Pernoise/Rocketmc
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Limit 'superuser' status of current moderators (#386)

Browse Source 
Resolves MOD-88

Co-authored-by: Geometrically <18202329+Geometrically@users.noreply.github.com>
This commit is contained in:
wafflecoffee
2022-07-23 21:47:32 -04:00
committed by GitHub
parent 6614b56298
commit b864791fa6
9 changed files with 32 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/models/users.rs
View File

@@ -77,4 +77,11 @@ impl Role {
Role::Moderator | Role::Admin => true,
}
}
pub fn is_admin(&self) -> bool {
match self {
Role::Developer | Role::Moderator => false,
Role::Admin => true,
}
}
}

8
src/routes/notifications.rs
View File

@@ -39,7 +39,7 @@ pub async fn notifications_get(
let notifications: Vec<Notification> = notifications_data
.into_iter()
.filter(|n| n.user_id == user.id.into() || user.role.is_mod())
.filter(|n| n.user_id == user.id.into() || user.role.is_admin())
.map(Notification::from)
.collect();
@@ -64,7 +64,7 @@ pub async fn notification_get(
.await?;
if let Some(data) = notification_data {
if user.id == data.user_id.into() || user.role.is_mod() {
if user.id == data.user_id.into() || user.role.is_admin() {
Ok(HttpResponse::Ok().json(Notification::from(data)))
} else {
Ok(HttpResponse::NotFound().body(""))
@@ -92,7 +92,7 @@ pub async fn notification_delete(
.await?;
if let Some(data) = notification_data {
if data.user_id == user.id.into() || user.role.is_mod() {
if data.user_id == user.id.into() || user.role.is_admin() {
let mut transaction = pool.begin().await?;
database::models::notification_item::Notification::remove(
@@ -142,7 +142,7 @@ pub async fn notifications_delete(
Vec::new();
for notification in notifications_data {
if notification.user_id == user.id.into() || user.role.is_mod() {
if notification.user_id == user.id.into() || user.role.is_admin() {
notifications.push(notification.id);
}
}

11
src/routes/projects.rs
View File

@@ -357,10 +357,13 @@ pub async fn project_edit(
.await?;
let permissions;
if let Some(member) = team_member {
if user.role.is_admin() {
permissions = Some(Permissions::ALL)
} else if let Some(member) = team_member {
permissions = Some(member.permissions)
} else if user.role.is_mod() {
permissions = Some(Permissions::ALL)
permissions =
Some(Permissions::EDIT_DETAILS | Permissions::EDIT_BODY)
} else {
permissions = None
}
@@ -1117,7 +1120,7 @@ pub async fn add_gallery_item(
)
})?;
if !user.role.is_mod() {
if !user.role.is_admin() {
let team_member = database::models::TeamMember::get_from_user_id(
project_item.team_id,
user.id.into(),
@@ -1446,7 +1449,7 @@ pub async fn project_delete(
)
})?;
if !user.role.is_mod() {
if !user.role.is_admin() {
let team_member =
database::models::TeamMember::get_from_user_id_project(
project.id,

2
src/routes/teams.rs
View File

@@ -386,7 +386,7 @@ pub async fn transfer_ownership(
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
if !current_user.role.is_mod() {
if !current_user.role.is_admin() {
let member = TeamMember::get_from_user_id(
id.into(),
current_user.id.into(),

8
src/routes/users.rs
View File

@@ -255,7 +255,7 @@ pub async fn user_edit(
}
if let Some(role) = &new_user.role {
if !user.role.is_mod() {
if !user.role.is_admin() {
return Err(ApiError::CustomAuthentication(
"You do not have the permissions to edit the role of this user!"
.to_string(),
@@ -410,7 +410,7 @@ pub async fn user_delete(
.await?;
if let Some(id) = id_option {
if !user.role.is_mod() && user.id != id.into() {
if !user.role.is_admin() && user.id != id.into() {
return Err(ApiError::CustomAuthentication(
"You do not have permission to delete this user!".to_string(),
));
@@ -451,7 +451,7 @@ pub async fn user_follows(
.await?;
if let Some(id) = id_option {
if !user.role.is_mod() && user.id != id.into() {
if !user.role.is_admin() && user.id != id.into() {
return Err(ApiError::CustomAuthentication(
"You do not have permission to see the projects this user follows!".to_string(),
));
@@ -501,7 +501,7 @@ pub async fn user_notifications(
.await?;
if let Some(id) = id_option {
if !user.role.is_mod() && user.id != id.into() {
if !user.role.is_admin() && user.id != id.into() {
return Err(ApiError::CustomAuthentication(
"You do not have permission to see the notifications of this user!".to_string(),
));

2
src/routes/v1/users.rs
View File

@@ -65,7 +65,7 @@ pub async fn user_follows(
.await?;
if let Some(id) = id_option {
if !user.role.is_mod() && user.id != id.into() {
if !user.role.is_admin() && user.id != id.into() {
return Err(ApiError::CustomAuthentication(
"You do not have permission to see the projects this user follows!".to_string(),
));

2
src/routes/v1/versions.rs
View File

@@ -309,7 +309,7 @@ pub async fn delete_file(
?;
if let Some(row) = result {
if !user.role.is_mod() {
if !user.role.is_admin() {
let team_member =
database::models::TeamMember::get_from_user_id_version(
database::models::ids::VersionId(row.version_id),

2
src/routes/version_file.rs
View File

@@ -136,7 +136,7 @@ pub async fn delete_file(
?;
if let Some(row) = result {
if !user.role.is_mod() {
if !user.role.is_admin() {
let team_member =
database::models::TeamMember::get_from_user_id_version(
database::models::ids::VersionId(row.version_id),

9
src/routes/versions.rs
View File

@@ -217,10 +217,13 @@ pub async fn version_edit(
.await?;
let permissions;
if let Some(member) = team_member {
if user.role.is_admin() {
permissions = Some(Permissions::ALL)
} else if let Some(member) = team_member {
permissions = Some(member.permissions)
} else if user.role.is_mod() {
permissions = Some(Permissions::ALL)
permissions =
Some(Permissions::EDIT_DETAILS | Permissions::EDIT_BODY)
} else {
permissions = None
}
@@ -521,7 +524,7 @@ pub async fn version_delete(
let user = get_user_from_headers(req.headers(), &**pool).await?;
let id = info.into_inner().0;
if !user.role.is_mod() {
if !user.role.is_admin() {
let team_member = database::models::TeamMember::get_from_user_id_version(
id.into(),
user.id.into(),