Kick => x.user_kicked.as_ref(),
RemovalIntention::Ban => x.user_banned.as_ref(),
}) {
match intention {
RemovalIntention::Leave => SystemMessage::UserLeft { id: member.id.user },
RemovalIntention::Kick => SystemMessage::UserKicked { id: member.id.user },
RemovalIntention::Ban => SystemMessage::UserBanned { id: member.id.user },
}
.into_message(id.to_string())
.create_no_web_push(db, id, false)
.await
.ok();
}
.into_message(id.to_string())
.create_no_web_push(db, id, false)
.await
.ok();
}
Ok(())
@@ -302,7 +307,7 @@ impl Server {
member: Member,
reason: Option<String>,
) -> Result<ServerBan> {
self.remove_member(db, member.clone(), RemovalIntention::Ban)
self.remove_member(db, member.clone(), RemovalIntention::Ban, false)
.await?;
self.ban_user(db, member.id, reason).await
@@ -310,23 +315,23 @@ impl Server {
}
impl SystemMessageChannels {
pub fn into_channel_ids(self) -> Vec<String> {
let mut ids = vec![];
pub fn into_channel_ids(self) -> HashSet<String> {
let mut ids = HashSet::new();
if let Some(id) = self.user_joined {
ids.push(id);
ids.insert(id);
}
if let Some(id) = self.user_left {
ids.push(id);
ids.insert(id);
}
if let Some(id) = self.user_kicked {
ids.push(id);
ids.insert(id);
}
if let Some(id) = self.user_banned {
ids.push(id);
ids.insert(id);
}
ids

View File

@@ -1,11 +1,10 @@
use crate::util::regex::RE_COLOUR;
use std::collections::{HashMap, HashSet};
use indexmap::{IndexMap, IndexSet};
use iso8601_timestamp::Timestamp;
use serde::{Deserialize, Serialize};
use validator::Validate;
use iso8601_timestamp::Timestamp;
#[cfg(feature = "rocket_impl")]
use rocket::FromFormField;
@@ -99,7 +98,7 @@ pub struct Masquerade {
pub struct Interactions {
/// Reactions which should always appear and be distinct
#[serde(skip_serializing_if = "Option::is_none", default)]
pub reactions: Option<HashSet<String>>,
pub reactions: Option<IndexSet<String>>,
/// Whether reactions should be restricted to the given list
#[serde(skip_serializing_if = "if_false", default)]
pub restrict_reactions: bool,
@@ -145,8 +144,8 @@ pub struct Message {
#[serde(skip_serializing_if = "Option::is_none")]
pub replies: Option<Vec<String>>,
/// Hashmap of emoji IDs to array of user IDs
#[serde(skip_serializing_if = "HashMap::is_empty", default)]
pub reactions: HashMap<String, HashSet<String>>,
#[serde(skip_serializing_if = "IndexMap::is_empty", default)]
pub reactions: IndexMap<String, IndexSet<String>>,
/// Information about how this message should be interacted with
#[serde(skip_serializing_if = "Interactions::is_default", default)]
pub interactions: Interactions,

View File

@@ -119,23 +119,28 @@ async fn calculate_channel_permission(
}
}
Channel::DirectMessage { recipients, .. } => {
// 2. Fetch user.
let other_user = recipients
.iter()
.find(|x| x != &&data.perspective.id)
.unwrap();
// 2. Ensure we are a recipient.
if recipients.contains(&data.perspective.id) {
// 3. Fetch user.
let other_user = recipients
.iter()
.find(|x| x != &&data.perspective.id)
.unwrap();
let user = db.fetch_user(other_user).await?;
data.user.set(user);
let user = db.fetch_user(other_user).await?;
data.user.set(user);
// 3. Calculate user permissions.
let perms = data.calc_user(db).await;
// 4. Calculate user permissions.
let perms = data.calc_user(db).await;
// 4. Check if the user can send messages.
if perms.get_send_message() {
(*DEFAULT_PERMISSION_DIRECT_MESSAGE).into()
// 5. Check if the user can send messages.
if perms.get_send_message() {
(*DEFAULT_PERMISSION_DIRECT_MESSAGE).into()
} else {
(*DEFAULT_PERMISSION_VIEW_ONLY).into()
}
} else {
(*DEFAULT_PERMISSION_VIEW_ONLY).into()
0_u64.into()
}
}
Channel::Group {